Edit tour

Windows Analysis Report
Animate Lift.exe

Overview

General Information

Sample name:Animate Lift.exe
Analysis ID:1670319
MD5:c3a120e27e1a36ce94e1558d2255d5e5
SHA1:b2b70f7eb97c9ad1514a2be4aeab8f2267a9d652
SHA256:79929ccfedb1c7612201e874f9fe2e4dd07342fa3ca7827faed045e4c27f5545
Infos:

Detection

Score:4
Range:0 - 100
Confidence:60%

Signatures

Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found dropped PE file which has not been started or loaded
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • Animate Lift.exe (PID: 5280 cmdline: "C:\Users\user\Desktop\Animate Lift.exe" MD5: C3A120E27E1A36CE94E1558D2255D5E5)
    • Animate Lift.exe (PID: 6996 cmdline: "C:\Users\user\Desktop\Animate Lift.exe" MD5: C3A120E27E1A36CE94E1558D2255D5E5)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Animate Lift.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164801415.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1165117931.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_socket.pdb source: Animate Lift.exe, 00000000.00000003.1161904547.0000027A05C24000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: Animate Lift.exe, 00000000.00000003.1162576860.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163399452.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\win32trace.pdb source: Animate Lift.exe, 00000000.00000003.1196873066.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162339985.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164187587.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164648949.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\win32api.pdb source: win32api.pyd.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1165199608.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\win32ui.pdb source: win32ui.pyd.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163039449.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164337554.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164040451.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164572466.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162418122.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: Animate Lift.exe, 00000000.00000003.1161263016.0000027A05C24000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163654970.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162190467.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162494008.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164493832.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: @ compiler: cl.exe /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1l 24 Aug 2021built on: Thu Sep 2 14:19:33 2021 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\ssl"ENGINESDIR: "C:\ci\openssl_1630592237340\_h_env\Library\lib\engines-1_1"not available source: libcrypto-1_1-x64.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\_win32sysloader.pdb source: Animate Lift.exe, 00000000.00000003.1162124860.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\pywintypes.pdb( source: pywintypes37.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163810908.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_ctypes.pdb source: _ctypes.pyd.0.dr
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_hashlib.pdb source: Animate Lift.exe, 00000000.00000003.1161636659.0000027A05C24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_lzma.pdbMM source: Animate Lift.exe, 00000000.00000003.1161742479.0000027A05C24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1165363990.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_bz2.pdb source: Animate Lift.exe, 00000000.00000003.1161389489.0000027A05C24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162957853.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\select.pdb source: Animate Lift.exe, 00000000.00000003.1195607256.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: Animate Lift.exe, 00000000.00000003.1164114783.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\win32pdh.pdb source: Animate Lift.exe, 00000000.00000003.1196791874.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, win32pdh.pyd.0.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163564971.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\pyexpat.pdb source: Animate Lift.exe, 00000000.00000003.1193636384.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, pyexpat.pyd.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162264610.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164417755.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164881772.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: Animate Lift.exe, 00000000.00000003.1163300388.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: Animate Lift.exe, 00000000.00000003.1163737963.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\win32ui.pdbO source: win32ui.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163481755.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164965857.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1165442961.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163885317.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164261522.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163963419.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162654951.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_ssl.pdb source: _ssl.pyd.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1165043127.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163217036.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\pywintypes.pdb source: pywintypes37.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163137604.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: C:\ci\openssl_1630592237340\work\libcrypto-1_1-x64.pdb source: libcrypto-1_1-x64.dll.0.dr
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_lzma.pdb source: Animate Lift.exe, 00000000.00000003.1161742479.0000027A05C24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl.exe /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1-x64.dll.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164727833.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1165281713.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Animate Lift.exe, 00000002.00000003.1209662465.0000018090E08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://digitalassets.lib.berkeley.edu/sdtr/ucb/text/34.pdf
Source: Animate Lift.exe, 00000002.00000003.1209772555.000001808A6C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/distutils-sig/
Source: Animate Lift.exe, 00000002.00000003.1209662465.0000018090E08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/SincFunction.html
Source: Animate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: http://packages.python.org/altgraph
Source: Animate Lift.exe, 00000000.00000003.1193077115.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pracrand.sourceforge.net/RNG_engines.txt
Source: Animate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: http://pypi.python.org/pypi/altgraph
Source: Animate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: http://pypi.python.org/pypi/sphinx
Source: Animate Lift.exe, 00000002.00000003.1209662465.0000018090E08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ams.org/journals/mcom/1988-51-184/
Source: Animate Lift.exe, 00000000.00000003.1203227094.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: Animate Lift.exe, 00000000.00000003.1203227094.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1203227094.0000027A05C37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Animate Lift.exe, 00000000.00000003.1192312015.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/
Source: Animate Lift.exe, 00000002.00000003.1209662465.0000018090E08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.math.sfu.ca/~cbm/aands/page_379.htm
Source: Animate Lift.exe, 00000000.00000003.1164965857.0000027A05C32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
Source: Animate Lift.exe, 00000000.00000003.1164493832.0000027A05C32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
Source: Animate Lift.exe, 00000000.00000003.1192841043.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, _pcg64.cp37-win_amd64.pyd.0.drString found in binary or memory: http://www.pcg-random.org/
Source: Animate Lift.exe, 00000000.00000003.1193077115.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcg-random.org/posts/random-invertible-mapping-statistics.html
Source: METADATA.0.drString found in binary or memory: http://www.pyinstaller.org/
Source: Animate Lift.exe, 00000000.00000003.1203373866.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: http://www.pyinstaller.org/support.html
Source: Animate Lift.exe, 00000000.00000003.1198575904.0000027A05C29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: Animate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://altgraph.readthedocs.io
Source: METADATA0.0.drString found in binary or memory: https://altgraph.readthedocs.io/en/latest/
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.jaraco.com/skeleton
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codecov.io/gh/pypa/setuptools
Source: Animate Lift.exe, 00000002.00000003.1207244934.00000180885C2000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000002.00000003.1207095412.00000180885C2000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000002.00000003.1207320413.00000180885C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: Animate Lift.exe, 00000000.00000003.1162124860.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1195494140.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1196873066.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1195245515.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1196680582.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1196873066.0000027A05C35000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1197059105.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1196791874.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, win32api.pyd.0.dr, win32pdh.pyd.0.dr, win32trace.pyd.0.dr, pywintypes37.dll.0.dr, win32ui.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: Animate Lift.exe, 00000000.00000003.1203373866.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/naufraghi/tinyaes-py
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/black
Source: Animate Lift.exe, 00000000.00000003.1203373866.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyinstaller/pyinstaller
Source: Animate Lift.exe, 00000000.00000003.1203227094.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyinstaller/pyinstaller.
Source: Animate Lift.exe, 00000000.00000003.1204126787.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, PKG-INFO0.0.drString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/workflows/tests/badge.svg
Source: Animate Lift.exe, 00000000.00000003.1204126787.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, PKG-INFO0.0.drString found in binary or memory: https://github.com/pypa/wheel
Source: Animate Lift.exe, 00000000.00000003.1204126787.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, PKG-INFO0.0.drString found in binary or memory: https://github.com/pypa/wheel/issues
Source: Animate Lift.exe, 00000002.00000003.1207320413.00000180885C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: Animate Lift.exe, 00000002.00000003.1207244934.00000180885C2000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000002.00000003.1207095412.00000180885C2000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000002.00000003.1207320413.00000180885C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: Animate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph
Source: Animate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph/
Source: METADATA0.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph/issues
Source: Animate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph/workflows/Lint/badge.svg
Source: Animate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph/workflows/Test/badge.svg
Source: Animate Lift.exe, 00000002.00000003.1207244934.00000180885C2000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000002.00000003.1207095412.00000180885C2000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000002.00000003.1207320413.00000180885C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: Animate Lift.exe, 00000000.00000003.1203227094.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gnu.org/licenses/gpl-2.0.html
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/badge/code%20style-black-000000.svg
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/badge/skeleton-2021-informational
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/pyversions/setuptools.svg
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/setuptools.svg
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/readthedocs/setuptools/latest.svg
Source: Animate Lift.exe, 00000002.00000003.1209662465.0000018090E08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://metacpan.org/pod/distribution/Math-Cephes/lib/Math/Cephes.pod#i0:-Modified-Bessel-function-o
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/installing/
Source: Animate Lift.exe, 00000000.00000003.1203373866.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pyinstaller.readthedocs.io/
Source: Animate Lift.exe, 00000000.00000003.1203373866.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pyinstaller.readthedocs.io/en/v4.7/
Source: Animate Lift.exe, 00000000.00000003.1203373866.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pyinstaller.readthedocs.io/en/v4.7/CHANGES.html
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/setuptools
Source: Animate Lift.exe, 00000000.00000003.1204126787.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, PKG-INFO0.0.drString found in binary or memory: https://pypi.org/project/setuptools/
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.readthedocs.io
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.readthedocs.io/
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/badges/github/pypa/setuptools?style=flat
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/security
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readme
Source: Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral
Source: PKG-INFO0.0.drString found in binary or memory: https://wheel.readthedocs.io/
Source: Animate Lift.exe, 00000000.00000003.1204126787.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, PKG-INFO0.0.drString found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
Source: Animate Lift.exe, 00000000.00000003.1192841043.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, _pcg64.cp37-win_amd64.pyd.0.drString found in binary or memory: https://www.cs.hmc.edu/tr/hmc-cs-2014-0905.pdf
Source: Animate Lift.exe, 00000000.00000003.1165755580.0000027A05C2B000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1183911923.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1-x64.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: Animate Lift.exe, 00000000.00000003.1204126787.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, PKG-INFO0.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0427/
Source: libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll.0.drStatic PE information: Number of sections : 19 > 10
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: Animate Lift.exe, 00000000.00000003.1162002949.0000027A05C24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1165755580.0000027A05C2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1165043127.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1195607256.0000027A05C35000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1161636659.0000027A05C24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1161636659.0000027A05C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1162124860.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164187587.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1163137604.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1163217036.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1161742479.0000027A05C24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164727833.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1195494140.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes37.dll0 vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1162264610.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1196873066.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164261522.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1163399452.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1165281713.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1195788877.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164881772.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164040451.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1163300388.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164572466.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164417755.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1162957853.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1196260995.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1161263016.0000027A05C24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164648949.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1163885317.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164965857.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1163963419.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1195607256.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1165442961.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1162190467.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1163481755.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164114783.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164801415.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164337554.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1162339985.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1161500366.0000027A05C24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1161389489.0000027A05C24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1165199608.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1163039449.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1194193742.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython37.dll. vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1162494008.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1163564971.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1195245515.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom37.dll0 vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1162576860.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1165117931.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1161904547.0000027A05C24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1165363990.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1163737963.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1163654970.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1183911923.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1162418122.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1196680582.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1164493832.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1196873066.0000027A05C35000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1197059105.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1196791874.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32pdh.pyd0 vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1193636384.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1162654951.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: Animate Lift.exe, 00000000.00000003.1163810908.0000027A05C25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Animate Lift.exe
Source: classification engineClassification label: clean4.winEXE@3/114@0/0
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802Jump to behavior
Source: Animate Lift.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Animate Lift.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeFile read: C:\Users\user\Desktop\Animate Lift.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Animate Lift.exe "C:\Users\user\Desktop\Animate Lift.exe"
Source: C:\Users\user\Desktop\Animate Lift.exeProcess created: C:\Users\user\Desktop\Animate Lift.exe "C:\Users\user\Desktop\Animate Lift.exe"
Source: C:\Users\user\Desktop\Animate Lift.exeProcess created: C:\Users\user\Desktop\Animate Lift.exe "C:\Users\user\Desktop\Animate Lift.exe"Jump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: libcrypto-1_1-x64.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: pywintypes37.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: libopenblas.xwydx2ikjw2nmtwsfyngfuwkqu3lytcz.gfortran-win_amd64.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: Animate Lift.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: Animate Lift.exeStatic file information: File size 23826598 > 1048576
Source: Animate Lift.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Animate Lift.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Animate Lift.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Animate Lift.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Animate Lift.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Animate Lift.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Animate Lift.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Animate Lift.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164801415.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1165117931.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_socket.pdb source: Animate Lift.exe, 00000000.00000003.1161904547.0000027A05C24000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: Animate Lift.exe, 00000000.00000003.1162576860.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163399452.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\win32trace.pdb source: Animate Lift.exe, 00000000.00000003.1196873066.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162339985.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164187587.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164648949.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\win32api.pdb source: win32api.pyd.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1165199608.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\win32ui.pdb source: win32ui.pyd.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163039449.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164337554.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164040451.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164572466.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162418122.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: Animate Lift.exe, 00000000.00000003.1161263016.0000027A05C24000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163654970.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162190467.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162494008.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164493832.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: @ compiler: cl.exe /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1l 24 Aug 2021built on: Thu Sep 2 14:19:33 2021 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\ssl"ENGINESDIR: "C:\ci\openssl_1630592237340\_h_env\Library\lib\engines-1_1"not available source: libcrypto-1_1-x64.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\_win32sysloader.pdb source: Animate Lift.exe, 00000000.00000003.1162124860.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\pywintypes.pdb( source: pywintypes37.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163810908.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_ctypes.pdb source: _ctypes.pyd.0.dr
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_hashlib.pdb source: Animate Lift.exe, 00000000.00000003.1161636659.0000027A05C24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_lzma.pdbMM source: Animate Lift.exe, 00000000.00000003.1161742479.0000027A05C24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1165363990.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_bz2.pdb source: Animate Lift.exe, 00000000.00000003.1161389489.0000027A05C24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162957853.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\select.pdb source: Animate Lift.exe, 00000000.00000003.1195607256.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: Animate Lift.exe, 00000000.00000003.1164114783.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\win32pdh.pdb source: Animate Lift.exe, 00000000.00000003.1196791874.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, win32pdh.pyd.0.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163564971.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\pyexpat.pdb source: Animate Lift.exe, 00000000.00000003.1193636384.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, pyexpat.pyd.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162264610.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164417755.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164881772.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: Animate Lift.exe, 00000000.00000003.1163300388.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: Animate Lift.exe, 00000000.00000003.1163737963.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\win32ui.pdbO source: win32ui.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163481755.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164965857.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1165442961.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163885317.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164261522.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163963419.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1162654951.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_ssl.pdb source: _ssl.pyd.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1165043127.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163217036.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.7\Release\pywintypes.pdb source: pywintypes37.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1163137604.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: C:\ci\openssl_1630592237340\work\libcrypto-1_1-x64.pdb source: libcrypto-1_1-x64.dll.0.dr
Source: Binary string: C:\ci\python_1578510570019\work\PCbuild\amd64\_lzma.pdb source: Animate Lift.exe, 00000000.00000003.1161742479.0000027A05C24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl.exe /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1-x64.dll.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1164727833.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: Animate Lift.exe, 00000000.00000003.1165281713.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp
Source: Animate Lift.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Animate Lift.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Animate Lift.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Animate Lift.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Animate Lift.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: 0xB59B431A [Tue Jul 20 11:35:54 2066 UTC]
Source: Animate Lift.exeStatic PE information: section name: _RDATA
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1-x64.dll.0.drStatic PE information: section name: .00cfg
Source: libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll.0.drStatic PE information: section name: .xdata
Source: libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll.0.drStatic PE information: section name: /4
Source: libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll.0.drStatic PE information: section name: /19
Source: libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll.0.drStatic PE information: section name: /31
Source: libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll.0.drStatic PE information: section name: /45
Source: libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll.0.drStatic PE information: section name: /57
Source: libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll.0.drStatic PE information: section name: /70
Source: libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll.0.drStatic PE information: section name: /81
Source: libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll.0.drStatic PE information: section name: /92
Source: libssl-1_1-x64.dll.0.drStatic PE information: section name: .00cfg
Source: mfc140u.dll.0.drStatic PE information: section name: .didat
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_mt19937.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\core\_multiarray_umath.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\libcrypto-1_1-x64.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_bounded_integers.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\linalg\_umath_linalg.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\win32pdh.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\pywintypes37.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_generator.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\mtrand.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_common.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_philox.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\pythoncom37.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_sfc64.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\bit_generator.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\select.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_pcg64.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\core\_multiarray_tests.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\python37.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\fft\_pocketfft_internal.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\linalg\lapack_lite.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\libssl-1_1-x64.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52802\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_mt19937.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\core\_multiarray_umath.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_bounded_integers.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\linalg\_umath_linalg.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\win32pdh.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_generator.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\mtrand.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_common.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\pythoncom37.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_philox.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_sfc64.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\bit_generator.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\select.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_pcg64.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\core\_multiarray_tests.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\python37.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\fft\_pocketfft_internal.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\linalg\lapack_lite.cp37-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\libssl-1_1-x64.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52802\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\Animate Lift.exeProcess created: C:\Users\user\Desktop\Animate Lift.exe "C:\Users\user\Desktop\Animate Lift.exe"Jump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyfemap VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyfemap VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyfemap VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyinstaller-4.7.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyinstaller-4.7.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyinstaller-4.7.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\setuptools-58.0.4-py3.7.egg-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\setuptools-58.0.4-py3.7.egg-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\setuptools-58.0.4-py3.7.egg-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\wheel-0.37.0-py3.9.egg-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\wheel-0.37.0-py3.9.egg-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\wheel-0.37.0-py3.9.egg-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\wheel-0.37.0-py3.9.egg-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\idm8a6_k VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpppji05rt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\win32api.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pywintypes37.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pythoncom37.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\core VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\core VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\core VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\core\_multiarray_umath.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\core VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\core\_multiarray_tests.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\linalg VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\linalg VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\linalg VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\linalg\lapack_lite.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\linalg\_umath_linalg.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\fft VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\fft VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\fft VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\fft\_pocketfft_internal.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\mtrand.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\bit_generator.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_common.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_bounded_integers.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_mt19937.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_philox.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_pcg64.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_sfc64.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_generator.cp37-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyfemap VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyfemap VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyfemap VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyfemap\Pyfemap_2306.py VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyfemap\Pyfemap_2306.py VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyfemap\__pycache__\Pyfemap_2306.cpython-37.pyc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyfemap\__pycache__\Pyfemap_2306.cpython-37.pyc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyfemap\Pyfemap_2306.py VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52802\pyfemap\Pyfemap_2306.py VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpppji05rt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpppji05rt\gen_py\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpppji05rt\gen_py\dicts.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\Desktop\Animate Lift.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpppji05rt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Animate Lift.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
11
Process Injection
11
Process Injection
OS Credential Dumping12
System Information Discovery
Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Timestomp
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1670319 Sample: Animate Lift.exe Startdate: 21/04/2025 Architecture: WINDOWS Score: 4 5 Animate Lift.exe 125 2->5         started        file3 10 C:\Users\user\AppData\Local\...\win32ui.pyd, PE32+ 5->10 dropped 12 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 5->12 dropped 14 C:\Users\user\AppData\Local\...\win32pdh.pyd, PE32+ 5->14 dropped 16 78 other files (none is malicious) 5->16 dropped 8 Animate Lift.exe 6 5->8         started        process4

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI52802\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\_win32sysloader.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-multibyte-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\libcrypto-1_1-x64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\libssl-1_1-x64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\mfc140u.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\core\_multiarray_tests.cp37-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\core\_multiarray_umath.cp37-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\fft\_pocketfft_internal.cp37-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\linalg\_umath_linalg.cp37-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\linalg\lapack_lite.cp37-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_bounded_integers.cp37-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_common.cp37-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_generator.cp37-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_mt19937.cp37-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52802\numpy\random\_pcg64.cp37-win_amd64.pyd0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral0%Avira URL Cloudsafe
https://pyinstaller.readthedocs.io/0%Avira URL Cloudsafe
https://altgraph.readthedocs.io0%Avira URL Cloudsafe
https://pyinstaller.readthedocs.io/en/v4.7/CHANGES.html0%Avira URL Cloudsafe
https://www.cs.hmc.edu/tr/hmc-cs-2014-0905.pdf0%Avira URL Cloudsafe
https://tidelift.com/security0%Avira URL Cloudsafe
https://pyinstaller.readthedocs.io/en/v4.7/0%Avira URL Cloudsafe
http://packages.python.org/altgraph0%Avira URL Cloudsafe
https://altgraph.readthedocs.io/en/latest/0%Avira URL Cloudsafe
https://setuptools.readthedocs.io0%Avira URL Cloudsafe
http://digitalassets.lib.berkeley.edu/sdtr/ucb/text/34.pdf0%Avira URL Cloudsafe
https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readme0%Avira URL Cloudsafe
http://www.pcg-random.org/0%Avira URL Cloudsafe
https://setuptools.readthedocs.io/0%Avira URL Cloudsafe
http://www.pyinstaller.org/support.html0%Avira URL Cloudsafe
http://www.pyinstaller.org/0%Avira URL Cloudsafe
http://www.math.sfu.ca/~cbm/aands/page_379.htm0%Avira URL Cloudsafe
https://tidelift.com/badges/github/pypa/setuptools?style=flat0%Avira URL Cloudsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://gnu.org/licenses/gpl-2.0.htmlAnimate Lift.exe, 00000000.00000003.1203227094.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
    high
    https://github.com/ronaldoussoren/altgraphAnimate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
      high
      https://github.com/naufraghi/tinyaes-pyAnimate Lift.exe, 00000000.00000003.1203373866.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
        high
        http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/Animate Lift.exe, 00000000.00000003.1192312015.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpfalse
          high
          https://github.com/psf/blackAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
            high
            https://github.com/pypa/wheel/issuesAnimate Lift.exe, 00000000.00000003.1204126787.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, PKG-INFO0.0.drfalse
              high
              https://github.com/mhammond/pywin32Animate Lift.exe, 00000000.00000003.1162124860.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1195494140.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1196873066.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1195245515.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1196680582.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1196873066.0000027A05C35000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1197059105.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1196791874.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, win32api.pyd.0.dr, win32pdh.pyd.0.dr, win32trace.pyd.0.dr, pywintypes37.dll.0.dr, win32ui.pyd.0.drfalse
                high
                https://github.com/pyinstaller/pyinstallerAnimate Lift.exe, 00000000.00000003.1203373866.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                  high
                  https://img.shields.io/pypi/pyversions/setuptools.svgAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                    high
                    https://github.com/ronaldoussoren/altgraph/issuesMETADATA0.0.drfalse
                      high
                      https://img.shields.io/pypi/v/setuptools.svgAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referralAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://packages.python.org/altgraphAnimate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#Animate Lift.exe, 00000002.00000003.1207244934.00000180885C2000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000002.00000003.1207095412.00000180885C2000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000002.00000003.1207320413.00000180885C2000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          https://wheel.readthedocs.io/en/stable/news.htmlAnimate Lift.exe, 00000000.00000003.1204126787.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, PKG-INFO0.0.drfalse
                            high
                            https://tidelift.com/securityAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://pyinstaller.readthedocs.io/en/v4.7/CHANGES.htmlAnimate Lift.exe, 00000000.00000003.1203373866.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=whiteAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              http://www.pcg-random.org/posts/random-invertible-mapping-statistics.htmlAnimate Lift.exe, 00000000.00000003.1193077115.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpfalse
                                high
                                https://www.cs.hmc.edu/tr/hmc-cs-2014-0905.pdfAnimate Lift.exe, 00000000.00000003.1192841043.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, _pcg64.cp37-win_amd64.pyd.0.drfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://pracrand.sourceforge.net/RNG_engines.txtAnimate Lift.exe, 00000000.00000003.1193077115.0000027A05C28000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  https://github.com/pypa/setuptoolsAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                    high
                                    https://wheel.readthedocs.io/PKG-INFO0.0.drfalse
                                      high
                                      https://pypi.org/project/setuptoolsAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        https://github.com/pypa/setuptools/workflows/tests/badge.svgAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          high
                                          http://pypi.python.org/pypi/sphinxAnimate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                            high
                                            https://github.com/pypa/setuptools/issuesAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              https://img.shields.io/badge/code%20style-black-000000.svgAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                https://blog.jaraco.com/skeletonAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  http://www.microsoft.cAnimate Lift.exe, 00000000.00000003.1164493832.0000027A05C32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.python.org/dev/peps/pep-0205/Animate Lift.exe, 00000000.00000003.1198575904.0000027A05C29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://pyinstaller.readthedocs.io/en/v4.7/Animate Lift.exe, 00000000.00000003.1203373866.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdAnimate Lift.exe, 00000000.00000003.1204126787.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, PKG-INFO0.0.drfalse
                                                        high
                                                        http://pypi.python.org/pypi/altgraphAnimate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                          high
                                                          http://json.orgAnimate Lift.exe, 00000002.00000003.1209772555.000001808A6C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://pypi.org/project/setuptools/Animate Lift.exe, 00000000.00000003.1204126787.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, PKG-INFO0.0.drfalse
                                                                high
                                                                http://www.apache.org/licenses/LICENSE-2.0Animate Lift.exe, 00000000.00000003.1203227094.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1203227094.0000027A05C37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://altgraph.readthedocs.io/en/latest/METADATA0.0.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://setuptools.readthedocs.ioAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://pyinstaller.readthedocs.io/Animate Lift.exe, 00000000.00000003.1203373866.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  http://www.apache.org/licenses/Animate Lift.exe, 00000000.00000003.1203227094.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://altgraph.readthedocs.ioAnimate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://github.com/pypa/wheelAnimate Lift.exe, 00000000.00000003.1204126787.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, PKG-INFO0.0.drfalse
                                                                      high
                                                                      https://www.python.org/dev/peps/pep-0427/Animate Lift.exe, 00000000.00000003.1204126787.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, PKG-INFO0.0.drfalse
                                                                        high
                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerAnimate Lift.exe, 00000002.00000003.1207244934.00000180885C2000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000002.00000003.1207095412.00000180885C2000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000002.00000003.1207320413.00000180885C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://www.ams.org/journals/mcom/1988-51-184/Animate Lift.exe, 00000002.00000003.1209662465.0000018090E08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://digitalassets.lib.berkeley.edu/sdtr/ucb/text/34.pdfAnimate Lift.exe, 00000002.00000003.1209662465.0000018090E08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            http://www.microsoft.Animate Lift.exe, 00000000.00000003.1164965857.0000027A05C32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://codecov.io/gh/pypa/setuptoolsAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://metacpan.org/pod/distribution/Math-Cephes/lib/Math/Cephes.pod#i0:-Modified-Bessel-function-oAnimate Lift.exe, 00000002.00000003.1209662465.0000018090E08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://mail.python.org/pipermail/distutils-sig/Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://www.pcg-random.org/Animate Lift.exe, 00000000.00000003.1192841043.0000027A05C28000.00000004.00000020.00020000.00000000.sdmp, _pcg64.cp37-win_amd64.pyd.0.drfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syAnimate Lift.exe, 00000002.00000003.1207244934.00000180885C2000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000002.00000003.1207095412.00000180885C2000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000002.00000003.1207320413.00000180885C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://www.math.sfu.ca/~cbm/aands/page_379.htmAnimate Lift.exe, 00000002.00000003.1209662465.0000018090E08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://github.com/pyinstaller/pyinstaller.Animate Lift.exe, 00000000.00000003.1203227094.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readmeAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        unknown
                                                                                        http://mathworld.wolfram.com/SincFunction.htmlAnimate Lift.exe, 00000002.00000003.1209662465.0000018090E08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://www.pyinstaller.org/METADATA.0.drfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          unknown
                                                                                          https://github.com/ronaldoussoren/altgraph/workflows/Lint/badge.svgAnimate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                            high
                                                                                            https://github.com/ronaldoussoren/altgraph/workflows/Test/badge.svgAnimate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                              high
                                                                                              https://img.shields.io/badge/skeleton-2021-informationalAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://tidelift.com/badges/github/pypa/setuptools?style=flatAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                unknown
                                                                                                https://www.openssl.org/HAnimate Lift.exe, 00000000.00000003.1165755580.0000027A05C2B000.00000004.00000020.00020000.00000000.sdmp, Animate Lift.exe, 00000000.00000003.1183911923.0000027A05C25000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1-x64.dll.0.drfalse
                                                                                                  high
                                                                                                  https://img.shields.io/readthedocs/setuptools/latest.svgAnimate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://setuptools.readthedocs.io/Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyAnimate Lift.exe, 00000002.00000003.1207320413.00000180885C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://www.pyinstaller.org/support.htmlAnimate Lift.exe, 00000000.00000003.1203373866.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://github.com/ronaldoussoren/altgraph/Animate Lift.exe, 00000000.00000003.1197977597.0000027A05C29000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                        high
                                                                                                        https://packaging.python.org/installing/Animate Lift.exe, 00000000.00000003.1203775714.0000027A05C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          No contacted IP infos
                                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                                          Analysis ID:1670319
                                                                                                          Start date and time:2025-04-21 15:33:46 +02:00
                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                          Overall analysis duration:0h 6m 6s
                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                          Report type:full
                                                                                                          Cookbook file name:default.jbs
                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                          Number of analysed new started processes analysed:11
                                                                                                          Number of new started drivers analysed:0
                                                                                                          Number of existing processes analysed:0
                                                                                                          Number of existing drivers analysed:0
                                                                                                          Number of injected processes analysed:0
                                                                                                          Technologies:
                                                                                                          • EGA enabled
                                                                                                          • AMSI enabled
                                                                                                          Analysis Mode:default
                                                                                                          Analysis stop reason:Timeout
                                                                                                          Sample name:Animate Lift.exe
                                                                                                          Detection:CLEAN
                                                                                                          Classification:clean4.winEXE@3/114@0/0
                                                                                                          Cookbook Comments:
                                                                                                          • Found application associated with file extension: .exe
                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                          • Excluded IPs from analysis (whitelisted): 184.29.183.29, 20.109.210.53
                                                                                                          • Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                          No simulations
                                                                                                          No context
                                                                                                          No context
                                                                                                          No context
                                                                                                          No context
                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI52802\VCRUNTIME140.dllSecuriteInfo.com.Win64.Malware-gen.8360.5215.exeGet hashmaliciousUnknownBrowse
                                                                                                            setup.exeGet hashmaliciousUnknownBrowse
                                                                                                              WCRz05ZEx4.msiGet hashmaliciousUnknownBrowse
                                                                                                                RequestHunter v2.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                  RequestHunter v2.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                    random.exeGet hashmaliciousLummaCBrowse
                                                                                                                      https://www.slido.com/api/download?application=powerpoint-winGet hashmaliciousUnknownBrowse
                                                                                                                        Albion-Bot-Pesca-(M).exeGet hashmaliciousUnknownBrowse
                                                                                                                          kill.exeGet hashmaliciousUnknownBrowse
                                                                                                                            kill.exeGet hashmaliciousUnknownBrowse
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):101672
                                                                                                                              Entropy (8bit):6.566355945650465
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:7y6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXR9xecbSQ2bIB0TO:7lXfRXqQw+PHLrCZh9xecbSt
                                                                                                                              MD5:8697C106593E93C11ADC34FAA483C4A0
                                                                                                                              SHA1:CD080C51A97AA288CE6394D6C029C06CCB783790
                                                                                                                              SHA-256:FF43E813785EE948A937B642B03050BB4B1C6A5E23049646B891A66F65D4C833
                                                                                                                              SHA-512:724BBED7CE6F7506E5D0B43399FB3861DDA6457A2AD2FAFE734F8921C9A4393B480CDD8A435DBDBD188B90236CB98583D5D005E24FA80B5A0622A6322E6F3987
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Joe Sandbox View:
                                                                                                                              • Filename: SecuriteInfo.com.Win64.Malware-gen.8360.5215.exe, Detection: malicious, Browse
                                                                                                                              • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                              • Filename: WCRz05ZEx4.msi, Detection: malicious, Browse
                                                                                                                              • Filename: RequestHunter v2.3.exe, Detection: malicious, Browse
                                                                                                                              • Filename: RequestHunter v2.3.exe, Detection: malicious, Browse
                                                                                                                              • Filename: random.exe, Detection: malicious, Browse
                                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                                              • Filename: Albion-Bot-Pesca-(M).exe, Detection: malicious, Browse
                                                                                                                              • Filename: kill.exe, Detection: malicious, Browse
                                                                                                                              • Filename: kill.exe, Detection: malicious, Browse
                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!/.NeNl.eNl.eNl....gNl.l6..nNl.eNm.INl..>o.hNl..>h.uNl..>i.zNl..>l.dNl..>..dNl..>n.dNl.RicheNl.................PE..d...M8.^.........." .........^...... .....................................................`A........................................`1..4....9.......p.......P.......L..(A..........H...T...............................0............................................text...b........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):81920
                                                                                                                              Entropy (8bit):6.265166577423828
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:Se1TI//Ka3qS3zhV4k3oVTt287+epBTkNG+0IGIJ4V:Or93bkB7+epBTEGd7IJ4V
                                                                                                                              MD5:6115CCE739AA12A5917235C5FA4B66C2
                                                                                                                              SHA1:7818309F4CA111B3392C8F67AE6DCE591E3963EA
                                                                                                                              SHA-256:19B312B06FF9B3AF7C8DD3FAB94FACB9CF1F0E5BF0326A771F34D1D1B95524C5
                                                                                                                              SHA-512:E83D00E2BD7DE6BF9B95B528EF4E3219C8BA4D4C842EECD0CE1CA49A7DD520470C17FBF93270ED9B5164BEA8A4E200A38746212D2EDE996A9D5228798A2A782E
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Reputation:low
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............]...]...]..j]...]...\...]=.>]...]...\...]...\...]...\...],..\...]...\...]...]...],..\...],..\...],..]...],..\...]Rich...]........PE..d....:.^.........." .........d............................................................`.........................................p...H............`.......P...............p..........T............................................................................text............................... ..`.rdata...9.......:..................@..@.data........0......................@....pdata.......P.......*..............@..@.rsrc........`.......4..............@..@.reloc.......p.......>..............@..B........................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):126976
                                                                                                                              Entropy (8bit):5.867172258366533
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:NOwxcHl+FuxatIRmFJn8ftl3m5m7FLr3IJVP:VcQu0wmz8ftlkE5
                                                                                                                              MD5:1EC6D919A90FE611FCAD86555B20BDBC
                                                                                                                              SHA1:783365A6563026EAF8312F1BA2479C74D19B285E
                                                                                                                              SHA-256:059E6D79776D5081EC6342E62D63725B07F0388787C5D7B250481729F63341F8
                                                                                                                              SHA-512:CF91E0A5AA4E714A1667DFBED81D0931606C64A1E7885BDF9ADDE96D2540700834A64352A4D2B4D571072E0B47044AF92669149560161F446BDA86425448B6DA
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Reputation:low
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.A./.A./.A./.H...G./.....C./...*.J./...+.I./...,.B./.....C./.$.+.@./.$...F./.A...../...,.@./...'.I./.../.@./....@./...-.@./.RichA./.................PE..d...z:.^.........." .....(..........X%.......................................0............`.........................................@....................................... ......Pv..T............................v...............@...............................text...1'.......(.................. ..`.rdata...m...@...n...,..............@..@.data....9.......4..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):31744
                                                                                                                              Entropy (8bit):5.532826453118351
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:V3zkzB7eddwcZUspLNl1VveCNP6Xta0IeIJsI:S97SdVeQrveCNP6da0IeIJsI
                                                                                                                              MD5:37D13B60C4A2140267182C6EC2F151CB
                                                                                                                              SHA1:48D9FCFA87D410C114C59118B248BEC68F2D181E
                                                                                                                              SHA-256:DF070837F91B2562E543F6D4B8429982CA175A8C65C8AEBDC4ACDE8C1418C4D1
                                                                                                                              SHA-512:09FBD7FC941908C4F6AA4523FF20EBF872B3472FB4D1BD04BF86F8312C536274E1843832B672BECCA504A6CECEDD166D15C771AB8EB3BA4C35CE6ABA96BBA4F0
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Reputation:low
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..R...R...R...*0..R..:...R..:...R..:...R..:...R..4...R..E;...R...R..R..E;...R..E;...R..E;\..R..E;...R..Rich.R..........PE..d...}:.^.........." .....8...F.......5....................................................`..........................................e..P....e..x...................................0[..T............................[...............P...............................text....6.......8.................. ..`.rdata... ...P..."...<..............@..@.data...(............^..............@....pdata...............j..............@..@.rsrc................p..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):249856
                                                                                                                              Entropy (8bit):5.993748374064871
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:L1Z+wjJoWUFcwPbdqKNlk8/RO2hzwpbHPq+NZkA/NOihXw7b1qvNEk4/SOMhAkwi:L1lTrbsnqtUQ
                                                                                                                              MD5:543C7206DA5DDBA712E8E39A54DF9247
                                                                                                                              SHA1:8A4E1C2DB68D9E5F1BBD9C74A392E0937DCCBBD0
                                                                                                                              SHA-256:23FC4BCA94408AB3D4746F12C323B25FE3674FB05C3CC2E0621533586BE4BBE9
                                                                                                                              SHA-512:893509393625EED100BDE75641280F19930521F274BB89EEB87A1213B8E735E88B7B060BA1B235CB048FEECC72BE32715A24B9CF712492A24506C4EE8FB90C53
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Reputation:low
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:0DV[^.V[^.V[^._#..R[^..3_.T[^..3[.][^..3Z.^[^..3].T[^..2_.U[^.3=_.T[^.V[_..[^..2V.l[^..2^.W[^..2..W[^..2\.W[^.RichV[^.................PE..d....:.^.........." ......................................................................`............................................L.......x...............d...............<.......T............................................................................text............................... ..`.rdata..............................@..@.data...x...........................@....pdata..d...........................@..@.rsrc...............................@..@.reloc..<...........................@..B........................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):68608
                                                                                                                              Entropy (8bit):5.906291313630451
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:DrxwZGYDFl0gR4wYJxJVvQm7RVJ/n+gDgOQ0IKIJVw:/xwZGQFXOw+xJhQmdVJ/nRDgO33IJVw
                                                                                                                              MD5:44CC32D9B86508BB7CE448E148E86D90
                                                                                                                              SHA1:912114557D3B44E7DC622E2BC901B4498939FAE7
                                                                                                                              SHA-256:ECC3E6305B277C3E6F6AE0D787038F381D2FE3F9D03FDD4AF2791C1F947FE9A7
                                                                                                                              SHA-512:609889AC54E5351F5EADF9CE117073C16DA936515361957E627DC368D015D04A938D67D42B0B92426C82615ED23DFE881AB675A2870D261333D950CBFB5E7D4E
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Reputation:low
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I.c.(.0.(.0.(.0.P\0.(.0.@.1.(.0.@.1.(.0.@.1.(.0.@.1.(.0)A.1.(.0.N.1.(.0.(.0.(.0)A.1.(.0)A.1.(.0)A00.(.0)A.1.(.0Rich.(.0................PE..d...}:.^.........." .....x...........u.......................................P............`.............................................P...........0....... ..H............@.........T...........................@................................................text...#w.......x.................. ..`.rdata...@.......B...|..............@..@.data....>.......8..................@....pdata..H.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):115712
                                                                                                                              Entropy (8bit):5.917980779368038
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:ez9u9w5GDSzKrNDn6jLhYjQtpUaqLoERU/g9OrUNV+Nr7IJ47:ez9yw5GDSzKZDn6jLhY/LoEM
                                                                                                                              MD5:D959534EEC3E13BBE80373590FB14F71
                                                                                                                              SHA1:4F2F13260B3A9815C7DC45F5ECD96C9E9FF82D1B
                                                                                                                              SHA-256:92856D036BBE1411D242B72A53A97CD9D0FDE0F53D421D0E0856218D8B91C5DB
                                                                                                                              SHA-512:D5E526F6FC02E4E99F21CC9D0BEC0B19A83170403CB0A23EF1E1620B5E019F1117287BDF55722F240CBDED76D6FF3332B117DD5B19199F06E607BF8E73953E5D
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>...P..P..P....P..Q..P..U..P..T..P..S..P.5.Q..P..Q..P..Q...P.5.X..P.5.P..P.5....P.5.R..P.Rich..P.........................PE..d....:.^.........." ......................................................................`..........................................>..H....>..................................l... %..T............................%...............................................text...S........................... ..`.rdata..............................@..@.data...PN...p...H...\..............@....pdata..............................@..@.rsrc...............................@..@.reloc..l...........................@..B................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12288
                                                                                                                              Entropy (8bit):4.912967687370018
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:79LP7MWfrJDmLDCfsX0PKI93PoB7S7YjYvI91uRsYnGcyY/tLK/:pLjb5fs0Ky3vpy1u+lw/te/
                                                                                                                              MD5:F67A9BEB2FC8D67E81F30A3ED6C331BE
                                                                                                                              SHA1:7F1D1670FC8190A68DAE029B58314F5B0BC77270
                                                                                                                              SHA-256:90A1C02C5669E38E4869B3C9DCF9C803A5C1200F67887EF29A64F8C623C59D6B
                                                                                                                              SHA-512:1887E5D3C1888C85F15403657677DFE7A3CA276EF1CA2FF8C40C5933F9B62F1E03507F78A7F43FC42C95B20D4EF59F0AE38B4B1FD0B7EB8712ECE5E76ED74520
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D...D...D...M.".F....!..F...7...F....!..E....!..N....!..L.......G...D...`....!..E....!..E....!..E...RichD...........................PE..d....^a.........." ......................................................................`..........................................7..`... 8..d....p..l....P..................0....2..T...........................p2...............0..@............................text...s........................... ..`.rdata..(....0......................@..@.data........@.......$..............@....pdata.......P.......&..............@..@.gfids.......`.......(..............@..@.rsrc...l....p.......*..............@..@.reloc..0...........................@..B................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4
                                                                                                                              Entropy (8bit):1.5
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                              Malicious:false
                                                                                                                              Preview:pip.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1002
                                                                                                                              Entropy (8bit):5.178870450986544
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:wy+rmJHcwH0MP3gt99QHOsUv4eOk4/+/m3oqMSFJ:9+aJ8YHvEnQHOs5exm3oEFJ
                                                                                                                              MD5:3590EB8D695BDCEA3BA57E74ADF8A4ED
                                                                                                                              SHA1:5B3C3863D521CF35E75E36A22E5EC4A80C93C528
                                                                                                                              SHA-256:6C194D6DB0C64D45535D10C95142B9B0CDA7B7DCC7F1DDEE302B3D536F3DBE46
                                                                                                                              SHA-512:405E4F136E282352DF9FC60C2CE126E26A344DD63F92AAB0E77DE60694BD155A13CF41C13E88C00FB95032A90526AD32C9E4B7D53CA352E03C3882ED648821F0
                                                                                                                              Malicious:false
                                                                                                                              Preview:Copyright (c) 2004 Istvan Albert unless otherwise noted..Copyright (c) 2006-2010 Bob Ippolito.Copyright (2) 2010-2020 Ronald Oussoren, et. al...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS.IN THE SOFTWARE
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7221
                                                                                                                              Entropy (8bit):4.9307261309791395
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:D4fEqzwjaaYxmPktW13ieOGZND9wSNEd+KezAYx09zB5KENViyh5YZXc9Me6WEFl:hq08GZNtyui9KUQHDyKtZB
                                                                                                                              MD5:6CC13052FD94000C7D33837690FDC307
                                                                                                                              SHA1:8B0A3C095FB607F7C4B31313D4E24D1F54DDDCBE
                                                                                                                              SHA-256:177364F7304A48C8A2DE436BFC9BB8B22DF8FBE668B9DFD4307147B194FACADF
                                                                                                                              SHA-512:18D4FE8FEAFC5CB4609AAE5D62240CEC955D617036EA81AE46EE0E86D4CA6F6E4ACA29F0818DDF2CDD20E4FFD67B73028DFFB44D9F9BAC53DAB0EF8C66958E30
                                                                                                                              Malicious:false
                                                                                                                              Preview:Metadata-Version: 2.1.Name: altgraph.Version: 0.17.2.Summary: Python graph (network) package.Home-page: https://altgraph.readthedocs.io.Author: Ronald Oussoren.Author-email: ronaldoussoren@mac.com.Maintainer: Ronald Oussoren.Maintainer-email: ronaldoussoren@mac.com.License: MIT.Download-URL: http://pypi.python.org/pypi/altgraph.Keywords: graph.Platform: any.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.4.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Class
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:CSV text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1549
                                                                                                                              Entropy (8bit):5.825099701927593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:1nuXihyY0y15JTgWllriHh39+7oI4NbKw1+lcRhlkKWaxgP:wX5mvop47T4NbN1+l2vkraxgP
                                                                                                                              MD5:9ECD3A3EAD020F7585334E9061A38100
                                                                                                                              SHA1:EB2301BE8F417BC3AA926690B431442EE54039CC
                                                                                                                              SHA-256:E36B9CF760B8EDD2E0A00C056E2840A30B53DF0F01AF0CEBBF6761003AD2BA56
                                                                                                                              SHA-512:B1DA51ABE3E036A7685805ECBDFB703F46BDC647D79116D748067E65CEAD2A0EABD788B3340C5E6400841CD95ADAD45D32B0F7FFF8421606EB8FB214F7CF4425
                                                                                                                              Malicious:false
                                                                                                                              Preview:altgraph-0.17.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..altgraph-0.17.2.dist-info/LICENSE,sha256=bBlNbbDGTUVTXRDJUUK5sM2nt9zH8d3uMCs9U289vkY,1002..altgraph-0.17.2.dist-info/METADATA,sha256=F3Nk9zBKSMii3kNr_Ju4si34--Zoud_UMHFHsZT6yt8,7221..altgraph-0.17.2.dist-info/RECORD,,..altgraph-0.17.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..altgraph-0.17.2.dist-info/WHEEL,sha256=Z-nyYpwrcSqxfdux5Mbn_DQ525iP7J2DG3JgGvOYyTQ,110..altgraph-0.17.2.dist-info/top_level.txt,sha256=HEBeRWf5ItVPc7Y9hW7hGlrLXZjPoL4by6CAhBV_BwA,9..altgraph-0.17.2.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1..altgraph/Dot.py,sha256=fHS-GozpcEKyWxW2v110JaFMS68iIc0oYFlFDuNQgOQ,9901..altgraph/Graph.py,sha256=6b6fSHLA5QSqMDnSHIO7_WJnBYIdq3K5Bt8VipRODwg,20788..altgraph/GraphAlgo.py,sha256=Uu9aTjSKWi38iQ_e9ZrwCnzQaI1WWFDhJ6kfmu0jxAA,5645..altgraph/GraphStat.py,sha256=vj3VqCOkzpAKggxVFLE_AlMIfPm1WN17DX4rbZjXAx4,1890..altgraph/GraphUtil.py,s
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):110
                                                                                                                              Entropy (8bit):4.816968543485036
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCf7irO5S:RtBMwlViQWBBwt
                                                                                                                              MD5:5BBA2AABC4A5D75E954C7EDF9834DE0A
                                                                                                                              SHA1:407755EDC93510D5F7556ECDD1E7CB42F9357D8F
                                                                                                                              SHA-256:67E9F2629C2B712AB17DDBB1E4C6E7FC3439DB988FEC9D831B72601AF398C934
                                                                                                                              SHA-512:803B1181918FB2D93D2D2715D96E087E9333647C4A4A405D4FAD9DEDE0B77C8E3BCD5CAC7F3A426C60715202E2ECEBCD3EE9E066B2233A814A9A821D23BE88D0
                                                                                                                              Malicious:false
                                                                                                                              Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):9
                                                                                                                              Entropy (8bit):2.94770277922009
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:gRUEv:gee
                                                                                                                              MD5:BEB0CA64AA7DD6722F65930793F447D5
                                                                                                                              SHA1:9BBA1BCE17FB25BDC9E6AA7AD8077999422EFD86
                                                                                                                              SHA-256:1C405E4567F922D54F73B63D856EE11A5ACB5D98CFA0BE1BCBA08084157F0700
                                                                                                                              SHA-512:BC4C40BCC527A9E40A934B6B594278A89625C9142795582C223E227A2D6ECCEB3233F10AA790E87D44171207AC0FEAC09581BD63C71937F97BB8F07E8CC88F30
                                                                                                                              Malicious:false
                                                                                                                              Preview:altgraph.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:very short file (no magic)
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:v:v
                                                                                                                              MD5:68B329DA9893E34099C7D8AD5CB9C940
                                                                                                                              SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                                                                                                                              SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                                                                                                                              SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                                                                                                                              Malicious:false
                                                                                                                              Preview:.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19208
                                                                                                                              Entropy (8bit):6.975148254582308
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:PaW1hWiZqe8Cjdks/nGfe4pBjSYqW/nW5RKTt3E2sVWQ4GW5rYZpqnaj71nxPI45:yW1hW4r1m0GftpBjQm3SllndaVrQ2W
                                                                                                                              MD5:E5912B05988259DAD0D6D04C8A17D19B
                                                                                                                              SHA1:724F4F91041AD595E365B724A0348C83ACF12BBB
                                                                                                                              SHA-256:9F3608C15C5DE2F577A2220CE124B530825717D778F1E3941E536A3AB691F733
                                                                                                                              SHA-512:C270A622D7887F4C97232EA898F5380459C565817F0D201CDB081EE82E3002B6E6248753A68DA896D3B1327F93E8E8CB0CA0DCAEEF324F610E0A1C7B542C6492
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d................." .........................................................0......ND....`.........................................`...,............ ...................=..............T............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18696
                                                                                                                              Entropy (8bit):6.984171794145316
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:aUW1hWi8dsNtLxCjdks/nGfe4pBjSYvQF0RW5RKTt3E2sVWQ4GWsTJsqnajkZtT6:HW1hWfsngm0GftpBjmtm3SglmTok6
                                                                                                                              MD5:16789CC09A417D7DEB590FFFE4ED02DC
                                                                                                                              SHA1:4940D5B92B6B80A40371F8DF073BF3EB406F5658
                                                                                                                              SHA-256:3B68D7AB0641DE6B3E81D209B7C0D3896E4FFA76617BBADD01EB54036CDD1B07
                                                                                                                              SHA-512:19E4F086CC2137EE60316B0736B3C6B3780578896DF9A826EDFE004BB74BEE8E051C511A84D8A7EA278A5F47C82B9C955394F629AB0BB0740ECB51293D9BE7B7
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....F.L.........." .........................................................0......B.....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18696
                                                                                                                              Entropy (8bit):6.988934641003721
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:2W1hWi9cvHCjdks/nGfe4pBjSYLky6b+W5RKTt3E2sVWQ4GW2y9jqnajXagRbG1d:2W1hW+Qim0GftpBj81nm3SMlDCED6
                                                                                                                              MD5:9476AFFAAC53E6E34405C4001F141805
                                                                                                                              SHA1:E7C8A6C29C3158F8B332EEA5C33C3B1E044B5F73
                                                                                                                              SHA-256:55574F9E80D313048C245ACEFD21801D0D6C908A8A5049B4C46253EFAF420F89
                                                                                                                              SHA-512:F8E3476A09D888CAEBD50DA0EA2DEBC4006004E72AF677919413655AB4595622CAC524F1BC6C13406EE341AE0052A19ED83826AD530F652E73B2C65D4FA65680
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....C............" .........................................................0.......-....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18696
                                                                                                                              Entropy (8bit):7.01639527920599
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:8mxD3uLW1hWioedXACjdks/nGfe4pBjSYTdvW5RKTt3E2sVWQ4GWGCWkqnajTWOj:8BLW1hWeXRm0GftpBj8m3SclgCohax
                                                                                                                              MD5:A5883C68D432F593812AB3B755B808DB
                                                                                                                              SHA1:51CBB7BA47802DC630C2507750432C55F5979C27
                                                                                                                              SHA-256:B3715112A7CA4C6CC0EFEE044BD82444D3267A379E33A3EC118D87E75604204D
                                                                                                                              SHA-512:27153E29E99A905FA4C8B3EDE078644A3A3F29FDF7B98E387E39C5C60444E326C92AFD74DA8FEE225F7DDF39724A0DAEF68BA238F3CC64FB7860172B8F29D79A
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d.....Z..........." .........................................................0......X?....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22280
                                                                                                                              Entropy (8bit):6.9179162203047495
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:TBPvVXcW1hWYDzDm0GftpBjrm3SXjltFpx:VPvVX/TViNZ
                                                                                                                              MD5:241338AEF5E2C18C80FB1DB07AA8BCDF
                                                                                                                              SHA1:9ACBEEF0AC510C179B319CA69CD5378D0E70504D
                                                                                                                              SHA-256:56DE091EFE467FE23CC989C1EE21F3249A1BDB2178B51511E3BD514DF12C5CCB
                                                                                                                              SHA-512:B9FD37F01A58594E48FA566C41827B2B9499605D9E55C2178E83EE41C8C5F50A4DF2C85EFEA94CA586EA0EA4A6D984EBB7CA2193E9306FCB853B147B2C76BC2D
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....Q............" .........................................................@.......|....`.........................................`................0...................=..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18696
                                                                                                                              Entropy (8bit):6.993868508484722
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:aW1hWF5OZkum0GftpBjjNWm3S0ZlmTof1:JKoViqi1
                                                                                                                              MD5:49C3FFD47257DBCB67A6BE9EE112BA7F
                                                                                                                              SHA1:04669214375B25E2DC8A3635484E6EEB206BC4EB
                                                                                                                              SHA-256:322D963D2A2AEFD784E99697C59D494853D69BED8EFD4B445F59292930A6B165
                                                                                                                              SHA-512:BDA5E6C669B04AAED89538A982EF430CEF389237C6C1D670819A22B2A20BF3C22AEF5CB4E73EF7837CBBD89D870693899F97CB538122059C885F4B19B7860A98
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...,,.W.........." .........................................................0............`.........................................`...L............ ...................=..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18696
                                                                                                                              Entropy (8bit):7.054510010549814
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:eVrW1hWbvm0GftpBjzH4m3S9gTlUK3dsl:eVuAViaB/6sl
                                                                                                                              MD5:BFFFA7117FD9B1622C66D949BAC3F1D7
                                                                                                                              SHA1:402B7B8F8DCFD321B1D12FC85A1EE5137A5569B2
                                                                                                                              SHA-256:1EA267A2E6284F17DD548C6F2285E19F7EDB15D6E737A55391140CE5CB95225E
                                                                                                                              SHA-512:B319CC7B436B1BE165CDF6FFCAB8A87FE29DE78F7E0B14C8F562BE160481FB5483289BD5956FDC1D8660DA7A3F86D8EEDE35C6CC2B7C3D4C852DECF4B2DCDB7F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...4.F>.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18696
                                                                                                                              Entropy (8bit):6.998147659672995
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:yW1hWBJ9M7tOZk7Cjdks/nGfe4pBjSYj+a2W5RKTt3E2sVWQ4GWJ9xqZsqnajkZ9:yW1hW+5OZkum0GftpBjt7m3SlGlmToC
                                                                                                                              MD5:CCE27FF9B1E78B61955682788452F785
                                                                                                                              SHA1:A2E2A40CEA25EA4FD64B8DEAF4FBE4A2DB94107A
                                                                                                                              SHA-256:8EE2DE377A045C52BBB05087AE3C2F95576EDFB0C2767F40B13454F2D9F779DE
                                                                                                                              SHA-512:1FCEC1CD70426E3895C48598DFC359839D2B3F2B1E3E94314872A866540353460EC932BF3841E5AFE89AA4D6C6FAC768E21AE368D68C2BB15F65960F6F5D7D5B
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d.....QN.........." .........................................................0............`.........................................`...`............ ...................=..............T............................................................................rdata..`...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19208
                                                                                                                              Entropy (8bit):6.963329589517269
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:fZlgW1hWiR+49Cjdks/nGfe4pBjSYBPq+W5RKTt3E2sVWQ4GWDG2Oqnajd2si3TT:hlgW1hWP4wm0GftpBjVsm3STlM/
                                                                                                                              MD5:CDC266896E0DBE6C73542F6DEC19DE23
                                                                                                                              SHA1:B4310929CCB82DD3C3A779CAB68F1F9F368076F2
                                                                                                                              SHA-256:87A5C5475E9C26FABFEAD6802DAC8A62E2807E50E0D18C4BFADCB15EBF5BCBC0
                                                                                                                              SHA-512:79A29041699F41938174A6EC9797FAF8D6BF7764657D801CB3AF15C225F8EAB0135D59CFA627BD02DD7459F7B857D62299E4D082586CE690627EBDF1267EBB21
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...T.*..........." .........................................................0......n.....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18696
                                                                                                                              Entropy (8bit):7.00560797197583
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:CW1hWiRnedXACjdks/nGfe4pBjSYC6rSW5RKTt3E2sVWQ4GW+60yqnaj/6g6dqpl:CW1hW3XRm0GftpBjl7m3SOLltFpU2
                                                                                                                              MD5:39809CC5DABF769DA8871A91A8ED9E69
                                                                                                                              SHA1:F779CDEF9DED19402AA72958085213D6671CA572
                                                                                                                              SHA-256:5CD00FF4731691F81FF528C4B5A2E408548107EFC22CC6576048B0FDCE3DFBC9
                                                                                                                              SHA-512:83A8246839D28378C6F6951D7593DC98B6CAA6DBCA5FBD023B00B3B1A9EBA0597943838C508493533C2DE276C4D2F9107D890E1C9A493EE834351CFF5DFD2CAB
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...3Qb..........." .........................................................0......X.....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19720
                                                                                                                              Entropy (8bit):6.969703170679177
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:KvuBL3BYW1hWp5OZkum0GftpBjPJm3SyAlJrqsK:FBL3BTioViH+ElK
                                                                                                                              MD5:5D5FAE1A17961D6EE37637F04FE99B8A
                                                                                                                              SHA1:47143A66B4A2E2BA019BF1FD07BCCA9CFB8BB117
                                                                                                                              SHA-256:8E01EB923FC453F927A7ECA1C8AA5643E43B360C76B648088F51B31488970AA0
                                                                                                                              SHA-512:9DB32EC8416320DCB28F874B4679D2D47A5AE56317FDC9D2D65EBB553F1D6345C3DD0024294A671A694337683DD4E77254595A9CDBFE115C80D0EF53516D46AA
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...:............." .........................................................0...........`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21256
                                                                                                                              Entropy (8bit):6.999439379402039
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:XOMw3zdp3bwjGjue9/0jCRrndb6kW1hW85OZkum0GftpBjcqEm3Shupl4aRGWa:XOMwBprwjGjue9/0jCRrndb0noVialbj
                                                                                                                              MD5:588BD2A8E0152E0918742C1A69038F1D
                                                                                                                              SHA1:9874398548891F6A08FC06437996F84EB7495783
                                                                                                                              SHA-256:A07CC878AB5595AACD4AB229A6794513F897BD7AD14BCEC353793379146B2094
                                                                                                                              SHA-512:32FFE64C697F94C4DB641AB3E20B0F522CF3EBA9863164F1F6271D2F32529250292A16BE95F32D852480BD1B59B8B0554C1E7FD7C7A336F56C048F4F56E4D62F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d.....=X.........." .........................................................0......c.....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19208
                                                                                                                              Entropy (8bit):6.988263632360211
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:E8W1hWiEUcvHCjdks/nGfe4pBjSYY3iW5RKTt3E2sVWQ4GWRRhbOqnajd2si3Hv:E8W1hWXUQim0GftpBjMnm3So3ylMHv
                                                                                                                              MD5:6DEF20ED13972F3C3F08DBA8ECF3D6CC
                                                                                                                              SHA1:9C03356CF48112563BB845479F40BF27B293E95E
                                                                                                                              SHA-256:C2E887A17875D39099D662A42F58C120B9CC8A799AFD87A9E49ADF3FADDD2B68
                                                                                                                              SHA-512:5B4D2B1152BED14108DC58D358B1082E27DEFD1001D36CD72EC6F030A34D6CAF9B01C3C1DD8A9AC66D1937FCF86A6FE3469AC93B1E76D933A8F4B51C1F782F65
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....`Z.........." .........................................................0......4.....`.........................................`...l............ ...................=..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18696
                                                                                                                              Entropy (8bit):7.058960418674579
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:eW1hWU5OZkum0GftpBjxKvm3SQTlUK3dsDT:1noVimvf6sDT
                                                                                                                              MD5:A056D4EEAAE37DEAB8333DCC4C910A93
                                                                                                                              SHA1:CB59F1FE73C17446EB196FC0DD7D944A0CD9D81F
                                                                                                                              SHA-256:593FA2AA2474508AD942BBAA0FDC9A1BADD81C85B0DFF1C43B90A47C23AD5FB7
                                                                                                                              SHA-512:C2F811994182EF51D0C011C19336179DA69357E5F284F787BCDB54F90C32768A959232A477534F7E62CD3D71A048A13E91B20042E2FE6AB108D606C7C8DF9255
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...h..&.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19720
                                                                                                                              Entropy (8bit):6.974766888869884
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:XnW1hWioe8Cjdks/nGfe4pBjSY6ydpW5RKTt3E2sVWQ4GWwvcUV2HPqnajkSXt7m:XnW1hWE1m0GftpBjZ4m3SZ7MvlJrU
                                                                                                                              MD5:F3B4AB35A65A8D938C6B60AD59BA6E7F
                                                                                                                              SHA1:2745259F4DBBEFBF6B570EE36D224ABDB18719BC
                                                                                                                              SHA-256:EA2972FEC12305825162AE3E1AE2B6C140E840BE0E7EBB51A7A77B7FEEDA133A
                                                                                                                              SHA-512:A88AFB66311494D6C15613C94555BA436CD2F75E11A49A448C9C6776DFBA24CDA25A44792A1E8B3E680C1AD3AD0574B43AC2328C6E41FF0832139C94B066DBF5
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...+;P..........." .........................................................0.......}....`.........................................`...H............ ...................=..............T............................................................................rdata..T...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20744
                                                                                                                              Entropy (8bit):6.990402551132059
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:gWXk1JzNcKSIXW1hWEXRm0GftpBj1U6m3SddlmTod4V:gbcKSbxViZx8
                                                                                                                              MD5:5FAF9A33BAB1D39DD9F820D34339B3D4
                                                                                                                              SHA1:50699041060D14576ED7BACBD44BE9AF80EB902A
                                                                                                                              SHA-256:A1221836731C7E52C42D5809CC02B17C5EC964601631EC15A84201F423DA4AC4
                                                                                                                              SHA-512:73C25D1338DF9AEE5211FBB0E1B14E6BD853E31746C63BC46F44810622B09D52EE39B8E8A57C655DA63D3D3D4025C2CBA4D8673893D022417A2032BA3D935061
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...m..c.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19208
                                                                                                                              Entropy (8bit):7.005927948691754
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:dtUDfIeFrW1hWC5OZkum0GftpBjVzm3Sx56lgCoha6LDF:dteFuJoVijz1HB
                                                                                                                              MD5:D699333637DB92D319661286DF7CC39E
                                                                                                                              SHA1:0BFFB9ED366853E7019452644D26E8E8F236241B
                                                                                                                              SHA-256:FE760614903E6D46A1BE508DCCB65CF6929D792A1DB2C365FC937F2A8A240504
                                                                                                                              SHA-512:6FA9FF0E45F803FAF3EB9908E810A492F6F971CB96D58C06F408980AB40CBA138B52D853AA0E3C68474053690DFAFA1817F4B4C8FB728D613696B6C516FA0F51
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d................." .........................................................0.......4....`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18184
                                                                                                                              Entropy (8bit):7.078838863546672
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:D4VW1hWc2TVCEmCjdks/nGfe4pBjSfMesvMW5RKTt3E2sVWQ4iWJBJ9qnajuZDAu:DyW1hWTvm0GftpBjosv5m3SKlUK3dsl
                                                                                                                              MD5:7028CF6B6B609CB0E31ABD1F618E42D0
                                                                                                                              SHA1:E7E0B18A40A35BD8B0766AC72253DE827432E148
                                                                                                                              SHA-256:9E98B03A3CA1EBABDCEB7ED9C0CEB4912BB68EB68F3E0DF17F39C7A55FADA31D
                                                                                                                              SHA-512:D035CCFD0DE316E64187C18E6E5B36E14F615F872C08740EC22EF2C12D592E37D78AB154202926A56AB01D669EB5870DFF651280A882D6BF2A700C43DCD25AC2
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...kl^w.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19208
                                                                                                                              Entropy (8bit):6.970973012980799
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:OGeVWW1hWixluZCCjdks/nGfe4pBjSYW5lW5RKTt3E2sVWQ4GWavOqnajd2si3n:OGeVWW1hWbFm0GftpBj/m3S6lMn
                                                                                                                              MD5:2166FB99DEBBB1B0649C4685CF630A4A
                                                                                                                              SHA1:24F37D46DFC0EF303EF04ABF9956241AF55D25C9
                                                                                                                              SHA-256:CDC4CFEBF9CBA85B0D3979BEFDB258C1F2CFCB79EDD00DA2DFBF389D080E4379
                                                                                                                              SHA-512:DE27D06B1F306110B42D0ED2642A555862D0ADE7E56E5F2908E399F140AA5F43904E08D690BCB0D2F4D11D799EC18FA682DB048DA57D99CD99891E45ADD86371
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...9..\.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18696
                                                                                                                              Entropy (8bit):7.023539681578989
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:eyMvxW1hWa3szm0GftpBjD0m3SojlD16huQf+:eyMvgZ8zViZ0sEG
                                                                                                                              MD5:B7CBC8D977A00A2574E110B01124ED40
                                                                                                                              SHA1:637E4A9946691F76E6DEB69BDC21C210921D6F07
                                                                                                                              SHA-256:854DB7D2085CAACF83D6616761D8BDCBACB54A06C9A9B171B1C1A15E7DC10908
                                                                                                                              SHA-512:B415EF4092FA62D39941BF529A2032BC8B591C54ED2050EA4730F198899F147539B2C0E97F3C4F14848C71066924C1848AE5F07779A1A47AB4C5E46F02BE7258
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...c`.g.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20744
                                                                                                                              Entropy (8bit):6.945077946165594
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:vdv3V0dfpkXc0vVaRW1hWW5OZkum0GftpBjwRm3SklD16hpv:vdv3VqpkXc0vVaA9oVi67v
                                                                                                                              MD5:6961BF5622FFCD14C16FBFC1296950A4
                                                                                                                              SHA1:5584C189216A17228CCA6CD07037AAA9A8603241
                                                                                                                              SHA-256:50A1542D16B42ECB3EDC1EDD0881744171EA52F7155E5269AD39234F0EA691DE
                                                                                                                              SHA-512:A4D0C15ACBFF4E9140AE4264FA24BD4C65FB2D1052A0B37BF281498F3B641FEF563C18115511829A23340C9440F547028D36015BA38CBD51AD0744D44D5CCD87
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d................." .........................................................0.......D....`.........................................`...X............ ...................=..............T............................................................................rdata..X...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19208
                                                                                                                              Entropy (8bit):7.035970190329706
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:ntZ3mW1hWig+49Cjdks/nGfe4pBjSYS6XXL6bW5RKTt3E2sVWQ4GWUFsqnajkZtu:ntZ3mW1hWA4wm0GftpBjbLZm3SElmTop
                                                                                                                              MD5:47388F3966E732706054FE3D530ED0DC
                                                                                                                              SHA1:A9AEBBBB73B7B846B051325D7572F2398F5986EE
                                                                                                                              SHA-256:59C14541107F5F2B94BBF8686EFEE862D20114BCC9828D279DE7BF664D721132
                                                                                                                              SHA-512:CCE1FC5BCF0951B6A76D456249997B427735E874B650E5B50B3D278621BF99E39C4FC7FEE081330F20762F797BE1B1C048CB057967EC7699C9546657B3E248EE
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d......&.........." .........................................................0.......N....`.........................................`...x............ ...................=..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19720
                                                                                                                              Entropy (8bit):6.966818956285711
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:6dKIMF8XW1hWixu7jCjdks/nGfe4pBjSYmL8lW5RKTt3E2sVWQ4GWfO+psqnajkt:iZXW1hWxam0GftpBjxEm3SK2lmTo6N
                                                                                                                              MD5:DF50047BBD2CF3A4B0CF0567514B464C
                                                                                                                              SHA1:F20AE25484A1C1B43748A1F0C422F48F092AD2C1
                                                                                                                              SHA-256:8310D855398F83CB5B9CA3ADEB358DA1354557AEC5C82C8EF91A29F79A47F620
                                                                                                                              SHA-512:5C3BFC2CCB2EE864B99F6709677474327E85889F4C962EA0A1EF9E1E876DC88B1D8E8E0F6C1422F634FF1C84A861C34E52EE07DAC7FDDE505B508BEA80562B9F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...B............." .........................................................0.......7....`.........................................`...H............ ...................=..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19208
                                                                                                                              Entropy (8bit):7.033308637681508
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:bW1hWipu7jCjdks/nGfe4pBjSYpGQjW5RKTt3E2sVWQ4GWqsegPBOqnajd2si3Ed:bW1hWJam0GftpBjEm3SPZlMELmA
                                                                                                                              MD5:F62B66F451F2DAA8410AD62D453FA0A2
                                                                                                                              SHA1:4BF13DB65943E708690D6256D7DDD421CC1CC72B
                                                                                                                              SHA-256:48EB5B52227B6FB5BE70CB34009C8DA68356B62F3E707DB56AF957338BA82720
                                                                                                                              SHA-512:D64C2A72ADF40BD451341552E7E6958779DE3054B0CF676B876C3BA7B86147AECBA051AC08ADC0C3BFB2779109F87DCA706C43DE3CE36E05AF0DDEE02BBBF419
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...)3............" .........................................................0............`.........................................`...H............ ...................=..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18696
                                                                                                                              Entropy (8bit):6.988420393814923
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:k5GW1hWiHu7jCjdks/nGfe4pBjSY4QUzzeW5RKTt3E2sVWQ4GWpmBPqnajkSXt7l:k5GW1hWDam0GftpBjqzzTm3ST9lJr/
                                                                                                                              MD5:A1952875628359A0632BE61BA4727684
                                                                                                                              SHA1:1E1A5AB47E4C2B3C32C81690B94954B7612BB493
                                                                                                                              SHA-256:A41BEDE183FA1C70318332D6BC54EF13817AEEE6D52B3AB408F95FA532B809F1
                                                                                                                              SHA-512:3F86180CC085DC8C9F6D3C72F5CCC0F5A0C9048343EDAF62239EB4B038799845388898408ED7E8EAC5D015A9BC42FF428F74585F64F5D3467DDDB1303BAF4F03
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....8d..........." .........................................................0......<'....`.........................................`...<............ ...................=..............T............................................................................rdata..8...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19720
                                                                                                                              Entropy (8bit):6.99002101391893
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:J1W1hWA5OZkum0GftpBjNuCm3Sbsl4aRGWDk:JM7oViKCPpt
                                                                                                                              MD5:6C88D0006CF852F2D8462DFA4E9CA8D1
                                                                                                                              SHA1:49002B58CB0DF2EE8D868DEC335133CF225657DF
                                                                                                                              SHA-256:D5960C7356E8AB97D0AD77738E18C80433DA277671A6E89A943C7F7257FF3663
                                                                                                                              SHA-512:D081843374A43D2E9B33904D4334D49383DF04EE7143A8B49600841ECE844EFF4E8E36B4B5966737AC931ED0350F202270E043F7003BF2748C5418D5E21C2A27
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....G.#.........." .........................................................0............`.......................................................... ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22792
                                                                                                                              Entropy (8bit):6.834980539632574
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:VpdkKBcyhW1hWBeI2WksSrCjdks/nGfe4pBjSYs//rvvW5RKTt3E2sVWQ4GWdziZ:/uyhW1hWk3szm0GftpBjsum3SiclPXOA
                                                                                                                              MD5:D53637EAB49FE1FE1BD45D12F8E69C1F
                                                                                                                              SHA1:C84E41FDCC4CA89A76AE683CB390A9B86500D3CA
                                                                                                                              SHA-256:83678F181F46FE77F8AFE08BFC48AEBB0B4154AD45B2EFE9BFADC907313F6087
                                                                                                                              SHA-512:94D43DA0E2035220E38E4022C429A9C049D6A355A9CB4695AD4E0E01D6583530917F3B785EA6CD2592FDD7B280B9DF95946243E395A60DC58EC0C94627832AEB
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d.....(j.........." .........................................................@......O{....`..........................................................0...................=..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19208
                                                                                                                              Entropy (8bit):6.968498181647119
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:sfW1hWiQcvHCjdks/nGfe4pBjSY6Na3sAW5RKTt3E2sVWQ4GWIjcyqnaj/6g6dqd:sfW1hWPQim0GftpBjzim3StltFpn
                                                                                                                              MD5:C712515D052A385991D30B9C6AFC767F
                                                                                                                              SHA1:9A4818897251CACB7FE1C6FE1BE3E854985186AD
                                                                                                                              SHA-256:F7C6C7EA22EDD2F8BD07AA5B33CBCE862EF1DCDC2226EB130E0018E02FF91DC1
                                                                                                                              SHA-512:B7D1E22A169C3869AA7C7C749925A031E8BDD94C2531C6FFE9DAE3B3CD9A2EE1409CA26824C4E720BE859DE3D4B2AF637DD60308C023B4774D47AFE13284DCD2
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d................" .........................................................0............`............................................."............ ...................=..............T............................................................................rdata..2...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20744
                                                                                                                              Entropy (8bit):6.988912266221658
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:Mq6nWm5CZW1hW6am0GftpBjToIm3S7ltFps:R6nWm5CIcViCIk
                                                                                                                              MD5:F0D507DE92851A8C0404AC78C383C5CD
                                                                                                                              SHA1:78FA03C89EA12FF93FA499C38673039CC2D55D40
                                                                                                                              SHA-256:610332203D29AB218359E291401BF091BB1DB1A6D7ED98AB9A7A9942384B8E27
                                                                                                                              SHA-512:A65C9129EE07864F568C651800F6366BCA5313BA400814792B5CC9AA769C057F357B5055988C414E88A6CD87186B6746724A43848F96A389A13E347EF5064551
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...#..j.........." .........................................................0............`.......................................................... ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19720
                                                                                                                              Entropy (8bit):6.948901824610626
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:0Y3eBW1hWeXRm0GftpBjI6xIm3S006lD16hU:EQzVi66xI+
                                                                                                                              MD5:F9E20DD3B07766307FCCF463AB26E3CA
                                                                                                                              SHA1:60B4CF246C5F414FC1CD12F506C41A1043D473EE
                                                                                                                              SHA-256:AF47AEBE065AF2F045A19F20EC7E54A6E73C0C3E9A5108A63095A7232B75381A
                                                                                                                              SHA-512:13C43EEE9C93C9F252087CB397FF2D6B087B1DC92A47BA5493297F080E91B7C39EE5665D6BDC1A80E7320E2B085541FC798A3469B1F249B05DEE26BBBB6AB706
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d.....#..........." .........................................................0......]N....`.......................................................... ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19208
                                                                                                                              Entropy (8bit):7.029158368882181
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:eW1hWmL+49Cjdks/nGfe4pBjSbRIdnV7IGW5RKTt3E2sVWQ4OWVZsqnajkZtTT2N:eW1hWJ4wm0GftpBjpnVMLm3SDlmToDr
                                                                                                                              MD5:AB206F2943977256CA3A59E5961E3A4F
                                                                                                                              SHA1:9C1DF49A8DBDC8496AC6057F886F5C17B2C39E3E
                                                                                                                              SHA-256:B3B6EE98ACA14CF5BC9F3BC7897BC23934BF85FC4BC25B7506FE4CD9A767047A
                                                                                                                              SHA-512:BACCC304B091A087B2300C10F6D18BE414ABB4C1575274C327104AABB5FDF975BA26A86E423FDA6BEFB5D7564EFFAC0C138EB1BAD2D2E226131E4963C7AAC5BD
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d................" .........................................................0......K.....`.............................................e............ ...................=..............T............................................................................rdata..u...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):27912
                                                                                                                              Entropy (8bit):6.630573984882858
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:SQUbM4Oe59Ckb1hgmLNW1hWzXRm0GftpBjDm3SBulJr6:SRMq59Bb1jEAViFla2
                                                                                                                              MD5:4DD7A61590D07500704E7E775255CB00
                                                                                                                              SHA1:8B35EC4676BD96C2C4508DC5F98CA471B22DEED7
                                                                                                                              SHA-256:A25D0654DEB0CEA1AEF189BA2174D0F13BDF52F098D3A9EC36D15E4BFB30C499
                                                                                                                              SHA-512:1086801260624CF395BF971C9FD671ABDDCD441CCC6A6EAC55F277CCFBAB752C82CB1709C8140DE7B4B977397A31DA6C9C8B693AE92264EB23960C8B1E0993BD
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...+H............" .........,...............................................P......*@....`..............................................%...........@...............0...=..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26888
                                                                                                                              Entropy (8bit):6.6336781806240035
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:my+Kr6aLPmIHJI6/CpG3t2G3t4odXLNW1hWOQim0GftpBjk8Cm3SqlM7:mZKrZPmIHJI6aDfVim8Cr
                                                                                                                              MD5:4E033CFEE32EDF6BE7847E80A5114894
                                                                                                                              SHA1:91EEF52C557AEFD0FDE27E8DF4E3C3B7F99862F2
                                                                                                                              SHA-256:DFF24441DF89A02DDE1CD984E4D3820845BAFDFF105458ED10D510126117115B
                                                                                                                              SHA-512:E1F3D98959D68EF3D7E86AC4CB3DBDF92A34FCFD1BF0E0DB45DB66C65AF0162AB02926DC5D98C6FC4A759A6010026EE26A9021C67C0190DA941A04B783055318
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...V..*.........." .........(...............................................P.......q....`.............................................. ...........@...............,...=..............T............................................................................rdata...".......$..................@..@.rsrc........@.......(..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19720
                                                                                                                              Entropy (8bit):6.972767516542363
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:wKwW1hWe0sngm0GftpBjaxm3S+crlndaVrQOpt:RVngVik5W
                                                                                                                              MD5:595D79870970565BE93DB076AFBE73B5
                                                                                                                              SHA1:EC96F7BEEAEC14D3B6C437B97B4A18A365534B9B
                                                                                                                              SHA-256:FC50A37ACC35345C99344042D7212A4AE88AA52A894CDA3DCB9F6DB46D852558
                                                                                                                              SHA-512:152849840A584737858FC5E15F0D7802786E823A13EC5A9FC30EE032C7681DEAF11C93A8CFFEAD82DC5F73F0CD6F517F1E83B56D61D0E770CBB20E1CFFF22840
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...*j............" .........................................................0............`.............................................x............ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):23304
                                                                                                                              Entropy (8bit):6.842580906884736
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:VtYr7zW1hW+Qim0GftpBjOIzpm3Sel4aRGWN:Vmr7W3fVigqpHi
                                                                                                                              MD5:8B9B0D1C8B0E9D4B576D42C66980977A
                                                                                                                              SHA1:A19ACEFA3F95D1B565650FDBC40EF98C793358E9
                                                                                                                              SHA-256:371A44AB91614A8C26D159BEB872A7B43F569CB5FAC8ADA99ACE98F264A3B503
                                                                                                                              SHA-512:4B1C5730A17118B7065FADA3B36944FE4E0260F77676B84453EE5042F6F952A51FD99DEBCA835066A6D5A61BA1C5E17247551340DD02D777A44BC1CAE84E6B5F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....V.4.........." .........................................................@............`.............................................4............0...................=..............T............................................................................rdata..D...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):24840
                                                                                                                              Entropy (8bit):6.792113276202437
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:cZpFVhHW1hWdam0GftpBjFufm3SOFl4aRGWs:goNViuz/
                                                                                                                              MD5:76E0A89C91A28CF7657779D998E679E5
                                                                                                                              SHA1:982B5DA1C1F5B9D74AF6243885BCBA605D54DF8C
                                                                                                                              SHA-256:0189CBD84DEA035763A7E52225E0F1A7DCEC402734885413ADD324BFFE688577
                                                                                                                              SHA-512:D75D8798EA3C23B3998E8C3F19D0243A0C3A3262CFFD8BCEE0F0F0B75F0E990C9CE6644150D458E5702A8AA51B202734F7A9161E795F8121F061139AD2EA454F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d....Z?..........." ......... ...............................................@............`.............................................a............0...............$...=..............T............................................................................rdata..a...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):24840
                                                                                                                              Entropy (8bit):6.781450882014829
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:L6S5yguNvZ5VQgx3SbwA71IkFhIFViahxeX:Ll5yguNvZ5VQgx3SbwA71I6yVNfy
                                                                                                                              MD5:96DA689947C6E215A009B9C1ECA5AEC2
                                                                                                                              SHA1:7F389E6F2D6E5BEB2A3BAF622A0C0EA24BC4DE60
                                                                                                                              SHA-256:885309EB86DCCD8E234BA05E13FE0BF59AB3DB388EBFBF6B4FD6162D8E287E82
                                                                                                                              SHA-512:8E86FA66A939FF3274C2147463899DF575030A575C8F01573C554B760A53B339127D0D967C8CF1D315428E16E470FA1CC9C2150BB40E9B980D4EBF32E226EE89
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...|P=z.........." ......... ...............................................@............`..........................................................0...............$...=..............T............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21256
                                                                                                                              Entropy (8bit):6.916930865406901
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:nUW1hW23szm0GftpBjHCm3SVZkl4aRGWe:3N8zVipCxZxz
                                                                                                                              MD5:6B33B34888CCECCA636971FBEA5E3DE0
                                                                                                                              SHA1:EE815A158BAACB357D9E074C0755B6F6C286B625
                                                                                                                              SHA-256:00AC02D39B7B16406850E02CA4A6101F45D6F7B4397CC9E069F2CE800B8500B9
                                                                                                                              SHA-512:F52A2141F34F93B45B90EB3BBCDB64871741F2BD5FED22EAAF35E90661E8A59EBA7878524E30646206FC73920A188C070A38DA9245E888C52D25E36980B35165
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d................" .........................................................0............`.......................................................... ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19208
                                                                                                                              Entropy (8bit):7.018564704523169
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:RfVW1hWfFm0GftpBjaDRm3SY6vlgCohaQ:RfsQViklwHj
                                                                                                                              MD5:54F27114EB0FDA1588362BB6B5567979
                                                                                                                              SHA1:EAA07829D012206AC55FB1AF5CC6A35F341D22BE
                                                                                                                              SHA-256:984306A3547BE2F48483D68D0466B21DDA9DB4BE304BEDC9FFDB953C26CAC5A1
                                                                                                                              SHA-512:18D2BDCE558655F2088918241EFDF9297DFE4A14A5D8D9C5BE539334AE26A933B35543C9071CEDADA5A1BB7C2B20238E9D012E64EB5BBF24D0F6B0B726C0329D
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d..............." .........................................................0......= ....`.............................................^............ ...................=..............T............................................................................rdata..n...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):778058
                                                                                                                              Entropy (8bit):5.519353911241615
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:NzGHcTnh3Zhn1DCqKeTryTosQNRs54PK4IOtB1FVi+Z7f6ED9OA2LYVLx0:FGHc8TosQNRs54PK4IOPVi+Z7f6ED9Vm
                                                                                                                              MD5:315404F3AB6B0B556C39B6D16A35862B
                                                                                                                              SHA1:0B79B6BDBDFC16BCCC63A42F3D37BA3F90B174B8
                                                                                                                              SHA-256:E38234C9BBB5A65B3327F6469A969A50E91DF3A127FC7744F9EE1437AC5FD163
                                                                                                                              SHA-512:04229C445EE5B1E70B807ED57F0E804DBD12892FFBF7E5E053F464BBC0BF9903CA47EEB33A7AA81031484C9EBF2D7F305A0741FC68AC5E2ECE0F7EF395143AC1
                                                                                                                              Malicious:false
                                                                                                                              Preview:PK..........!...N............._bootlocale.pycB..........S..{.................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJy.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.....)...sys..flags..utf8_mode.._locale.._getdefaultlocale)...do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc................C........d.S.).N..UTF-8r....).r....r....r....r....r...............c................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).N..UTF-8r....).r....r....r......localer....).r....r....r....r....r....r.....................c................C....6...|.r.t...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).N..UTF-8..darwin)...AssertionErro
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3418112
                                                                                                                              Entropy (8bit):6.098119032866237
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:98304:wT+8Nd1q7F3aLOw8+CzCO1CPwDv3uFfJvcA:ybNd1q7FqLQ+CzCO1CPwDv3uFfJv
                                                                                                                              MD5:947A5A5D5DB41D8BB10F51AD3C9D7915
                                                                                                                              SHA1:68B196E55F8C0757F7BA92A0EDF4930C9188C9A5
                                                                                                                              SHA-256:1E31F353F9A68C7398212F62F463943B043790ECF868004A7B48413D541F0855
                                                                                                                              SHA-512:F21BC201419B3718DC05EEB51F26758EBABCEB1CBF6A0B5BF802DBD151DDAD12FEF4C6DCED43A15F51BBCE48776E241EB9A1D7FA09A7A5DB97FA63A4A0853A2B
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x..t...t...t.......t......t......t......t......t......t...t..ht...t...t..U...v..U....t..U....t..U....t..Rich.t..................PE..d.....0a.........." ......$..........p........................................4...........`..........................................D/..h....3.,....04.|....02..............@4..O....,.8.............................,...............3..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data....y....1..,....1.............@....pdata..$....02.......1.............@..@.idata..t"....3..$....3.............@..@.00cfg....... 4.......3.............@..@.rsrc...|....04.......3.............@..@.reloc...x...@4..z....3.............@..B........................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):34522650
                                                                                                                              Entropy (8bit):6.339261413106508
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:196608:a9sVdH4N8LpmPcp58QEQsBNtECsNKG+oroM8UrQgZ51oxFrA/cBflN1uVUrGcmbF:aIU6RmfvkWY
                                                                                                                              MD5:03FA95071F4CF806E29C3E885F036F72
                                                                                                                              SHA1:8BA6C2A0C973AB1DF982B984DDB174B848D4B2AE
                                                                                                                              SHA-256:6150B5F2FAB6CE3FA873E9B575DDEC483CEB6BD08B0DD4232DB0441784FF409A
                                                                                                                              SHA-512:426FE75C1B9A5F8F7523C268BA2BF869D1F78085E909DBACCA535A6EE827A0C5A6B2C136A7DB99B752BD6C8B12E04651F9362B9249D91EBD35BB226025C956FF
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Jn.a....V.....& ............z..0..........j.............................0................ .........................................T....p..t................#...............H...........................o..(...................(u...............................text.............................`..`.data...0.........................@.`..rdata..............................@.`@.pdata...#.......$..................@.0@.xdata..h!......."..................@.0@.bss.....z...@........................`..edata..T...........................@.0@.idata..t....p......................@.0..CRT....`...........................@.@..tls................................@.@..reloc...H.......J..................@.0B/4......p...........................@.PB/19.................................@..B/31...... ......."..................@..B/45......M.......N..................@..B/57.....
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):683520
                                                                                                                              Entropy (8bit):5.496102937385428
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:G5sTa/5QsT9P6tvzJbsgClRubEGYi2k700Zn+1DbXSdLTAMYmeU2lvz:A5HStvzJdv00ZKPAkYeU2lvz
                                                                                                                              MD5:5CA29DC1E107A175B5952C7CB63B643F
                                                                                                                              SHA1:5A961515CC01A56D92D278AF2DDEE3D58D8F98A4
                                                                                                                              SHA-256:96FCF0476318C33B5D3D873D906416085CB988CE937927FEC6BD4DF3630ACECD
                                                                                                                              SHA-512:3DAFD633AF5BEBEEC273E76EF0D5DDC400A6BE0D504AC20D3E5FD821299A437593F02FA6CCA87E1F15AAE7993F99B34AFFA5AB712B860A1006898EF838201DB9
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5C..q"kTq"kTq"kTxZ.T}"kT#JjUs"kT*JjUs"kT#JnUz"kT#JoUy"kT#JhUr"kT.KjUr"kTq"jT.#kT.KoU]"kT.KkUp"kT.K.Tp"kT.KiUp"kTRichq"kT........PE..d.....0a.........." .....,...H.......%....................................................`..............................................N..05..........s........K..............\.......8............................................ ..0............................text....+.......,.................. ..`.rdata...%...@...&...0..............@..@.data...!M...p...D...V..............@....pdata...T.......V..................@..@.idata...V... ...X..................@..@.00cfg...............H..............@..@.rsrc...s............J..............@..@.reloc..@............R..............@..B................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):6065952
                                                                                                                              Entropy (8bit):6.6463891622960976
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:Z+Uw5pDgPAnxE5I0UEjmCfK+KvqvH+K26AnLzYJMKDBONlPElQPcukuSwIbFLOAB:wc1AnqGnEuoFLOAkGkzdnEVomFHKnPg
                                                                                                                              MD5:639DB7FE67E2E15D069A62C0EF4A971C
                                                                                                                              SHA1:BDBF2517678F9066C4553E6FDACE0A366929185C
                                                                                                                              SHA-256:760308CF8BEDAEBC4500049622D08DDCACA0024ACBD3B6BDCA1618EC48A91597
                                                                                                                              SHA-512:83CD3E89DDAC3915686BCEEC25654F0A35FE66A1C27D95BCFD3B44BDC01DED0DF9BEB525E0604522F61D58183546AF63FFDD60F90E5BFFD648774169832D2335
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........Y.J.7.J.7.J.7..2..K.7..2.K.7..2.H.7..2.._.7.C...^.7.q.6.H.7.q.3.F.7.q.2.\.7..2..Y.7.J.6.J.7.q.4.L.7.q.>...7.q.7.K.7.q..K.7.q.5.K.7.RichJ.7.........................PE..d....Z.........." .....R0...,..............................................0]......J]...`A........................................@.A.......A...... F.......C..O...P\. ?....[..o.. t5.8...................Xt5.(....u1..............p0.P.....@......................text....P0......R0................. ..`.rdata..B....p0......V0.............@..@.data...pi...@B...... B.............@....pdata...O....C..P....B.............@..@.didat..H.....F......@E.............@....tls..........F......FE.............@....rsrc........ F......HE.............@..@.reloc...o....[..p....Z.............@..B........................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):113664
                                                                                                                              Entropy (8bit):6.250235708072935
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:v/+iw0V0PgnvasZNum6oUG4Xg8WPylH/j1zxU1Dk:0gnvasZ6W4Xg8LH/j1zK1
                                                                                                                              MD5:D4CF214F95D18FA8A0A83AA270A5E684
                                                                                                                              SHA1:FD8F152543017CF39EEE565672B6D13070B3A1F4
                                                                                                                              SHA-256:6F626B0A096931AF4061F8564A14389891CBCC4AF18E5D58DA324C8D5F7ACE13
                                                                                                                              SHA-512:CC4A2800259855DB53CFD609C8B353FA687D2FC3C5C9AF665E9CD225F8FE50A6E8F31685753D7CF8A2D97F1DA11CC8D83CEF97D2F030F63BD17E5869EBF86E5E
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.06:~^e:~^e:~^e3..e0~^eh._d8~^e_._d8~^e..e;~^eh.[d6~^eh.Zd2~^eh.]d8~^e. _d9~^e:~_e.~^e..Zd>~^e..Vd9~^e..^d;~^e...e;~^e..\d;~^eRich:~^e................PE..d...3n.a.........." .....H...v...........................................................`.................................................,...................................h...0j..............................Pj...............`...............................text...CG.......H.................. ..`.rdata..p7...`...8...L..............@..@.data...X).......$..................@....pdata..............................@..@.rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2946560
                                                                                                                              Entropy (8bit):6.549118738852757
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:bgPdwtSPxw2hTuCUY0FexPUTTXsw4+zJ2CwXCnoX:UAFeg+X
                                                                                                                              MD5:77ECE99350F61525EC2F3744730EBF12
                                                                                                                              SHA1:FCFB5E34DF3D4B55C76A2E455A453FDAB1E744D9
                                                                                                                              SHA-256:BB3B74FF8F180CC8E59DCDB3CF9953DA1594594EFF241CCA8BDDA066C6E65447
                                                                                                                              SHA-512:2CB0D48A4A44B9A7AEF3E0F7D91BA9E52472EB5FC8698CAE620B6751BA140FB0860A289F70E4369A37B63C3B1E8D5C38F0349BD812ED272BA4EAE854900B46D6
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......<.^.xd0.xd0.xd0.q...ld0.*.1.zd0...1.zd0.....yd0.*.5.td0.*.4.pd0.*.3.{d0..:1.zd0...1.{d0.xd1.e0...4.|d0...8.&d0...0.yd0.....yd0...2.yd0.Richxd0.........................PE..d...`n.a.........." ......!..J......0........................................@/...........`...........................................$.p... .$.,...../...... -.(............./.."....!............................. .!...............!.`............................text.....!.......!................. ..`.rdata...0....!..2....!.............@..@.data.........%.......$.............@....pdata..(.... -.......*.............@..@.rsrc........./.......,.............@..@.reloc..."..../..$....,.............@..B........................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):112640
                                                                                                                              Entropy (8bit):6.177377508523073
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:RAP0iIoEsbAqVXfPkZpQd47ryh8J+s6dq+b6IDaY+Y:yP0SbAukZpQd47GK+HbF8
                                                                                                                              MD5:FAA8804F0ABD1688113BB39A90F21452
                                                                                                                              SHA1:7F6260FA32B7B73317EB297675C53ED24FF6883B
                                                                                                                              SHA-256:7ADD16F3D1692B6AC9150A5464012FF500FEB4A904918DA8F1BB156B97F71AEE
                                                                                                                              SHA-512:3552D4B79E608EE81ABA61588AB6B1F9A8AF60DA251EE30DF1775E6A818A5EA38F90C37E68A0A82618A95045DDF006B6B01D4B8B634684B0084CBE4157B5CD13
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RV...7...7...7...O...7..D_...7..sQ...7..D_...7..D_...7..D_...7...i...7...7.."7...^...7...^...7...^...7...^...7..Rich.7..........PE..d...jn.a.........." .........8......d.....................................................`.........................................`...t......................T...............,...0...............................P................................................text...S........................... ..`.rdata..<........ ..................@..@.data...............................@....pdata..T...........................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):155648
                                                                                                                              Entropy (8bit):6.411271331624487
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:ciQQt1CqORMXgxF9P5akP02MviVq17unjybijc+tvgr+ey4SmjzE3B5ChAst:cijtcOXgxEkM28iVq17uwNbWB5q
                                                                                                                              MD5:A9D52CA5A4162D5DDFD21BD593B1B505
                                                                                                                              SHA1:7CEEE9F3C317AC639D489E5FD6E479B9E7BBAFF6
                                                                                                                              SHA-256:9284602E57C48E7787E8B333AD5B8003DBA3B0B3CBFEA1D8CE859FF64F5D32DD
                                                                                                                              SHA-512:2608F47F2433F83E89F6E30AB5CC23894315D08F0F8A5F61A819632DB889B3AB32F2E8374AECFE9BAF9DE04730D205B54A4124E8320DC186A44EB62E9814671B
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O..............V=......F.......H......,.i......F.......F.......F.......p.......G..........q....G.......G.......G.......GQ......G......Rich............PE..d...ln.a.........." .........x............................................................`..........................................-..h...X................`..,...............p...p...................................................(............................text...C........................... ..`.rdata...=.......>..................@..@.data........@.......,..............@....pdata..,....`.......D..............@..@.rsrc................\..............@..@.reloc..p............^..............@..B........................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21504
                                                                                                                              Entropy (8bit):5.530449799253143
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:rFhVUSXcPqAEqjxkcHfl7mxrAnvx0cMYmhw:3VU2cPXjxD0Snv4Ymh
                                                                                                                              MD5:CA7D0F7EB79ABBF55AC4FB7777A5DE48
                                                                                                                              SHA1:7788ED70D758620875FD5103B266BCABF569F5FA
                                                                                                                              SHA-256:AF88AE69381205E774A3BD5DF64F6F7D5194FF28DCC6CB0C7EA4F4CB86CB71F1
                                                                                                                              SHA-512:C77FF4128486A39F061267599E7D9DC6C8A3E44BB04C8C8BDD1EAF26492C8D3C14220D7E96E744603E9553701A927891801E8F8B2CE76ECE044FC06CF0586240
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.j...j...j...c...h...8o..h....a..h...8o..a...8o..b...8o..h....Y..h....n..i...j...W....n..k....n..k....nx.k....n..k...Richj...........PE..d...kn.a.........." .........(......d.....................................................`..........................................G..d...TH..x....p.......`..(...............@...PB..............................pB...............@...............................text....-.......................... ..`.rdata..P....@.......2..............@..@.data...h....P.......B..............@....pdata..(....`.......L..............@..@.rsrc........p.......P..............@..@.reloc..@............R..............@..B........................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):244736
                                                                                                                              Entropy (8bit):6.488006874629786
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:Cvh/FVlI/3vKX6JwlWwa2sidMYNjwT+b:W/lI/3vw6Jwl8WdMSjw
                                                                                                                              MD5:E190B2F0A03B62C4494A3D5FE1AAC43C
                                                                                                                              SHA1:B7BF86409CF244D626F425B2AECF417936F85224
                                                                                                                              SHA-256:9A5991CD9927E684EDF7092DC8EDCD3DFFAAB4AFB0E77510D20D8A3E247FB527
                                                                                                                              SHA-512:2E4E6E8AAA5A2A5517786CA650DD1CC6A3F10F56E10200A5640DC511A8F60FF0D8D28C870E4D92E0AF54CA61985F0E5CECAC9E6C5442B37BF2BED9413C1D6830
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C..............G.............................................,...........d...#.......#.......#.......#.+.....#.......Rich............................PE..d....n.a.........." ................D........................................ ............`.........................................pv.. ....~..x...............................H...@V..............................`V...............................................text............................... ..`.rdata..............................@..@.data....8......."..................@....pdata..............................@..@.rsrc...............................@..@.reloc..H...........................@..B........................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):181248
                                                                                                                              Entropy (8bit):6.146883652227752
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:U9U80Q7KQFrB6H8lT9dH0QiSHWQDnBYJ4hN6xxd/ShcPx6aIQD8bbIFy8Xp/RDXf:U9XCoBjH0Qx26xXx01v8QFyGLXyTPC/
                                                                                                                              MD5:7FBCCFE5D8D0EFDD64DF471D95379D32
                                                                                                                              SHA1:88173758CFD175872D72D07A89739ED99652C334
                                                                                                                              SHA-256:813D26D1EBC22F09990605EA8722AADD89059C1FAAC5C57C409D60FCA6F31F99
                                                                                                                              SHA-512:AED109B8DD6A6C1C77008160AD06A7859206101B0BB86C59CE9C5EAC0ED32E567B42A8E85D10E18F7CB56E4748092B5A7C46FF9793489D5E9F0A45DA8D8A84B5
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R...........P.........................................X.........N...W......W......W.<....W......Rich...........PE..d...rn.a.........." .....:..........d.....................................................`..........................................q..\....q..d...............................\....]...............................]...............P...............................text...s9.......:.................. ..`.rdata..h6...P...8...>..............@..@.data....M.......<...v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):685568
                                                                                                                              Entropy (8bit):6.32293542631095
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:ZIF5wUCcF3Dgu7AdFFkjwKWxLPHail2EsZ8YE:Zm5w/ecdFuPWN3l+F
                                                                                                                              MD5:C09FE6A8D61D9562217CF462F5B71ADF
                                                                                                                              SHA1:87E3FDCE8403300C41F9EFAFE60C4DBB448C9879
                                                                                                                              SHA-256:AD5198A4F9DE8B06D383D224690D340B6DF045932422503FFB1DFCAF94E5717B
                                                                                                                              SHA-512:A14930808D25293EE10FE315C127C0A734C85B6BA6DF39ED1E8E43F949A9AD6EE0A7296D11D8CD4387E93144297CE42C9C0DE7A5CD22D157F135AC30713DBD2F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........LFV.".V.".V."._..^."...#.T.".3.#.T."...'.Z."...&.^."...!.T."...#.U.".V.#.e."...&.Q."...*.W."...".W.".....W."... .W.".RichV.".........PE..d...zn.a.........." ................d.....................................................`.................................................<...................<'..............p....E...............................E..................h............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..<'.......(...@..............@..@.rsrc................h..............@..@.reloc..p............j..............@..B........................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):78848
                                                                                                                              Entropy (8bit):6.151327008965079
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:5SANQm22vwokQEbkzXNKvBwrWPgmdm8j0DMg:5P07Q+AXNKvBw80D
                                                                                                                              MD5:1170A7A9DECA4654A6AD49CF743C833C
                                                                                                                              SHA1:E6AD2C078DB7A424E2518D339E045472E65DA811
                                                                                                                              SHA-256:44B70A62C982313796D953161003983AF0F50C5FC857693109A45FD73493F78C
                                                                                                                              SHA-512:6155D625F26069C7A3C14024A70BD25D35E8E27951A4485719B3ACACD705B5FDB3D16C70A66A37F57DA58EA20430A8C82DABCF9F1D6F69F29ADC660B1B88EDC6
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..]<...<...<...5.L.8...n...>...Y...>...n...0...n...4...n...>.......?...<...........?.......=..... .=.......=...Rich<...................PE..d...mn.a.........." ................d.....................................................`.........................................@...`.......x....`.......P...............p..x....................................................................................text............................... ..`.rdata...3.......4..................@..@.data....<.......4..................@....pdata.......P.......&..............@..@.rsrc........`.......0..............@..@.reloc..x....p.......2..............@..B........................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):86528
                                                                                                                              Entropy (8bit):6.0615639530310705
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:nS42rXFd589cE5ZW2QDAeo+YetOWtaiKKB:nkrkcOZWRDzjYecKB
                                                                                                                              MD5:8C6785195F3CB087A942A8DD837191AD
                                                                                                                              SHA1:B92E7C70670D42CE610310273006060ED4D9BAAD
                                                                                                                              SHA-256:F989CC798C340F501EC623D479D903542CDDD4DD67DDF434EF6857CD7F33D6F4
                                                                                                                              SHA-512:BF25180EE3468717C2E237524654357339E440FABDA39F10D44D97006ECB554AA768F874BEA7CE4D71848734986BC74650E5B2D6C8A49861EF72656C21D1A946
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..P<y..<y..<y..5.G.>y..n...>y..Y...>y..n...0y..n...4y..n...>y...'..?y..<y...y......>y......=y....+.=y......=y..Rich<y..................PE..d...nn.a.........." ................d.....................................................`.............................................\...l...d....p.......`..8...............\.......................................................X............................text............................... ..`.rdata...).......*..................@..@.data....N.......F..................@....pdata..8....`.......B..............@..@.rsrc........p.......N..............@..@.reloc..\............P..............@..B........................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):71680
                                                                                                                              Entropy (8bit):5.97787981699014
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:KFHe6mwm4fnb2tdbVDYIPhNVrnOxZnesDmsHSATjxVBpzRHAydpOhiqiwenJ4jh7:NNwmTtV8I5NVwjTmYJ4jhoiX0Pj9UH
                                                                                                                              MD5:C1AF3FC9F8A115EC40629421C73A3DC9
                                                                                                                              SHA1:01EBB63307368CCFE9918C57E5873E588AA0CCBE
                                                                                                                              SHA-256:F7D92F34678DEBECBA0E670D689548C20D955D42724DEDB304BD6F6F2F2F8CC5
                                                                                                                              SHA-512:C168349D8280FCF0A890AC8E0A82D1285466A0DE5CDA9CD6AE7E44C08EFD4FFEEBD76C906781DFB291507ECA70E1527B3CA6A670A090AEDF0671D9604392C12E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..P<z..<z..<z..5.G.>z..n...>z..Y...>z..n...0z..n...4z..n...>z...$..?z..<z...z......>z......=z....+.=z......=z..Rich<z..........PE..d...mn.a.........." .........z......d........................................p............`.............................................\.......d....P.......@...............`..@... ...............................@...................p............................text...c........................... ..`.rdata...(.......*..................@..@.data....@.......8..................@....pdata.......@......................@..@.rsrc........P......................@..@.reloc..@....`......................@..B................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):53760
                                                                                                                              Entropy (8bit):5.874633292241952
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:wY4ISkigCozfghB5Xzv74ZMPhuhqUUq799voS2x9/nJ18KHbP9Jr2cIrBobacPJx:sHkigfgh3v4cxDfScbWagO
                                                                                                                              MD5:BA08EDB3F589DF02716E3A55E3A6AA32
                                                                                                                              SHA1:95228862BA0164B2BA1B9FCE37E0EB62B8975DAE
                                                                                                                              SHA-256:3B8142CB061F6B002DD5DEAAA1D3203BF15E186E0DD55C38844C5C881D0A96E9
                                                                                                                              SHA-512:CFF2A738D64F9389F1C34700D49822B0696F78EBD1852D239D74C561034588F6CE206D7062BD04850930E8F690C6EF8CFE79F80A45D0374AD4226348F8875C06
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..P=x..=x..=x..4.G.?x..o...?x..X...?x..o...1x..o...5x..o...?x...&..>x..=x...x......?x......<x....+.<x......<x..Rich=x..........................PE..d...on.a.........." .....~...Z......d........................................ ............`.........................................`...\.......d...............P...................@...............................`................................................text...C|.......~.................. ..`.rdata...#.......$..................@..@.data...@(....... ..................@....pdata..P...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):151552
                                                                                                                              Entropy (8bit):6.111095861468274
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:/JDE6S4pI8I8Oe/jw5CATq5Yocuq2+Warahk+4hgDPSSdF+Sx2+WarahYe0Efqx3:B/Se3I8O8FATqxcL2+Warahk+RdF+Sxg
                                                                                                                              MD5:5E01A4F7A276434377CA81F7ECE2D544
                                                                                                                              SHA1:79F914504411CC347C524327ADE5B4FA6DEA308B
                                                                                                                              SHA-256:D4A6986E23F5EB20488C43A57A13BBAB1EBB0C52D720E70DD624642DA6EB5EB7
                                                                                                                              SHA-512:F06309F142451B62846D242F982A9E9EA6ABBED859B38602E5DBAED43A0998D7279B1434D9F1340BB9BA023661CB24CC196A2F4E23180B721FA87CCA276A7533
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mQ....................................................X.........4...W......W......W......W......Rich...........PE..d...sn.a.........." .....n..........d.....................................................`.............................................h...x...d....p.......`...................... ...............................@................................................text....m.......n.................. ..`.rdata...M.......N...r..............@..@.data...........x..................@....pdata.......`.......8..............@..@.rsrc........p.......H..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):584704
                                                                                                                              Entropy (8bit):6.223503960680633
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:uDVjLr3Nbuf5bB8HPEn+pXSBSHISqwoSeWkSOKTSRS9SxeSqSWSJSTSOS5S1SgSm:uD5KB8HvL+TOenHV/DP+sET
                                                                                                                              MD5:60266EEAA1D791F013007B47B95DC650
                                                                                                                              SHA1:04E0A79976FA0BFACDAC777EF171CE52B4A5A0F8
                                                                                                                              SHA-256:B57BED4860416D9B2F67058AE6E210EBF76D49A63C771EA04A20297E01FD38F6
                                                                                                                              SHA-512:A610988B508322439110C8E9C72E771C44B18A7A18DF6BE06D5EA0FBF5E6754B9A14B5BC032E32567ABCD343207BBC9AFC9DF807667F800079AEA24CFAFA7E80
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........G.e...e...e....b..e.......e.......e.......e.......e.......e..z;...e...e...d..u....e..u....e..u....e..u....e..u....e..Rich.e..................PE..d....n.a.........." .................6.......................................@............`.........................................`.......h...x.... ..........P............0..h....................................................................................text............................... ..`.rdata..h...........................@..@.data........@.......,..............@....pdata..P...........................@..@.rsrc........ ......................@..@.reloc..h....0......................@..B................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):192000
                                                                                                                              Entropy (8bit):6.2542865144457735
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:/c/un825oz9YwWifUwuEaIRMrq3inIkhBIfsyLdKwvvV5XtyC/3IJVh:Ew75zw0w/JMrg+OsyLdl5dH
                                                                                                                              MD5:5DEFB41F10CD65540DF87B520ADEC750
                                                                                                                              SHA1:2870C497F7F3F99DE2B042AE6F528EECCE693ADF
                                                                                                                              SHA-256:EBA363E693D2F0F3C1D4BA9ABD481D4762BF9272B83C2CE223738FD868456F4C
                                                                                                                              SHA-512:615091B135C30BD9DFB10CE9F680D2E58973179D06B985291467901891186DC6FEB44EC8468DA09BFE6D010F9D24DB9209A899476C8BA9619F59751738C93493
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#jh.pjh.pjh.pc..p`h.p8..qhh.p8..qah.p8..qbh.p8..qhh.p...qhh.p...qih.pjh.p.h.p...qnh.p...qkh.p..vpkh.p...qkh.pRichjh.p................PE..d....:.^.........." ................h+....................................... ............`.........................................@...P.......................p.......................T...........................p................@...............................text....,.......................... ..`.rdata...{...@...|...2..............@..@.data...............................@....pdata..p...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:Python script, Non-ISO extended-ASCII text executable
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2088814
                                                                                                                              Entropy (8bit):5.390240992955731
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:EnRYHcRIrwRuRiPmgdo/+lR9RuRiPmado/+lRcATxKCwtikpAEY9QfI:ORYHcRILATxKCwtikpAEY9QfI
                                                                                                                              MD5:90E12A880155169265874A7C6E752331
                                                                                                                              SHA1:5301F51E01CE0E1499E7D15BED6D54BC95A10C1A
                                                                                                                              SHA-256:D731617E9A95065375A7D6A0F2CD4B6981FAF67F8D5E1DB6ADD361AFD57BDFD1
                                                                                                                              SHA-512:D352EDDD60B301C6201C115D02DA526F50B8318EB0B184D3891AF6729892BC8EC854253E9B5B02D92547794E46844CAF88E5DDE7406182099E6270B2EF12C91D
                                                                                                                              Malicious:false
                                                                                                                              Preview:# -*- coding: mbcs -*-.# Created by makepy.py version 0.5.01.# By python version 3.7.6 (default, Jan 8 2020, 20:23:39) [MSC v.1916 64 bit (AMD64)].# From type library 'femap.tlb'.# On Tue Aug 8 11:38:44 2023.'Simcenter. Femap. v2306.0 Type Library'.makepy_version = '0.5.01'.python_version = 0x30706f0..import win32com.client.CLSIDToClass, pythoncom, pywintypes.import win32com.client.util.from pywintypes import IID.from win32com.client import Dispatch..# The following 3 lines may need tweaking for the particular server.# Candidates are pythoncom.Missing, .Empty and .ArgNotFound.defaultNamedOptArg=pythoncom.Empty.defaultNamedNotOptArg=pythoncom.Empty.defaultUnnamedArg=pythoncom.Empty..CLSID = IID('{08F336B3-E668-11D4-9441-001083FFF11C}').MajorVersion = 23.MinorVersion = 20.LibraryFlags = 8.LCID = 0x0..class constants:..CTRLDEF_BLANK =0 # from enum CTRLDEF..CTRLDEF_MILDLY =2 # from enum CTRLDEF..CTRLDEF_QLINEAR =1 #
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2222126
                                                                                                                              Entropy (8bit):5.395838412567931
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:fvZDizfV9VhMtNFZ1cag4HUFz4RMQoBh+wYr/WIMSt2Jwi63sub:nhizfDM31g4HSMed+wMeI2wXVb
                                                                                                                              MD5:5C88FE0414DC002C578BEC9EC47FE884
                                                                                                                              SHA1:ADFD1BE52AEEBD92C0149A9052510996776FE77B
                                                                                                                              SHA-256:43F3AB9FB604C61DBA6E0812147D953A6FB72F2E634FB6D8AE5940DDAF4ED5ED
                                                                                                                              SHA-512:95A37A14870C8F659E77BECD6C9065C2C9EB2F203E0FA503197F649E04DC575718254732EB368DFC3CD2702A4056E0FF59AB7887EDD42734D2E869AA976CE7D7
                                                                                                                              Malicious:false
                                                                                                                              Preview:...........en.........................."....d.Z.d.Z.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...e.j...................Z.e.j...................Z.e.j...................Z...e.d.........Z.d.Z.d.Z.d.Z.d.Z...G.d...d.........Z.d.d.l.m.Z.....G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d ..d!e.........Z...G.d"..d#e.........Z ..G.d$..d%e.........Z!..G.d&..d'e.........Z"..G.d(..d)e.........Z#..G.d*..d+e.........Z$..G.d,..d-e.........Z%..G.d...d/e.........Z&..G.d0..d1e.........Z'..G.d2..d3e.........Z(..G.d4..d5e.........Z)..G.d6..d7e.........Z*..G.d8..d9e.........Z+..G.d:..d;e.........Z,..G.d<..d=e.........Z-..G.d>..d?e.........Z...G.d@..dAe.........Z/..G.dB..dCe.........Z0..G.dD..dEe.........Z1..G.dF..dGe.........Z2..G.dH..dIe.........Z3..G.dJ..dKe.........Z4..G.dL..dMe.........Z5..G.dN..dOe.........Z6..G.dP..dQe.........Z7..G.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:python 3.7 byte-compiled
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1891954
                                                                                                                              Entropy (8bit):5.09681858802905
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:GvjuyBUYn1X51mZNcwOb7IsFhYsyF4WKZqDomUTnqR:6jtUY1X51CNvObEsF+F4WKaG+
                                                                                                                              MD5:CCF9273218813B5692760E6AC790F0CD
                                                                                                                              SHA1:CEA8CE175B7A045F21CFD75D290E621C39EA97CC
                                                                                                                              SHA-256:F8D050DF708FE1C5B8F9DC7920A44172413A0920B9D68BBD6BDCC8751B9CB43B
                                                                                                                              SHA-512:CF996A0551430F57FF4ED87DC27B22F1A5212B30ED5D7ADE3B481F2BB241A6BD0289ADA28D367FBAABDFB1219C4720E3A00A49AFFB4F1A1B41EC9AD668C3496C
                                                                                                                              Malicious:false
                                                                                                                              Preview:B.......{..en....................@...s....d.Z.d.Z.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...e.j.Z.e.j.Z.e.j.Z.e.d...Z.d.Z.d.Z.d.Z.d.Z.G.d.d...d...Z.d.d.l.m.Z...G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d d!..d!e...Z.G.d"d#..d#e...Z G.d$d%..d%e...Z!G.d&d'..d'e...Z"G.d(d)..d)e...Z#G.d*d+..d+e...Z$G.d,d-..d-e...Z%G.d.d/..d/e...Z&G.d0d1..d1e...Z'G.d2d3..d3e...Z(G.d4d5..d5e...Z)G.d6d7..d7e...Z*G.d8d9..d9e...Z+G.d:d;..d;e...Z,G.d<d=..d=e...Z-G.d>d?..d?e...Z.G.d@dA..dAe...Z/G.dBdC..dCe...Z0G.dDdE..dEe...Z1G.dFdG..dGe...Z2G.dHdI..dIe...Z3G.dJdK..dKe...Z4G.dLdM..dMe...Z5G.dNdO..dOe...Z6G.dPdQ..dQe...Z7G.dRdS..dSe...Z8G.dTdU..dUe...Z9G.dVdW..dWe...Z:G.dXdY..dYe...Z;G.dZd[..d[e...Z<G.d\d]..d]e...Z=G.d^d_..d_e...Z>G.d`da..dae...Z?G.dbdc..dce...Z@G.ddde..dee...ZAG.dfdg..dge...ZBG.dhdi..die...ZCG.djdk..dke...ZDG.dldm..dme...ZEG.dndo..doe...ZFG.dpdq..dqe...ZGG.drds..dse...ZHG.dtdu
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:Python script, ASCII text executable
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):133
                                                                                                                              Entropy (8bit):4.962322257742899
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:JSnIcN1MoVKBeAIpSTFYkOAuUaArXIoBp+Zk1XWD2pHLwjEMLNMn:kl1rVQfIiie4mp+adW0HLaNMn
                                                                                                                              MD5:0D6885BC28CFE51ED817FFAE72AB214E
                                                                                                                              SHA1:A64018BE1D7075606536401DEA8044152F21991C
                                                                                                                              SHA-256:46F4F91D9B10F076F22017385EF6335A67460C336828F03D4CD7B257D65D553B
                                                                                                                              SHA-512:598CD8C2B156A96A0A5738A60BFA3FC7AB79AF0880738E0DED48D2AFDCBBB85DBD18AFBD72C45AF487EADC0C76CA90A06C73E9A04F0017007869871B69BDB718
                                                                                                                              Malicious:false
                                                                                                                              Preview:import sys.from win32com.client import makepy.sys.argv = ["makepy", "-o Pyfemap.py", r"C:\Siemens\FEMAP2306\femap.tlb"].makepy.main()
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:Python script, ASCII text executable
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1316632
                                                                                                                              Entropy (8bit):5.37237398159939
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:qWg7RYHcRImDF+GYMcfDwrPqwAUCwt/+eg1mhAs5Pk9IBwTj9QFdBU0y+z8WTG:qdRYHcRImlAUCwt/+/9QRu
                                                                                                                              MD5:149647F32C6E9B1527ABC6DFA271F980
                                                                                                                              SHA1:1A0BF3DA6BBB007EF5DD70E359C919E1CE7A63C2
                                                                                                                              SHA-256:33F94A7AEC787F8237157F947B27A06DBE31DB5DCFEE06DBE4D0D5116558D2C5
                                                                                                                              SHA-512:9FF955BF85AC381E3588C223F8DAAE74002D40AD49EE33DCB3F900EBB4E6CB72CA9F2553E9E53FA55258E5B17C7E4A0FEB03890ACB8E716DC51E90BED79B4725
                                                                                                                              Malicious:false
                                                                                                                              Preview:# -*- coding: mbcs -*-.# Created by makepy.py version 0.5.00.# By python version 2.6.6 (r266:84297, Aug 24 2010, 18:46:32) [MSC v.1500 32 bit (Intel)].# From type library 'femap.tlb'.# On Mon Dec 12 16:59:55 2016."""Femap v11.3.1 Type Library""".makepy_version = '0.5.00'.python_version = 0x20606f0..import win32com.client.CLSIDToClass, pythoncom, pywintypes.import win32com.client.util.from pywintypes import IID.from win32com.client import Dispatch..# The following 3 lines may need tweaking for the particular server.# Candidates are pythoncom.Missing, .Empty and .ArgNotFound.defaultNamedOptArg=pythoncom.Empty.defaultNamedNotOptArg=pythoncom.Empty.defaultUnnamedArg=pythoncom.Empty..CLSID = IID('{08F336B3-E668-11D4-9441-001083FFF11C}').MajorVersion = 11.MinorVersion = 31.LibraryFlags = 8.LCID = 0x0..class constants:..AERO_PNL_BODY =1 # from enum zAeroPanelType..AERO_PNL_SURF =0 # from enum zAeroPanelType..FAL_CENTER =1
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:Python script, ASCII text executable
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1442280
                                                                                                                              Entropy (8bit):5.3724381961036904
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:p6SRYHcRI39F+GYMcfqyrdLZAUCwtnnKge/FAB5Pd59fBiT49QIFMjCy+zn8BF:XRYHcRI30AUCwtnnzf9QXR
                                                                                                                              MD5:99F0E41D888B35CA55D7A5A06A0C25E8
                                                                                                                              SHA1:810546F4AAC7CCA50A9F10B4B7E4CCE1AFE23A33
                                                                                                                              SHA-256:700F73DD238EFC1152F8D9B7B78CB286B7348818AC22974341BB789F8D83F243
                                                                                                                              SHA-512:CE3CEB8590184A5F0F4D082704A1394BBEBC560C16F93ECF15DAE72581DFF136869ADED891FA889D36AB5E323A44D9D9C242D93308F39C63A137CD88EBDEB35D
                                                                                                                              Malicious:false
                                                                                                                              Preview:# -*- coding: mbcs -*-.# Created by makepy.py version 0.5.01.# By python version 3.5.2 |Anaconda 4.2.0 (64-bit)| (default, Jul 5 2016, 11:41:13) [MSC v.1900 64 bit (AMD64)].# From type library 'femap.tlb'.# On Tue Oct 24 13:36:45 2017.'Femap v11.4.1 Type Library'.makepy_version = '0.5.01'.python_version = 0x30502f0..import win32com.client.CLSIDToClass, pythoncom, pywintypes.import win32com.client.util.from pywintypes import IID.from win32com.client import Dispatch..# The following 3 lines may need tweaking for the particular server.# Candidates are pythoncom.Missing, .Empty and .ArgNotFound.defaultNamedOptArg=pythoncom.Empty.defaultNamedNotOptArg=pythoncom.Empty.defaultUnnamedArg=pythoncom.Empty..CLSID = IID('{08F336B3-E668-11D4-9441-001083FFF11C}').MajorVersion = 11.MinorVersion = 41.LibraryFlags = 8.LCID = 0x0..class constants:..AERO_PNL_BODY =1 # from enum zAeroPanelType..AERO_PNL_SURF =0 # from enum zAeroPanelType..FAL_CENTER
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:Python script, Non-ISO extended-ASCII text executable
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1800275
                                                                                                                              Entropy (8bit):5.383934124740048
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:6nRYHcRIIkRuRiPm2do/+lRORuRiPm6do/+lRUATxKCwtiksRoC9QOz:8RYHcRI3ATxKCwtiksRoC9QOz
                                                                                                                              MD5:261039EC3DA93FCEC0B824BDEF439F18
                                                                                                                              SHA1:F3E9FF9FD36F15C6C0CD32D19B01017EAA4D16EE
                                                                                                                              SHA-256:6A5641107B1997F950B776E6C941BEF261129A70F009BDC7ABD89944D790C0B4
                                                                                                                              SHA-512:73A6EA4D4FAA0854D0B1889E4485B79D3EE9052D1C6617FFCC917B764193B3717C7E135BB99B87261FDDA2CD86E62D8294B69E60EBDECA5E9D2B9239AC0969EB
                                                                                                                              Malicious:false
                                                                                                                              Preview:# -*- coding: mbcs -*-.# Created by makepy.py version 0.5.01.# By python version 3.6.12 |Anaconda, Inc.| (default, Sep 9 2020, 00:29:25) [MSC v.1916 64 bit (AMD64)].# From type library 'femap.tlb'.# On Fri May 14 15:44:14 2021.'Simcenter. Femap. v2020.2.2 Type Library'.makepy_version = '0.5.01'.python_version = 0x3060cf0..import win32com.client.CLSIDToClass, pythoncom, pywintypes.import win32com.client.util.from pywintypes import IID.from win32com.client import Dispatch..# The following 3 lines may need tweaking for the particular server.# Candidates are pythoncom.Missing, .Empty and .ArgNotFound.defaultNamedOptArg=pythoncom.Empty.defaultNamedNotOptArg=pythoncom.Empty.defaultUnnamedArg=pythoncom.Empty..CLSID = IID('{08F336B3-E668-11D4-9441-001083FFF11C}').MajorVersion = 20.MinorVersion = 22.LibraryFlags = 8.LCID = 0x0..class constants:..Disp_bp =2 # from enum bolt_pl_type..Load_bp =0 # from enum bolt_pl_type..Strain_bp
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):30633
                                                                                                                              Entropy (8bit):4.688010115276433
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:8JOtiIudxEUwi5rDL676yV12rPd34ZomzM2FR+qWi9vlKM1zJlFvmNz5VrlkTS0x:kOqv7FgixMFzMqd9TzJlFvAfxk1rt
                                                                                                                              MD5:752110777ECD9E72B16DF0E59C1E0019
                                                                                                                              SHA1:CB1BD57EC2694EE4ADFA1C544310A2505D513179
                                                                                                                              SHA-256:F724F1AFBA40A8CC374CBB3E20495BFE142B998B97D8F16F420FA307D2A4D402
                                                                                                                              SHA-512:D2358E17C2AFCFB813D50D841FD6B7ECCB4FD739D762BCBEF486E4F3F51949BB232DF54C6E8AAD5062F8D8B65B53E25298CD22E709B2767C193F084317234E96
                                                                                                                              Malicious:false
                                                                                                                              Preview:================================. The PyInstaller licensing terms.================================. ..Copyright (c) 2010-2021, PyInstaller Development Team.Copyright (c) 2005-2009, Giovanni Bajo.Based on previous work under copyright (c) 2002 McMillan Enterprises, Inc....PyInstaller is licensed under the terms of the GNU General Public License.as published by the Free Software Foundation; either version 2 of the License,.or (at your option) any later version....Bootloader Exception.--------------------..In addition to the permissions in the GNU General Public License, the.authors give you unlimited permission to link or embed compiled bootloader.and related files into combinations with other programs, and to distribute.those combinations without any restriction coming from the use of those.files. (The General Public License restrictions do apply in other respects;.for example, they cover modification of the files, and distribution when.not linked into a combined executable.). . .Bootlo
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4
                                                                                                                              Entropy (8bit):1.5
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                              Malicious:false
                                                                                                                              Preview:pip.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7085
                                                                                                                              Entropy (8bit):4.9957444506690605
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:IIc5PvuP4fKw2gOMiwMgbe+GXBp9oL02zxWh1:SSw2gdiDgbe5X5ohzIh1
                                                                                                                              MD5:5B10EE756C1BD9627406F7FF73F9C4C9
                                                                                                                              SHA1:45600E98EEDD4454DF1EC97C410538933391A0A2
                                                                                                                              SHA-256:A2FC6C1CB09B2C34055977B451D4AC013DA6060F8BC0C5827513B7CB163E4E87
                                                                                                                              SHA-512:5C7E4D45E4A2B437D2C807F150A81C469DC16459515CB766789F051D12066BD278D63DCD3456EC31EE21AE8E003542F41482E5457AC838306FA6938F361F4852
                                                                                                                              Malicious:false
                                                                                                                              Preview:Metadata-Version: 2.1.Name: pyinstaller.Version: 4.7.Summary: PyInstaller bundles a Python application and all its dependencies into a single package..Home-page: http://www.pyinstaller.org/.Author: Hartmut Goebel, Giovanni Bajo, David Vierra, David Cortesi, Martin Zibricky.License: GPLv2-or-later with a special exception which allows to use PyInstaller to build and distribute non-free programs (including commercial ones).Keywords: packaging, app, apps, bundle, convert, standalone, executable,pyinstaller, cxfreeze, freeze, py2exe, py2app, bbfreeze.Platform: UNKNOWN.Classifier: Development Status :: 6 - Mature.Classifier: Environment :: Console.Classifier: Intended Audience :: Developers.Classifier: Intended Audience :: Other Audience.Classifier: Intended Audience :: System Administrators.Classifier: License :: OSI Approved :: GNU General Public License v2 (GPLv2).Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: Micr
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:CSV text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):56351
                                                                                                                              Entropy (8bit):5.587346212749625
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:5HrJoLAoGM2q4kLDsJHVd4IXoe/V9k7lrP22y7Rf+8LLLFjWBveKm7HhMr1T:5HrMAoGM8fxLLFaBr+Bwx
                                                                                                                              MD5:4BC1F6A23BDAECAD5DABF65349CE092F
                                                                                                                              SHA1:E0E2F2B28DF96330D7AE734D2CCEC38A984A8BF7
                                                                                                                              SHA-256:9D21A4E0C16E7580B71B19F983B98B6594970C5A03A306782E8BEB87EAE92E95
                                                                                                                              SHA-512:C22205CB398FB34C4530D411C50FADBD830502F689EDF9159C51F1134F42AB4AB0DA28A85011DB6B0034DD4CF0E03CD388B0020761FB82737E692933D038C90C
                                                                                                                              Malicious:false
                                                                                                                              Preview:../../Scripts/pyi-archive_viewer.exe,sha256=o6OU7DkKkr8Sdvu66_jw16fTraRtiospStchA1ckxNQ,106379..../../Scripts/pyi-bindepend.exe,sha256=EDaTXSU8Bxmt_E2_n3ivFfQd-W85rS8Y25rGaA8feUM,106374..../../Scripts/pyi-grab_version.exe,sha256=E-uejbElzmb6n94GmKMjCAGVAK-cIZ_EfSH1ZIKpMk0,106377..../../Scripts/pyi-makespec.exe,sha256=T1wrVHTeiT6jHWSpFuqiaxkQjENwhN0TzQ0BgpKm6js,106373..../../Scripts/pyi-set_version.exe,sha256=jBhuXtYdrY4bKXHdf5rR2wL6PHNENlRhCYZfbgxm1c8,106376..../../Scripts/pyinstaller.exe,sha256=9jUvC_YKcg5W2UnJ7HUEASDurME4aFp1h7plAfCo5OM,106358..PyInstaller/__init__.py,sha256=06e1GnGNJKgI_DNQJUnM4L3Ibey6PBj3qUzgevsYc4E,2995..PyInstaller/__main__.py,sha256=z5FJKeUWmlAhAukF--sDK-etA_qtJtoG0HEqVsU03PY,4458..PyInstaller/__pycache__/__init__.cpython-37.pyc,,..PyInstaller/__pycache__/__main__.cpython-37.pyc,,..PyInstaller/__pycache__/_recursion_to_deep_message.cpython-37.pyc,,..PyInstaller/__pycache__/_shared_with_waf.cpython-37.pyc,,..PyInstaller/__pycache__/compat.cpython-37.pyc,,..PyInst
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):98
                                                                                                                              Entropy (8bit):4.934591871601823
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:RtEeX7MWcSlViYHgP+tPCCfA5TLn:RtBMwlViYAWBBULn
                                                                                                                              MD5:875AEC14686612CAECFE6724CECBB6F3
                                                                                                                              SHA1:A79CDD3FEB11065F2DEBA17CF5F09BB3539F587D
                                                                                                                              SHA-256:5A813CE25161CE9979905A0E59E38A52BEBB975A3D73D4E27BC71CC45426CC15
                                                                                                                              SHA-512:EC0F4E63A0010C2F0854D340835A20AF0E9522B2A1F870BC2973CFB070AD336D46DBA83DD3B28BAC9CBAAB0E8C5052476FC374A5ED762D825E4D68C3E95F6022
                                                                                                                              Malicious:false
                                                                                                                              Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.0).Root-Is-Purelib: true.Tag: py3-none-win_amd64..
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):361
                                                                                                                              Entropy (8bit):4.532364994515823
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:1VkKXL0DjyXLfUynXLEB85AQFXLHHVtAcRNnXLAX2OXFnXLLMMn:1qKXIyXLpXg4hX7VtdFXsX2OXFnXMM
                                                                                                                              MD5:E1773209C0AB0B0402725B5776B57AFF
                                                                                                                              SHA1:AC23E47ED2047EED17058116BE2E02D93B6EEF25
                                                                                                                              SHA-256:1EF5246366023F170942310D9E04650C4B666257FFA967A01B5FF0BFF27DF463
                                                                                                                              SHA-512:95DFC681D676A6D8F49CD8A65EA40B4A8C21BB62DB9075ABE3EB8B20EB5EC4D72C1E4C86DA0A94C5010156FB93BEC96DBD50E127091B7B559A91B6EB29BBB534
                                                                                                                              Malicious:false
                                                                                                                              Preview:[console_scripts].pyi-archive_viewer = PyInstaller.utils.cliutils.archive_viewer:run.pyi-bindepend = PyInstaller.utils.cliutils.bindepend:run.pyi-grab_version = PyInstaller.utils.cliutils.grab_version:run.pyi-makespec = PyInstaller.utils.cliutils.makespec:run.pyi-set_version = PyInstaller.utils.cliutils.set_version:run.pyinstaller = PyInstaller.__main__:run..
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12
                                                                                                                              Entropy (8bit):3.418295834054489
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:rLWTXvn:f8Xvn
                                                                                                                              MD5:0A28E8E758F80C4B73AFD9DBEF9F96DD
                                                                                                                              SHA1:10072E4EC58C0E15D5A62FD256AC9D7BC6A28BCB
                                                                                                                              SHA-256:1AE466BD65C64D124D6262B989618E82536FE0BDDBCBB60A68488AC9C359E174
                                                                                                                              SHA-512:38D7A1B6198701708F90750C9D82390A150972FB898FC91C825FF6F6FE2A560B3BCC381A388BB7FE5DFAE63550BEC2A6A7CFED1390E620A5B2A559726C1439E5
                                                                                                                              Malicious:false
                                                                                                                              Preview:PyInstaller.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3750400
                                                                                                                              Entropy (8bit):6.38452085791436
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:7DzZzvrVmDSL8Xq4af1TX4xElJec7w567ygSPJMPgaU4AOfKUIi7bH1uMEn2PR0q:3+uY67z9PV+ifHoMEkw5gU
                                                                                                                              MD5:0B321720D7FB6769EC046F2060BA1747
                                                                                                                              SHA1:3D2A45C42F3EBEDB9D7175385EE48B7C808FE3A5
                                                                                                                              SHA-256:E57FE2C5A107DF01FCFFE1F3753E0E670C9F1623A77CAB5A2B1D3C8DAC1C8CEE
                                                                                                                              SHA-512:736AFE1BBBE9D62B6F3117748C8D712C84BA887DE44F2ECD25D22938CE7765160B50EAA6183EA54767F0CFF4B28D2E3CA9653D737D0CDDF5EFDC07296C22BE8E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................<...........Pxh......................................A......A......A.P....A......Rich...................PE..d...e:.^.........." .....X.... ..............................................0<...........`................................................_/.|.....;...... :..t............;..q......T............................................p...............................text....V.......X.................. ..`.rdata..|....p.......\..............@..@.data........./......p/.............@....pdata...t... :..v...H7.............@..@.rsrc.........;.......8.............@..@.reloc...q....;..r....8.............@..B........................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):553984
                                                                                                                              Entropy (8bit):6.0181092286360505
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:AYw97hNdZ/SGkNWPlm3dzbuuns/KerI2FDmDAOOx2fhpdVmRyI5Rp:AYw9tRSbNWPlm3Rbuus/nN3OOxCpd8X
                                                                                                                              MD5:849F058368594851067CA4D66AB798F7
                                                                                                                              SHA1:3A98DBAA96FD1D2AB504B0A7B293CEF331A9D75B
                                                                                                                              SHA-256:B61B662A84F6319EA96A772A935D1A4AE53066633AD2C6A4B2EAB7379E8F9CA6
                                                                                                                              SHA-512:3E5EC25B32323234563521A80589DBC2DDF47BF1E41C64B46AB79D6310D6E67CDFAA86F8F724272B4DB53524CF1846FE8A79DC83CB62D4C59CAD92F36E2715F6
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q...5y..5y..5y..<.[.?y...'..7y...'..7y...'..!y...'..=y..'..7y..F...8y.....7y..F...<y..5y..zx..'..dy..'..4y..'..4y..Rich5y..................PE..d....^a.........." .....:...6......D*.......................................P............`.............................................<c...^....... ..\........o...........0..`.......T...........................0................P...............................text....9.......:.................. ..`.rdata..T9...P...:...>..............@..@.data............h...x..............@....pdata...o.......p..................@..@.gfids..4............P..............@..@.rsrc...\.... .......R..............@..@.reloc..`....0.......V..............@..B........................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):140800
                                                                                                                              Entropy (8bit):5.987055904018142
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:Go4Bkam7M2ErYrrC0bj4aHTekc7Z+Swv4umOI902:ZrasM2sYrrC0QEJcUSU4WA
                                                                                                                              MD5:434A764376DE842F3D7F14FB75118E57
                                                                                                                              SHA1:3B08873036C39CCFE53DE16D042F39E7BC04F62F
                                                                                                                              SHA-256:BE40E63282D1F4F1530082C790D777342A99CE621C14EB8B164F710AFC197A5A
                                                                                                                              SHA-512:0C29AE38FCF96FC01F80ABD0A8F095F805B4D0D7243251EE5C6F4EBC8CB547A035EB800C9B298F36058363D321778283F0B1C5ED4CE5BD18C714C584A89FAF0E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............%..........b.q...............................f.................#...V....V......V......Rich............PE..d.....^a.........." .........>............................................................`..............................................H...........`..d....0...............p.......i..T............................i..................`............................text............................... ..`.rdata..............................@..@.data...h0.......0..................@....pdata.......0......................@..@.gfids..4....P......................@..@.rsrc...d....`......................@..@.reloc.......p......."..............@..B................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19456
                                                                                                                              Entropy (8bit):5.505497635913107
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:oA8qjTtQTdi1KBetrJnaOiJcENuqn2WB0fga0sjKIJqG:ojqco0BInwtuqn2Ms0IKIJqG
                                                                                                                              MD5:E8053A5A65430A7C3357A302B28FBAF0
                                                                                                                              SHA1:6C116AF8E0B48EB49CD7000FEFD9524A60BF65FF
                                                                                                                              SHA-256:CCA658B8910E42EC788572A0645984F4B0546880BAA9487D12A7E0F1ECF01BCD
                                                                                                                              SHA-512:09D9BF2F15BE064201E8B0FA34AA2D916966B34557F0E38051F7628411DC159128C168D4C15DAC1D969E0E55E401B7431A4BBF120911DB36C4FDBBF103463BC1
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>..z..z..z..s.#.x..(...x..(...q..(...r..(...y......x.........z..D......{......{....O.{......{..Richz..................PE..d...{:.^.........." .........0............................................................`..........................................:..L....:..x....p.......`..................,... 3..T............................3...............0...............................text............................... ..`.rdata.......0......."..............@..@.data...x....P.......6..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............J..............@..B........................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3512
                                                                                                                              Entropy (8bit):5.0211191324814575
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:DP2+yHhMI9vU13/lUzHL8aFKWB7aE4pwTMeLkMi:OtmPlUzy3wTa
                                                                                                                              MD5:E1AE683106595DE914CD6E5913A30502
                                                                                                                              SHA1:F66FFEBB7DD0B228BFFA5062B6A70F3B2844E66F
                                                                                                                              SHA-256:0E2CE6EBCC3DEE124058EE5601AEE15A972593587205B8AB3069F85A46DD3EFF
                                                                                                                              SHA-512:A71488C3F64192F5CD2DF767B1F5AC2A08FC52B63ED34185DE8B62A4D6ED3794BF4C4DA044BFF012A6B2D2F06BDF8BDBDEAA9E5C343D43C9D7EF74A1784906C1
                                                                                                                              Malicious:false
                                                                                                                              Preview:Metadata-Version: 2.1..Name: setuptools..Version: 58.0.4..Summary: Easily download, build, install, upgrade, and uninstall Python packages..Home-page: https://github.com/pypa/setuptools..Author: Python Packaging Authority..Author-email: distutils-sig@python.org..License: UNKNOWN..Project-URL: Documentation, https://setuptools.readthedocs.io/..Keywords: CPAN PyPI distutils eggs package management..Platform: UNKNOWN..Classifier: Development Status :: 5 - Production/Stable..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: MIT License..Classifier: Programming Language :: Python :: 3..Classifier: Programming Language :: Python :: 3 :: Only..Classifier: Topic :: Software Development :: Libraries :: Python Modules..Classifier: Topic :: System :: Archiving :: Packaging..Classifier: Topic :: System :: Systems Administration..Classifier: Topic :: Utilities..Requires-Python: >=3.6..Provides-Extra: testing..Provides-Extra: docs..Provides-Extra: ssl..Provides-Extr
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12354
                                                                                                                              Entropy (8bit):4.393841576001401
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:8n4It+mUewdmvKRNJUE6n0QiKit9Bc8TspXzBoznIkOIXhh0SZol9ccvkH8US+O/:8n4It+mUewdmvKRNJUE6n0QiKit9Bc8S
                                                                                                                              MD5:C5B11122B1CF9141FCD89FCB63FA0CC1
                                                                                                                              SHA1:19DB0C55D9E9D65701BDCC075D82934227E346EF
                                                                                                                              SHA-256:4FF2DB7F97964D864CE509FFC6B76D10EF884006CDDCA1D3A92FCB8F67C350FC
                                                                                                                              SHA-512:05F4F9FDD0FA5D14CD70F994813150DDB977DEF9B19150573F1AB53B28AC63164DA0A133A8DC99682AB49BE83843A8EE2D2A1128BDECC1161EB0C693B17D982E
                                                                                                                              Malicious:false
                                                                                                                              Preview:CHANGES.rst.LICENSE.MANIFEST.in.README.rst.bootstrap.py.conftest.py.launcher.c.msvc-build-launcher.cmd.pavement.py.pyproject.toml.pytest.ini.setup.cfg.setup.py.towncrier_template.rst.tox.ini._distutils_hack/__init__.py._distutils_hack/override.py.changelog.d/.gitignore.changelog.d/README.rst.docs/build_meta.rst.docs/conf.py.docs/history.rst.docs/index.rst.docs/pkg_resources.rst.docs/python 2 sunset.rst.docs/roadmap.rst.docs/setuptools.rst.docs/deprecated/distutils-legacy.rst.docs/deprecated/easy_install.rst.docs/deprecated/functionalities.rst.docs/deprecated/index.rst.docs/deprecated/python_eggs.rst.docs/deprecated/distutils/_setuptools_disclaimer.rst.docs/deprecated/distutils/apiref.rst.docs/deprecated/distutils/builtdist.rst.docs/deprecated/distutils/commandref.rst.docs/deprecated/distutils/configfile.rst.docs/deprecated/distutils/examples.rst.docs/deprecated/distutils/extending.rst.docs/deprecated/distutils/index.rst.docs/deprecated/distutils/introduction.rst.docs/deprecated/distuti
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:very short file (no magic)
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:v:v
                                                                                                                              MD5:68B329DA9893E34099C7D8AD5CB9C940
                                                                                                                              SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                                                                                                                              SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                                                                                                                              SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                                                                                                                              Malicious:false
                                                                                                                              Preview:.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2636
                                                                                                                              Entropy (8bit):4.537672046416617
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:+MsTUR572Ku3ky1QchLtoZ+kMySDZZdmRxmgidTFLaelXdcEcijVbxS9djdh2PhN:l9Zvy3g6ySDsm90rZh2Phv4hhpTqToq
                                                                                                                              MD5:57379A87F47EA4C2646046CE29BCC753
                                                                                                                              SHA1:E339BE8333DA128C7E1BCF193BD8D61D511DE75D
                                                                                                                              SHA-256:C299E12EB6EDCA4E21675A820B0E3C7024B1A103F350B32122E685AAC07B1B14
                                                                                                                              SHA-512:EDF64E3354C7C5E07461658894DCB82FECD71B9A1DAC7FAAD6BAB378C43111D4349FAE6DC7FCE87D0F50099E55CB835431F2364A988067A46EEEC8BB81ADA319
                                                                                                                              Malicious:false
                                                                                                                              Preview:[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveopts = setuptools.command.saveopts:saveopts.sdist = setuptools.command.sdist:sdist.setopt = setuptools.command.setopt:setopt.test = setuptools.command.test:test.upload_docs = setuptools.comman
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):478
                                                                                                                              Entropy (8bit):4.9834561053482
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:gV3EjX101jLuywqv6NpG7y2S1u0lFTzKgECZvmvXdC5l:gVXLway2KzKDtC5l
                                                                                                                              MD5:65D1D86E3F7373906D09CDCE4AAE7C4A
                                                                                                                              SHA1:CF6376EA426A5385096760B4B006CE0810482D51
                                                                                                                              SHA-256:4DFCBE4D11FB7799ECD623A17DCA30D4AFB3DAF3907580E79B56FCBDF4C262BD
                                                                                                                              SHA-512:574BBF48E8C6A8303D609278927B184D8A75B1BE6BA164D82C0DADBEF5113FF74A31EEA7F1AEAFB216BC438763C9BA76CB4ACAD64DD0773CCC3EDB6E66122D89
                                                                                                                              Malicious:false
                                                                                                                              Preview:.[certs]..[docs].sphinx.jaraco.packaging>=8.2.rst.linker>=1.9.jaraco.tidelift>=1.4.pygments-github-lexers==0.0.5.sphinx-inline-tabs.sphinxcontrib-towncrier.furo..[ssl]..[testing].pytest>=4.6.pytest-checkdocs>=2.4.pytest-flake8.pytest-cov.pytest-enabler>=1.0.1.mock.flake8-2020.virtualenv>=13.0.0.pytest-virtualenv>=1.2.7.wheel.paver.pip>=19.1.jaraco.envs.pytest-xdist.sphinx.jaraco.path>=3.2.0..[testing:platform_python_implementation != "PyPy"].pytest-black>=0.3.7.pytest-mypy.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):41
                                                                                                                              Entropy (8bit):3.9115956018096876
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:3Wd+Nt8AfQYv:3Wd+Nttv
                                                                                                                              MD5:789A691C859DEA4BB010D18728BAD148
                                                                                                                              SHA1:AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249
                                                                                                                              SHA-256:77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
                                                                                                                              SHA-512:BC2F7CAAD486EB056CB9F68E6C040D448788C3210FF028397CD9AF1277D0051746CAE58EB172F9E73EA731A65B2076C6091C10BCB54D911A7B09767AA6279EF6
                                                                                                                              Malicious:false
                                                                                                                              Preview:_distutils_hack.pkg_resources.setuptools.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1016584
                                                                                                                              Entropy (8bit):6.669319438805479
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:VkmZDEMHhp9v1Ikbn3ND0TNVOsIut8P4zmxvSZX0yplkA:mmZFHhp9v1Io3h0TN3pvkA
                                                                                                                              MD5:0E0BAC3D1DCC1833EAE4E3E4CF83C4EF
                                                                                                                              SHA1:4189F4459C54E69C6D3155A82524BDA7549A75A6
                                                                                                                              SHA-256:8A91052EF261B5FBF3223AE9CE789AF73DFE1E9B0BA5BDBC4D564870A24F2BAE
                                                                                                                              SHA-512:A45946E3971816F66DD7EA3788AACC384A9E95011500B458212DC104741315B85659E0D56A41570731D338BDF182141C093D3CED222C007038583CEB808E26FD
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..l9F.l9F.l9F...F.l9F.l8F.l9F...F.l9F..9G.l9F..:G.l9F..<G.l9F..7G.n9F..=G.l9F...F.l9F..;G.l9FRich.l9F........PE..d.....}X.........." .........`............................................................`A................................................p......................F...=......p...PX..T............................'...............O...............................text............................... ..`.rdata..<u.......v..................@..@.data....$...........r..............@....pdata.............................@..@.rsrc................4..............@..@.reloc..p............:..............@..B................................................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1065472
                                                                                                                              Entropy (8bit):5.310590268235131
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:Oe4YbeoEYa6l0SYxdtHcQJ9wEI+V/IFx7agsSJNzkRoEV+5PmrZ6A:Oe4BN6axHchr+VUx7agnNcM5oR
                                                                                                                              MD5:6CADC4EAC6F8EBE2342F8E8491A59E78
                                                                                                                              SHA1:3F4F97606A1A18D0F9B77787A220B783D6FB06E7
                                                                                                                              SHA-256:8CEC0C1CBAA7A66BE6C322EB76AF94BFD4B4F9C928558964580926910E92CDE1
                                                                                                                              SHA-512:3508AC373853309DEEA4BBA4C6AB611A302F9CF541B39EEF89E24B648FD3A7FE93EE39380EFD7D2FE8B8EA3B0E5471BBF49AB668D413AA53171A899AE01E5F0F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|.w..`$..`$..`$.e.$..`$.ua%..`$.ue%..`$.ud%..`$.uc%..`$.ta%..`$.{a%..`$..a$..`$.tm%..`$.t`%..`$.t.$..`$.tb%..`$Rich..`$........................PE..d...z:.^.........." .....@...........5....................................................`..........................................a..X....b.......`.......P...............p......`u..T............................u...............P..8............................text...y?.......@.................. ..`.rdata.......P.......D..............@..@.data........p.......`..............@....pdata.......P......................@..@.rsrc........`.......6..............@..@.reloc.......p.......@..............@..B................................................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2509
                                                                                                                              Entropy (8bit):4.850708878119149
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:DEM3Cnd+p8d+pT8ep11UKd+dt6Ol1AwrzztjaaxLiPktzCN:DEMyQPdf11Uzdt67YzztjaaxmPktWN
                                                                                                                              MD5:013D4E3517B9FB5F6211A69E22C61B39
                                                                                                                              SHA1:1558AD85EAA301CC5ADEBD0838C31D33BBD38E69
                                                                                                                              SHA-256:C47470670BDA24ED2790B35FF29DA72227319CFAFA2A4FC156398C5F183E40CC
                                                                                                                              SHA-512:7AFD725C4D180F78C54707CED28E1EE95D4FB1A89F4535E306B874B2487A935BD4D7AEF3EF72E0804296EE62E4BFC82EF557E713BD5939C70C0DD4B442D2E1B9
                                                                                                                              Malicious:false
                                                                                                                              Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.37.0.Summary: A built-package format for Python.Home-page: https://github.com/pypa/wheel.Author: Daniel Holth.Author-email: dholth@fastmail.fm.Maintainer: Alex Gr.nholm.Maintainer-email: alex.gronholm@nextday.fi.License: MIT.Project-URL: Documentation, https://wheel.readthedocs.io/.Project-URL: Changelog, https://wheel.readthedocs.io/en/stable/news.html.Project-URL: Issue Tracker, https://github.com/pypa/wheel/issues.Description: wheel. =====. . This library is the reference implementation of the Python wheel packaging. standard, as defined in `PEP 427`_.. . It has two different roles:. . #. A setuptools_ extension for building wheels that provides the. ``bdist_wheel`` setuptools command. #. A command line tool for working with wheel files. . It should be noted that wheel is **not** intended to be used as a library, and. as such there is no stable,
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2090
                                                                                                                              Entropy (8bit):4.605322895728616
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:30QZ8Eei6+fheJJu8VMMYGpicBgfdQSGOQT8pB7X5uF/xgoslZRNOmWAF4g:pX6+f0JXVMMJpYbMT8pB7X5uF/yRNOmB
                                                                                                                              MD5:5032B8E991D38A3A077A2F26DC414395
                                                                                                                              SHA1:097E8E4BC833373960A4BAB3B7E1AF958409D40E
                                                                                                                              SHA-256:606545593A15C5CB56FB6F6D17778E78BA0E7404AF722C4BC0D33F31E4F067B4
                                                                                                                              SHA-512:2C42CF9D82289546D7E071224560412FB4050B255CE37613E7CDFD2ABBC787E7C431D880BE51030C7EF525A869F788D2F8A6AD1DC6A7E832FE576F083AF0B507
                                                                                                                              Malicious:false
                                                                                                                              Preview:LICENSE.txt.MANIFEST.in.README.rst.setup.cfg.setup.py.tox.ini.docs/Makefile.docs/conf.py.docs/development.rst.docs/index.rst.docs/installing.rst.docs/make.bat.docs/news.rst.docs/quickstart.rst.docs/story.rst.docs/user_guide.rst.docs/reference/index.rst.docs/reference/wheel_convert.rst.docs/reference/wheel_pack.rst.docs/reference/wheel_unpack.rst.manpages/wheel.rst.src/wheel/__init__.py.src/wheel/__main__.py.src/wheel/bdist_wheel.py.src/wheel/macosx_libfile.py.src/wheel/metadata.py.src/wheel/pkginfo.py.src/wheel/util.py.src/wheel/wheelfile.py.src/wheel.egg-info/PKG-INFO.src/wheel.egg-info/SOURCES.txt.src/wheel.egg-info/dependency_links.txt.src/wheel.egg-info/entry_points.txt.src/wheel.egg-info/not-zip-safe.src/wheel.egg-info/requires.txt.src/wheel.egg-info/top_level.txt.src/wheel/cli/__init__.py.src/wheel/cli/convert.py.src/wheel/cli/pack.py.src/wheel/cli/unpack.py.src/wheel/vendored/__init__.py.src/wheel/vendored/vendor.txt.src/wheel/vendored/packaging/__init__.py.src/wheel/vendored/pa
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:very short file (no magic)
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:v:v
                                                                                                                              MD5:68B329DA9893E34099C7D8AD5CB9C940
                                                                                                                              SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                                                                                                                              SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                                                                                                                              SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                                                                                                                              Malicious:false
                                                                                                                              Preview:.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):108
                                                                                                                              Entropy (8bit):4.342039869160156
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:1SSAsVYgh+MWTMhk6WjwVM5t5ln:1rb9WTMhk9jSM5t5ln
                                                                                                                              MD5:7AB099DD08D127FFF9A98B12A6B127E0
                                                                                                                              SHA1:8454C246D5A924CC6A13F5BFA188468E00F4D179
                                                                                                                              SHA-256:37C1DB605493DF2ACD418781DB05D60443D4845B04B4A3513DA0851893F2AB27
                                                                                                                              SHA-512:866EAFE67528CE8B692F474E7883BF776644CD41D13220D9C7F9446F7E325104C2F4ABF9B08701E470423756511D452885DFA1B875D4661D3472BC2002C28492
                                                                                                                              Malicious:false
                                                                                                                              Preview:[console_scripts].wheel = wheel.cli:main..[distutils.commands].bdist_wheel = wheel.bdist_wheel:bdist_wheel..
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:very short file (no magic)
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:v:v
                                                                                                                              MD5:68B329DA9893E34099C7D8AD5CB9C940
                                                                                                                              SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                                                                                                                              SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                                                                                                                              SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                                                                                                                              Malicious:false
                                                                                                                              Preview:.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.801377452429548
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Pv2ACLvFZv:P+3LNZv
                                                                                                                              MD5:724F50C8C1C6A4C88E5B990863D1633B
                                                                                                                              SHA1:90AE910F6043E3CAA35CB21C4CA198063E6583C2
                                                                                                                              SHA-256:ED39738D628F8C7AD4A82BA62AE1B32F2FB9EC2BF5B3B7121EAEA76A31FCCEEB
                                                                                                                              SHA-512:62038B1DC34A2ABF0BBEA5B943A9B4E2C3A6CD87ADEB74F100ABF092AFBD658AAFFB0C41BB588ED6286954985F3D3298B70E4AB3B9C5DF8A6FC9CA8D4905570A
                                                                                                                              Malicious:false
                                                                                                                              Preview:.[test].pytest>=3.0.0.pytest-cov.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):6
                                                                                                                              Entropy (8bit):2.2516291673878226
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:/sv:/sv
                                                                                                                              MD5:EF72659542687B41FB1A4225120F41FA
                                                                                                                              SHA1:3EF6EE742B2E851DEA1F754CE60A1FC222194799
                                                                                                                              SHA-256:1F148121B804B2D30F7B87856B0840EBA32AF90607328A5756802771F8DBFF57
                                                                                                                              SHA-512:A16A6E11367C986B2A7B38C491943B28F402081D3E2D41474C9E61BE44941133E87CB821750AD27A1E46FA2AFF9F93B8584C37247BDE219ABAC12D3D6EE4477C
                                                                                                                              Malicious:false
                                                                                                                              Preview:wheel.
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):134144
                                                                                                                              Entropy (8bit):5.858010824218087
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:tEbA11dsVC7lL1r2HBshsvZS1VpqruQrRuTnr6te:e8LCVClsvZS1Vpiu9rr6
                                                                                                                              MD5:D289BE077374950786DB41B6C70FA597
                                                                                                                              SHA1:8C670C69795282121505D48535FB3E3EB50113CC
                                                                                                                              SHA-256:0202887D73AAFCD28B9CF391F5E3A20D133C797667E92D8F377E293BA8E6E56B
                                                                                                                              SHA-512:DF596FFDD63BBA34299DCF7B4EE31A70288C3E92B1A68F5878DFBBE598BC1A1745110133F4CABB24430D72AFB2A659DD7F6AA333F7907D1A1D74C3097313E5E8
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A$.. JU. JU. JU.X.U. JU.~KT. JU.~IT. JU.~NT. JU&~KT. JU.IKT. JU.~OT. JU.BKT. JU. KU.!JU&~OT. JU&~JT. JU&~HT. JURich. JU........................PE..d....^a.........." ................H........................................`............`.........................................p................@..T....................P.......~..T...........................`}............... ..........@....................text............................... ..`.rdata..@.... ......................@..@.data....#......."..................@....pdata..............................@..@.gfids..4....0......................@..@.rsrc...T....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):34304
                                                                                                                              Entropy (8bit):5.557152422846862
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:/5ZfD6BQ4JZMfzCYOUil+h/o5+S4m3Rf7nM+YAi5AuwsaI1oeCHf6TqpeQxgbIIE:BdEfg+YOOHM57nTi5B91tWSWRyrMqa
                                                                                                                              MD5:69E6B7F7AE8AEB91DEB71B699D796183
                                                                                                                              SHA1:EB110BEB34F727CF49F68DCECA4B8FB909618994
                                                                                                                              SHA-256:34595A1F13C006138CF39F425B406FC57C89ACA9FD3A6F9F3160CED49DF67C23
                                                                                                                              SHA-512:245415998221F52B51A76ACA3688DDA7B2634AE6A98491A36BF373280640653BE21BC6AF4E629127DA3920DFDB243B799352ED9494BA6FEB85F1C09451191F33
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Pi..............p#...../V......gj....../V....../V....../V.......V.......a..........G....V.......V.......V......Rich............PE..d.....^a.........." .....<...F......(>....................................................`......................................... v..P...pv..........T.......|....................g..T............................h...............P...............................text...e;.......<.................. ..`.rdata..r2...P...4...@..............@..@.data................t..............@....pdata..|............x..............@..@.gfids...............~..............@..@.rsrc...T...........................@..@.reloc..............................@..B........................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22528
                                                                                                                              Entropy (8bit):5.155295125006806
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:0obQrZmrT5Cb5P1h0g83rU8hx9utvUgxBH3Ndu1Bq:0eQsTH9uxBH3NdQB
                                                                                                                              MD5:F2C36C1C11E358242F33A721C5C7BD70
                                                                                                                              SHA1:511A7C0CF7156B9A02A1E5D4E5F119D957448298
                                                                                                                              SHA-256:F8A6605ACEE8187FCE6203B6D883CCB7269199FFFA358E859A487844B7A45958
                                                                                                                              SHA-512:C88F0DEDD1553F00B3995B67301D1F3E9E80CD212CE00F93AB8268FCE1F0DA40A71AE8717130DAC180C94405B8767A43A1482B6C5C886810871576696DBD17C6
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................"..........................................................Rich....................PE..d....^a.........." .....&...........'....................................................`.........................................`P..T....P..........\....p..`...............x....H..T........................... I...............@..x............................text....$.......&.................. ..`.rdata..F....@.......*..............@..@.data........`.......F..............@....pdata..`....p.......L..............@..@.gfids...............P..............@..@.rsrc...\............R..............@..@.reloc..x............V..............@..B................................................................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1425408
                                                                                                                              Entropy (8bit):5.316983168597219
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:oOG6XUGi9OfTYqjZ6/OUdYUsv2y9wKdkTRJYv:oOGMUZrNsvlwV
                                                                                                                              MD5:54538710E4EE5A7CB2D1D0623B2690E6
                                                                                                                              SHA1:3BAA5F9FD15F5748CD98964757FA654C8B74B723
                                                                                                                              SHA-256:08C612C0F79EB0061B2054453658DD1069019385833372A65E4710D2E0F4E56C
                                                                                                                              SHA-512:2EBA70CA5B7B8861745A1EC95EAB1D83340C92DB2E450917FA59FD6F54D4BC3CF3071EFA546FE5E946430F2AF230458CDFECE411C27C81C10B7CEC4E06FF80FB
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........".G.C...C...C...;C..C.......C...!...C.......C.......C.......C.......C..8*...C...C..YF.......C.......C..../..C.......C..Rich.C..................PE..d.....^a.........." .....n...N......(........................................p............`..........................................Q...T......h............ ..T...............H]......T.......................(...p...................`0...........................text....m.......n.................. ..`.rdata..Zx.......z...r..............@..@.data...............................@....pdata..T.... ......................@..@.gfids..@............D..............@..@.tls.................F..............@....rsrc................H..............@..@.reloc..H].......^...b..............@..B................................................................................................................................................
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4
                                                                                                                              Entropy (8bit):2.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:qn:qn
                                                                                                                              MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                              SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                              SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                              SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                              Malicious:false
                                                                                                                              Preview:blat
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):176
                                                                                                                              Entropy (8bit):4.713840781302666
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                              MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                              SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                              SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                              SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                              Malicious:false
                                                                                                                              Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..
                                                                                                                              Process:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11
                                                                                                                              Entropy (8bit):2.9139770731827523
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:DR:DR
                                                                                                                              MD5:7D60C03264BFC8080355775EF16397EA
                                                                                                                              SHA1:713B57F2F873E930C1FDAF17718749FCDF212961
                                                                                                                              SHA-256:48BA2619D546477FD8624E27AFEA42F6CD0A72B1C5435F8B5D40CC082ADBD81C
                                                                                                                              SHA-512:00A341DAD0CA02B65B19A9122F242388F6503E382A90651A21B6A16D8867D1D09149C292B0DB8E85A23EB941120749E6853A0392D756DE0141FC4006A847CACB
                                                                                                                              Malicious:false
                                                                                                                              Preview:..K....}q..
                                                                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                              Entropy (8bit):7.996991286689777
                                                                                                                              TrID:
                                                                                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                              • DOS Executable Generic (2002/1) 0.92%
                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                              File name:Animate Lift.exe
                                                                                                                              File size:23'826'598 bytes
                                                                                                                              MD5:c3a120e27e1a36ce94e1558d2255d5e5
                                                                                                                              SHA1:b2b70f7eb97c9ad1514a2be4aeab8f2267a9d652
                                                                                                                              SHA256:79929ccfedb1c7612201e874f9fe2e4dd07342fa3ca7827faed045e4c27f5545
                                                                                                                              SHA512:1a93c0777ec5065b95848030583793611f294e64ce89e1435ad3131574a128c5c00137f8509a8ef31ec3401e2907d35b1c8ceb65bb2f6ff496de94177bd7af38
                                                                                                                              SSDEEP:393216:yGuF93c2uAhyfRQP8DwnYq5+cPBd2Wnlh2p+IY9OnhOb7sbLSbmQoSVX:c93cDAhiQP8DwnY2+WBd2WlQpPBh67Ue
                                                                                                                              TLSH:8D37336877C08ED5EC27E43E50A2C404F0BBA2154753FD5F6FA147226F5B388192AEA7
                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@....ip..ip..ip...s..ip...u..ip...t..ip.b....ip.V.u.#ip.V.t..ip.V.s..ip...q..ip..iq..ip...t..ip...r..ip.Rich.ip................
                                                                                                                              Icon Hash:4a464cd47461e179
                                                                                                                              Entrypoint:0x14000a688
                                                                                                                              Entrypoint Section:.text
                                                                                                                              Digitally signed:false
                                                                                                                              Imagebase:0x140000000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0x618AB811 [Tue Nov 9 18:04:01 2021 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:5
                                                                                                                              OS Version Minor:2
                                                                                                                              File Version Major:5
                                                                                                                              File Version Minor:2
                                                                                                                              Subsystem Version Major:5
                                                                                                                              Subsystem Version Minor:2
                                                                                                                              Import Hash:5324ac1e1bceff69ec8d4435c50bfe0e
                                                                                                                              Instruction
                                                                                                                              dec eax
                                                                                                                              sub esp, 28h
                                                                                                                              call 00007FD3C052C23Ch
                                                                                                                              dec eax
                                                                                                                              add esp, 28h
                                                                                                                              jmp 00007FD3C052BBBFh
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              inc eax
                                                                                                                              push ebx
                                                                                                                              dec eax
                                                                                                                              sub esp, 20h
                                                                                                                              dec eax
                                                                                                                              mov ebx, ecx
                                                                                                                              xor ecx, ecx
                                                                                                                              call dword ptr [0001EB1Bh]
                                                                                                                              dec eax
                                                                                                                              mov ecx, ebx
                                                                                                                              call dword ptr [0001EB0Ah]
                                                                                                                              call dword ptr [0001EA7Ch]
                                                                                                                              dec eax
                                                                                                                              mov ecx, eax
                                                                                                                              mov edx, C0000409h
                                                                                                                              dec eax
                                                                                                                              add esp, 20h
                                                                                                                              pop ebx
                                                                                                                              dec eax
                                                                                                                              jmp dword ptr [0001EB00h]
                                                                                                                              dec eax
                                                                                                                              mov dword ptr [esp+08h], ecx
                                                                                                                              dec eax
                                                                                                                              sub esp, 38h
                                                                                                                              mov ecx, 00000017h
                                                                                                                              call dword ptr [0001EAF4h]
                                                                                                                              test eax, eax
                                                                                                                              je 00007FD3C052BD49h
                                                                                                                              mov ecx, 00000002h
                                                                                                                              int 29h
                                                                                                                              dec eax
                                                                                                                              lea ecx, dword ptr [0003F97Ah]
                                                                                                                              call 00007FD3C052BF0Eh
                                                                                                                              dec eax
                                                                                                                              mov eax, dword ptr [esp+38h]
                                                                                                                              dec eax
                                                                                                                              mov dword ptr [0003FA61h], eax
                                                                                                                              dec eax
                                                                                                                              lea eax, dword ptr [esp+38h]
                                                                                                                              dec eax
                                                                                                                              add eax, 08h
                                                                                                                              dec eax
                                                                                                                              mov dword ptr [0003F9F1h], eax
                                                                                                                              dec eax
                                                                                                                              mov eax, dword ptr [0003FA4Ah]
                                                                                                                              dec eax
                                                                                                                              mov dword ptr [0003F8BBh], eax
                                                                                                                              dec eax
                                                                                                                              mov eax, dword ptr [esp+40h]
                                                                                                                              dec eax
                                                                                                                              mov dword ptr [0003F9BFh], eax
                                                                                                                              mov dword ptr [0003F895h], C0000409h
                                                                                                                              mov dword ptr [0003F88Fh], 00000001h
                                                                                                                              mov dword ptr [0003F899h], 00000001h
                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x39dcc0x78.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x500000xf4ec.rsrc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4c0000x2064.pdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x600000x754.reloc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x377600x1c.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x377800x138.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x290000x418.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              .text0x10000x27af00x27c00adf19aba6322140ad25e7d09ebbd8f8eFalse0.5595211772798742data6.483591160090979IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                              .rdata0x290000x11bd60x11c00bc2e18aa7ccde96571b1b18c04235581False0.4998074383802817data5.7434766134684825IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .data0x3b0000x103d80xe00c5fb1d6374b092a66bb3636964318614False0.13141741071428573data1.8097417190078857IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .pdata0x4c0000x20640x2200939f1ce8f0bcc22ceca5a2aab2520970False0.470703125data5.27617271518525IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              _RDATA0x4f0000xf40x200d87e67fb7d2374cf30554b401e20076aFalse0.30859375data1.9890060993636334IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .rsrc0x500000xf4ec0xf600de06b301371d3afd1a04b5b66ea90528False0.8037665142276422data7.555758082136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .reloc0x600000x7540x8001ac3d38858be1c1082b7ae02eb3d5265False0.55908203125data5.254932107703867IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                              RT_ICON0x502080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                              RT_ICON0x510b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                              RT_ICON0x519580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                              RT_ICON0x51ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                              RT_ICON0x5b3ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                              RT_ICON0x5d9940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                              RT_ICON0x5ea3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                              RT_GROUP_ICON0x5eea40x68data0.7019230769230769
                                                                                                                              RT_MANIFEST0x5ef0c0x5deXML 1.0 document, ASCII text, with CRLF line terminators0.42876165113182424
                                                                                                                              DLLImport
                                                                                                                              USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                              COMCTL32.dll
                                                                                                                              KERNEL32.dllGetOEMCP, GetACP, IsValidCodePage, GetFileAttributesExW, FlushFileBuffers, GetCurrentDirectoryW, GetCPInfo, GetEnvironmentStringsW, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, FreeEnvironmentStringsW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetStringTypeW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, GetCommandLineW, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, ReadFile, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindClose, FindFirstFileExW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                              ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                              GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW
                                                                                                                              No network behavior found
                                                                                                                              050100s020406080100

                                                                                                                              Click to jump to process

                                                                                                                              050100s0.0050100150200MB

                                                                                                                              Click to jump to process

                                                                                                                              • File
                                                                                                                              • Registry

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Target ID:0
                                                                                                                              Start time:09:34:43
                                                                                                                              Start date:21/04/2025
                                                                                                                              Path:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Users\user\Desktop\Animate Lift.exe"
                                                                                                                              Imagebase:0x7ff7c6400000
                                                                                                                              File size:23'826'598 bytes
                                                                                                                              MD5 hash:C3A120E27E1A36CE94E1558D2255D5E5
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              Target ID:2
                                                                                                                              Start time:09:34:48
                                                                                                                              Start date:21/04/2025
                                                                                                                              Path:C:\Users\user\Desktop\Animate Lift.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Users\user\Desktop\Animate Lift.exe"
                                                                                                                              Imagebase:0x7ff7c6400000
                                                                                                                              File size:23'826'598 bytes
                                                                                                                              MD5 hash:C3A120E27E1A36CE94E1558D2255D5E5
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              No disassembly